Change the default socket location for pinentry

* lisp/net/pinentry.el: Require 'cl-lib for `cl-letf'. (pinentry--socket-dir): Change the default from /tmp/emacsXXX to ~/.emacs.d/pinentry. (pinentry-start): Change the file modes of the socket file to 0700. This is just for extra safety since the parent directory is already protected with `server-ensure-safe-dir'.
author: Daiki Ueno 2016-02-22 06:06:50 +0900
committer: Daiki Ueno 2016-02-22 06:17:29 +0900
commit: e34fbdee8aca84b98393b06b2450837d175999ca (patch)
tree: e185601c1584540ca75f7f47aec903acee1e9b49
parent: 5f8965839d573032fc02be1298f37899cf61862d (diff)
download: emacs-e34fbdee8aca84b98393b06b2450837d175999ca.tar.gz
emacs-e34fbdee8aca84b98393b06b2450837d175999ca.zip
1 files changed, 20 insertions, 21 deletions
diff --git a/lisp/net/pinentry.el b/lisp/net/pinentry.el
index 285f86481bc..f83b0734fa2 100644
--- a/lisp/net/pinentry.el
+++ b/lisp/net/pinentry.el
@@ -26,6 +26,9 @@
 ;; This package allows GnuPG passphrase to be prompted through the
 ;; minibuffer instead of graphical dialog.
 ;;
+;; This feature requires GnuPG 2.1.5 or later and Pinentry 0.9.5 or
+;; later, with the Emacs support compiled in.
+;;
 ;; To use, add "allow-emacs-pinentry" to "~/.gnupg/gpg-agent.conf",
 ;; reload the configuration with "gpgconf --reload gpg-agent", and
 ;; start the server with M-x pinentry-start.
@@ -38,17 +41,15 @@
 ;; where pinentry and Emacs communicate through a Unix domain socket
 ;; created at:
 ;;
-;;   ${TMPDIR-/tmp}/emacs$(id -u)/pinentry
+;;   ~/.emacs.d/pinentry/pinentry
-;;
-;; under the same directory which server.el uses.  The protocol is a
-;; subset of the Pinentry Assuan protocol described in (info
-;; "(pinentry) Protocol").
 ;;
-;; NOTE: As of August 2015, this feature requires newer versions of
+;; The protocol is a subset of the Pinentry Assuan protocol described
-;; GnuPG (2.1.5+) and Pinentry (0.9.5+).
+;; in (info "(pinentry) Protocol").
 ;;; Code:
+(eval-when-compile (require 'cl-lib))
 (defgroup pinentry nil
  "The Pinentry server"
  :version "25.1"
@@ -76,10 +77,7 @@
 (defvar pinentry--prompt-buffer nil)
-;; We use the same location as `server-socket-dir', when local sockets
+(defvar pinentry--socket-dir (locate-user-emacs-file "pinentry")
-;; are supported.
-(defvar pinentry--socket-dir
-  (format "%s/emacs%d" (or (getenv "TMPDIR") "/tmp") (user-uid))
  "The directory in which to place the server socket.
 If local sockets are not supported, this is nil.")
@@ -172,16 +170,17 @@ will not be shown."
      (ignore-errors
        (let (delete-by-moving-to-trash)
          (delete-file server-file)))
-      (setq pinentry--server-process
+      (cl-letf (((default-file-modes) ?\700))
-            (make-network-process
+        (setq pinentry--server-process
-             :name "pinentry"
+              (make-network-process
-             :server t
+               :name "pinentry"
-             :noquery t
+               :server t
-             :sentinel #'pinentry--process-sentinel
+               :noquery t
-             :filter #'pinentry--process-filter
+               :sentinel #'pinentry--process-sentinel
-             :coding 'no-conversion
+               :filter #'pinentry--process-filter
-             :family 'local
+               :coding 'no-conversion
-             :service server-file))
+               :family 'local
+               :service server-file)))
      (process-put pinentry--server-process :server-file server-file))))
 (defun pinentry-stop ()
author	Daiki Ueno	2016-02-22 06:06:50 +0900
committer	Daiki Ueno	2016-02-22 06:17:29 +0900
commit	e34fbdee8aca84b98393b06b2450837d175999ca (patch)
tree	e185601c1584540ca75f7f47aec903acee1e9b49
parent	5f8965839d573032fc02be1298f37899cf61862d (diff)
download	emacs-e34fbdee8aca84b98393b06b2450837d175999ca.tar.gz emacs-e34fbdee8aca84b98393b06b2450837d175999ca.zip