if pinentry is compiled with libsecret, and libsecret has any problems talking
to the secret service, pinentry prints the libsecret error messages to stdout.

Since the error messages themselves are not formatted in libassuan IPC, this
produces an IPC error when gpg-agent is trying to talk to a misconfigured pinentry.

You can see this directly with:

$ DBUS_SESSION_BUS_ADDRESS=awefwef pinentry
OK Pleased to meet you
OPTION allow-external-password-cache
OK
SETKEYINFO monkeyman
OK
GETPIN
Failed to lookup password for key monkeyman with secret service: The name
org.freedesktop.secrets was not provided by any .service files
D abc123
OK
$

In normal use, this can happen when:

A.1) no secret service exists, or
A.2) gpg-agent is running with a bad default DBUS_SESSION_BUS_ADDRESS (e.g. if
it was running from a previous session, or was initialized before the current
dbus session)

and

B) gpg-agent is not configured with no-allow-external-cache

and

C) use of a secret key is requested by a client that does not know how to tell
gpg-agent which DBUS_SESSION_BUS_ADDRESS is currently in use (e.g. ssh-add,
talking to gpg-agent through its ssh-agent masquerade).

In the event of libsecret errors, the messages must not be routed to stdout,
since it breaks the assuan IPC protocol.