diff --git a/gnupg2.spec b/gnupg2.spec
index c66e04e5e8548895ef7b18958728272d305efe44..39ac6ae1970f91f55f8fe4af5afa2d10e0c8ce6a 100644
--- a/gnupg2.spec
+++ b/gnupg2.spec
@@ -1,6 +1,10 @@
+# Define no_pinentry to 1,
+# if you have no pinentry package
+%define no_pinentry 0
+
 Name: gnupg2
 Version: 2.4.3
-Release: 2
+Release: 3
 Summary: Utility for secure communication and data storage
 
 License: GPLv3+
@@ -18,6 +22,7 @@ Patch7:  gnupg-2.2.20-file-is-digest.patch
 Patch8:  gnupg-2.2.21-coverity.patch
 Patch9:  gnupg2-revert-rfc4880bis.patch
 Patch10: backport-dirmngr-Enable-the-call-of-ks_ldap_help_variables-wh.patch
+Patch11: gpg-set-default-pinentry-mode-to-loopback.patch
 
 BuildRequires: gcc
 BuildRequires: zlib-devel, npth-devel, texinfo
@@ -31,7 +36,9 @@ BuildRequires: gnutls-devel
 Requires: libgcrypt >= 1.9.4
 Requires: libgpg-error >= 1.46
 
+%if 0%{?no_pinentry} == 0
 Recommends: pinentry
+%endif
 Recommends: gnupg2-smime
 
 Provides: gpg = %{version}-%{release}
@@ -70,6 +77,9 @@ sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c
   --enable-g13 \
   --disable-ccid-driver \
   --disable-tpm2d \
+%if 0%{?no_pinentry}
+  --disable-gpg-default-pinentry \
+%endif
   --enable-large-secmem
 
 %make_build
@@ -119,6 +129,9 @@ make check
 
 
 %changelog
+* Tue Jul 9 2024 yixiangzhike <yixiangzhike007@163.com> - 2.4.3-3
+- gpg set default pinentry mode to loopback when have no pinentry
+
 * Tue Jan 2 2024 yixiangzhike <yixiangzhike007@163.com> - 2.4.3-2
 - use gpgtar to replace gpg-zip
 
diff --git a/gpg-set-default-pinentry-mode-to-loopback.patch b/gpg-set-default-pinentry-mode-to-loopback.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6534f8ea2c21ec313e44642bf4850e9a6c632545
--- /dev/null
+++ b/gpg-set-default-pinentry-mode-to-loopback.patch
@@ -0,0 +1,348 @@
+From db537e58045211cbdd48ab45d1d323f2966b69d3 Mon Sep 17 00:00:00 2001
+From: zhangguangzhi <zhangguangzhi3@huawei.com>
+Date: Tue, 9 Jul 2024 14:41:17 +0800
+Subject: [PATCH] set default pinentry mode to loopback
+In some cases, we don't have the pinentry package availale,
+so we need to change the default way of obtaining the passphrase to
+LOOPBACK.
+This is achieved by adding the compilation option
+"--disable-gpg-default-pinentry".
+
+---
+ config.h.in                              |  3 ++
+ configure                                | 44 ++++++++++++++++++++++++
+ configure.ac                             | 22 ++++++++++++
+ g10/delkey.c                             |  8 +++++
+ g10/gpg.c                                |  5 +++
+ sm/gpgsm.c                               |  5 +++
+ tests/openpgp/delete-keys.scm            | 14 ++++----
+ tests/openpgp/export.scm                 |  2 +-
+ tests/openpgp/issue2929.scm              |  4 +--
+ tests/openpgp/quick-key-manipulation.scm |  6 ++--
+ 10 files changed, 100 insertions(+), 13 deletions(-)
+
+diff --git a/config.h.in b/config.h.in
+index cd12740..17a5493 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -762,6 +762,9 @@
+ /* Defined if LDAP is support */
+ #undef USE_LDAP
+ 
++/* Defined if gpg does not use pinentry by default mode */
++#undef GPG_DEFAULT_PINENTRY_MODE_LOOPBACK
++
+ /* Build with integrated libdns support */
+ #undef USE_LIBDNS
+ 
+diff --git a/configure b/configure
+index a4d03d2..3cf0295 100755
+--- a/configure
++++ b/configure
+@@ -626,6 +626,8 @@ gt_needs=
+ ac_header_list=
+ ac_subst_vars='am__EXEEXT_FALSE
+ am__EXEEXT_TRUE
++GPG_DEFAULT_PINENTRY_FALSE
++GPG_DEFAULT_PINENTRY_TRUE
+ LTLIBOBJS
+ LIBOBJS
+ BUILD_HOSTNAME
+@@ -985,6 +987,7 @@ enable_tests
+ enable_gnupg_builddir_envvar
+ enable_run_gnupg_user_socket
+ enable_build_timestamp
++enable_gpg_default_pinentry
+ '
+       ac_precious_vars='build_alias
+ host_alias
+@@ -1701,6 +1704,8 @@ Optional Features:
+   --disable-endian-check  disable the endian check and trust the OS provided
+                           macros
+   --disable-optimization  disable compiler optimization
++  --disable-gpg-default-pinentry
++                          disable gpg default pinentry
+   --enable-log-clock      enable log_clock timestamps
+   --enable-werror         append -Werror to CFLAGS
+   --enable-all-tests      let "make check" run all tests
+@@ -11130,7 +11135,40 @@ cat >>confdefs.h <<_ACEOF
+ #define NAME_OF_SENDMAIL "$SENDMAIL"
+ _ACEOF
+ 
++#
++# Check for GPG-DEFAULT-PINENTRY
++# In some cases, gpg/gpgsm does not use pinentry by default
++#
++
++# Check whether --enable-gpg-default-pinentry was given.
++if test "${enable_gpg_default_pinentry+set}" = set; then :
++    enableval=$enable_gpg_default_pinentry; have_gpg_default_pinentry=$enableval;if test "$enableval" = "no"; then have_gpg_default_pinentry=no; fi
++fi
++
++if test "$have_gpg_default_pinentry" = "no"; then
++    { $as_echo "$as_me:${as_lineno-$LINENO}:WARNING:
++***
++*** Building without default pinentry for gpg.
++***" >&5
++$as_echo "$as_me: WARNING:
++***
++*** Building without default pinentry for gpg.
++***" >&2;}
++fi
++
++if test "$have_gpg_default_pinentry" = yes; then
++    GPG_DEFAULT_PINENTRY_TRUE=
++    GPG_DEFAULT_PINENTRY_FALSE='#'
++else
++    GPG_DEFAULT_PINENTRY_TRUE='#'
++    GPG_DEFAULT_PINENTRY_FALSE=
++fi
++
++if test "$have_gpg_default_pinentry" = no ; then
+ 
++$as_echo "#define GPG_DEFAULT_PINENTRY_MODE_LOOPBACK 1" >> confdefs.h
++
++fi
+ 
+ #
+ # Construct a printable name of the OS
+@@ -16985,6 +17023,11 @@ if test -z "${USE_TOFU_TRUE}" && test -z "${USE_TOFU_FALSE}"; then
+ Usually this means the macro was only invoked conditionally." "$LINENO" 5
+ fi
+ 
++if test -z "${GPG_DEFAULT_PINENTRY_TRUE}" && test -z "${GPG_DEFAULT_PINENTRY_FALSE}"; then
++    as_fn_error $? "conditional \"GPG_DEFAULT_PINENTRY\" was never defined.
++Usually this means the macro was only invoked conditionally." "$LINENO" 5
++fi
++
+ : "${CONFIG_STATUS=./config.status}"
+ ac_write_fail=0
+ ac_clean_files_save=$ac_clean_files
+@@ -18505,6 +18548,7 @@ echo "
+         TLS support:         $use_tls_library
+         TOFU support:        $use_tofu
+         Tor support:         $show_tor_support
++	GPG default pinentry:$have_gpg_default_pinentry
+ "
+ if test "$have_libtss" != no -a -z "$TPMSERVER" -a -z "$SWTPM"; then
+ cat <<G10EOF
+diff --git a/configure.ac b/configure.ac
+index e68b779..980d9d1 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1242,6 +1242,27 @@ fi
+ AC_DEFINE_UNQUOTED(NAME_OF_SENDMAIL,"$SENDMAIL",
+                    [Tool with sendmail -t interface])
+ 
++#
++# Check for GPG-DEFAULT-PINENTRY
++# In some cases, gpg/gpgsm does not use pinentry by default.
++#
++
++AC_ARG_ENABLE(gpg-default-pinentry,
++    AC_HELP_STRING([--disable-gpg-default-pinentry],[disable gpg default pinentry]),
++    have_gpg_default_pinentry=$enableval,
++    [if tet "enableval" = "no"; then have_gpg_default_pinentry=no; fi])
++
++if test "$have_gpg_default_pinentry" = "no"; then
++    AC_MSG_WARN([[
++***
++*** Building without default pinentry for gpg.
++***]])
++fi
++
++AM_CONDITIONAL(GPG_DEFAULT_PINENTRY, [test "$have_gpg_default_pinentry" = yes])
++if test "$have_gpg_default_pinentry" = yes ; then
++    AC_DEFINE(GPG_DEFAULT_PINENTRY,1,[Defined if gpg does not use pinentry by default])
++fi
+ 
+ #
+ # Construct a printable name of the OS
+@@ -2158,6 +2179,7 @@ echo "
+         TLS support:         $use_tls_library
+         TOFU support:        $use_tofu
+         Tor support:         $show_tor_support
++	GPG default pinentry:$have_gpg_default_pinentry
+ "
+ if test "$have_libtss" != no -a -z "$TPMSERVER" -a -z "$SWTPM"; then
+ cat <<G10EOF
+diff --git a/g10/delkey.c b/g10/delkey.c
+index 458c451..a9fda30 100644
+--- a/g10/delkey.c
++++ b/g10/delkey.c
+@@ -252,8 +252,16 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
+                * be used for other protocols and thus deleting it from
+                * the gpg would also delete the key for other tools. */
+               if (!err && !opt.dry_run)
++#ifdef GPG_DEFAULT_PINENTRY_MODE_LOOPBACK
++		/* Advise the agent not to request a confirmation.
++		 * GPG_DEFAULT_PINENTRY_MODE_LOOPBACK is defined
++		 * meaning that there may be no pinentry components available.*/
++                err = agent_delete_key (NULL, hexgrip, prompt,
++                                        (opt.answer_yes == 1) ? opt.answer_yes : 1);
++#else
+                 err = agent_delete_key (NULL, hexgrip, prompt,
+                                         opt.answer_yes);
++#endif
+               xfree (prompt);
+               xfree (hexgrip);
+               if (err)
+diff --git a/g10/gpg.c b/g10/gpg.c
+index f2900d9..27d3da9 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2522,6 +2522,11 @@ main (int argc, char **argv)
+     opt.compliance = CO_GNUPG;
+     opt.flags.rfc4880bis = 1;
+ 
++#ifdef GPG_DEFAULT_PINENTRY_MODE_LOOPBACK
++    /* Default pinentry mode : loopback */
++    opt.pinentry_mode = PINENTRY_MODE_LOOPBACK;
++#endif
++
+     /* Check special options given on the command line.  */
+     orig_argc = argc;
+     orig_argv = argv;
+diff --git a/sm/gpgsm.c b/sm/gpgsm.c
+index 636d14a..4a16003 100644
+--- a/sm/gpgsm.c
++++ b/sm/gpgsm.c
+@@ -1027,6 +1027,11 @@ main ( int argc, char **argv)
+   /* Set the default policy file */
+   opt.policy_file = make_filename (gnupg_homedir (), "policies.txt", NULL);
+ 
++#ifdef GPG_DEFAULT_PINENTRY_MODE_LOOPBACK
++  /* Default pinentry mode : loopback */
++  opt.pinentry_mode = PINENTRY_MODE_LOOPBACK;
++#endif
++
+   /* The configuraton directories for use by gpgrt_argparser.  */
+   gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
+   gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
+diff --git a/tests/openpgp/delete-keys.scm b/tests/openpgp/delete-keys.scm
+index 16bde5f..dd4ae3d 100755
+--- a/tests/openpgp/delete-keys.scm
++++ b/tests/openpgp/delete-keys.scm
+@@ -30,7 +30,7 @@
+   (assert (have-secret-key-file? subkey))
+ 
+   ;; Firstly, delete the secret key.
+-  (call-check `(,@gpg --delete-secret-keys ,key::fpr))
++  (call-check `(,@gpg --pinentry-mode=ask --delete-secret-keys ,key::fpr))
+   (assert (have-public-key? key))
+   (assert (have-public-key? subkey))
+   (assert (not (have-secret-key? key)))
+@@ -39,7 +39,7 @@
+   (assert (not (have-secret-key-file? subkey)))
+ 
+   ;; Now, delete the public key.
+-  (call-check `(,@gpg --delete-keys ,key::fpr))
++  (call-check `(,@gpg --pinentry-mode=ask --delete-keys ,key::fpr))
+   (assert (not (have-public-key? key)))
+   (assert (not (have-public-key? subkey))))
+ 
+@@ -55,7 +55,7 @@
+   (assert (have-secret-key-file? subkey))
+ 
+   ;; Firstly, delete the secret subkey.
+-  (call-check `(,@gpg --delete-secret-keys ,subkey::fpr))
++  (call-check `(,@gpg --pinentry-mode=ask --delete-secret-keys ,subkey::fpr))
+   (assert (have-public-key? key))
+   (assert (have-public-key? subkey))
+   ;; JW: Deleting the secret subkey also deletes the secret key.  This
+@@ -68,7 +68,7 @@
+ 
+   ;; Then, delete the secret key.
+   ;; JW: We already deleted the key.  See above.
+-  ;; XXX (call-check `(,@gpg --delete-secret-keys ,key::fpr))
++  ;; XXX (call-check `(,@gpg --pinentry-mode=ask --delete-secret-keys ,key::fpr))
+   (assert (have-public-key? key))
+   (assert (have-public-key? subkey))
+   (assert (not (have-secret-key? key)))
+@@ -77,7 +77,7 @@
+   (assert (not (have-secret-key-file? subkey)))
+ 
+   ;; Now, delete the public subkey.
+-  (call-check `(,@gpg --delete-keys ,subkey::fpr))
++  (call-check `(,@gpg --pinentry-mode=ask --delete-keys ,subkey::fpr))
+   ;; JW: Deleting the subkey also deletes the key.  This
+   ;; is a deliberate design choice, and currently there is no way to
+   ;; delete the subkey without using --edit-key.
+@@ -86,7 +86,7 @@
+ 
+   ;; Now, delete the public key.
+   ;; JW: We already deleted the key.  See above.
+-  ;; XXX (call-check `(,@gpg --delete-keys ,key::fpr))
++  ;; XXX (call-check `(,@gpg --pinentry-mode=ask --delete-keys ,key::fpr))
+   (assert (not (have-public-key? key)))
+   (assert (not (have-public-key? subkey))))
+ 
+@@ -100,7 +100,7 @@
+   (assert (have-secret-key-file? subkey))
+ 
+   ;; Delete everything at once.
+-  (call-check `(,@gpg --delete-secret-and-public-key ,key::fpr))
++  (call-check `(,@gpg --pinentry-mode=ask --delete-secret-and-public-key ,key::fpr))
+   (assert (not (have-public-key? key)))
+   (assert (not (have-public-key? subkey)))
+   (assert (not (have-secret-key? key)))
+diff --git a/tests/openpgp/export.scm b/tests/openpgp/export.scm
+index aa6fa78..03fa358 100755
+--- a/tests/openpgp/export.scm
++++ b/tests/openpgp/export.scm
+@@ -92,7 +92,7 @@
+ 
+     (tr:do
+      (tr:pipe-do
+-      (pipe:gpg `(--export-secret-keys ,keyid))
++      (pipe:gpg `(--pinentry-mode=ask --export-secret-keys ,keyid))
+       (pipe:gpg '(--list-packets)))
+      (tr:call-with-content check-exported-private-key keyid))
+ 
+diff --git a/tests/openpgp/issue2929.scm b/tests/openpgp/issue2929.scm
+index d5c94cf..341fec6 100644
+--- a/tests/openpgp/issue2929.scm
++++ b/tests/openpgp/issue2929.scm
+@@ -27,6 +27,6 @@
+ (define gpg `(,(tool 'gpg) --no-permission-warning --trust-model=tofu))
+ 
+ (info "Checking TOFU trust model with ultimately trusted keys (issue2929).")
+-(call-check `(,@gpg --quick-generate-key frob@example.org))
+-(call-check `(,@gpg --sign gpg.conf))
++(call-check `(,@gpg --pinentry-mode=ask --quick-generate-key frob@example.org))
++(call-check `(,@gpg --pinentry-mode=ask --sign gpg.conf))
+ (call-check `(,@gpg --verify gpg.conf.gpg))
+diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm
+index 71d222a..767c5d4 100755
+--- a/tests/openpgp/quick-key-manipulation.scm
++++ b/tests/openpgp/quick-key-manipulation.scm
+@@ -46,7 +46,7 @@
+ (setenv "PINENTRY_USER_DATA" "test" #t)
+ 
+ (info "Checking quick key generation...")
+-(call-check `(,@GPG --quick-generate-key ,alpha))
++(call-check `(,@GPG --pinentry-mode=ask --quick-generate-key ,alpha))
+ 
+ (define keyinfo (gpg-with-colons `(-k ,(exact alpha))))
+ (define fpr (:fpr (assoc "fpr" keyinfo)))
+@@ -59,7 +59,7 @@
+ ;; Make sure the key capabilities don't change when we add a user id.
+ ;; (See bug #2697.)
+ (let ((pre (key-data (exact alpha)))
+-      (result (call-check `(,@GPG --quick-add-uid ,(exact alpha) ,bravo)))
++      (result (call-check `(,@GPG --pinentry-mode=ask --quick-add-uid ,(exact alpha) ,bravo)))
+       (post (key-data (exact alpha))))
+   (if (not (equal? pre post))
+       (begin
+@@ -139,7 +139,7 @@
+  "Checking that we can add subkeys..."
+  (lambda (args check)
+    (set! count (+ 1 count))
+-   (call-check `(,@gpg --quick-add-key ,fpr ,@args))
++   (call-check `(,@gpg --pinentry-mode=ask --quick-add-key ,fpr ,@args))
+    (let ((subkeys (get-subkeys)))
+      (assert (= count (length subkeys)))
+      (if check (check (last subkeys)))))
+-- 
+2.33.0
+