gpg issues

John A Meinel john at arbash-meinel.com
Tue Feb 14 21:04:58 GMT 2006 

Robert Collins wrote:
> On Tue, 2006-02-14 at 12:12 -0600, John A Meinel wrote:
>> So I figured out why gpg cannot start the pinentry program. And it is
>> because we are piping the information into stdin, which means that there
>> is no terminal for pinentry to run on.
>>
>> So what we want to be doing is creating a temporary file, and then using
>> "gpg --clearsign /tmp/foo.aoeuaoeu" rather than "echo 'foo' | gpg
>> --clearsign".
>>
>> (Note I tested it, echo foo | gpg --cl does indeed fail to run pinentry).
>>
>> I think this would be perfectly safe to do for gpg. But I have to ask
>> people who use other front-ends like agpg, etc. I would guess that they
>> let you supply the file to sign, otherwise they would not act like plain
>> gpg. (Also, are other front-ends as necessary now that gpg natively
>> supports gpg-agent?)
>>
>> I just want to make sure that it is safe for me to make these changes.
>>
>> I'm also wondering if we want the default command to be "gpg --batch
>> --no-tty". Probably not, but I thought I would ask.
> 
> Well, I know of some number of people using gnome-gpg for instance. So I
> think other front ends are needed. Re: temp files, as long as we make a
> temp dir with appropriate permissions (007) write the file in there and
> then read the signature, sure. I think the pipe approach is much better
> if we can use it. Does pinentry just need a pty ? I smell a bug in
> pinentry to be honest, because gpg on its own (the default command)
> works fine for me - it prompts for the password in the terminal using
> the secure facilities (can't remember the api name right now, sorry).
> 
> Rob
> 

You are right that it is a problem with pinentry, but it is how gpg is
using gpg-agent who is using pinentry.
Doing:

echo "foo" | gpg --clearsign

Fails because pinentry cannot prompt the user

echo "foo" | gpg --no-use-agent --clearsign

Does successfully prompt me for a password.

Do we need a temp dir, or just a temp file? Because by default a temp
file is created as 0600, so other people can't read it anyway.

I realize that it isn't *our* bug which is causing this problem. It is a
bug in some other program (whether it is specifically gpg or pinentry
doesn't matter, it is still something that I need a workaround for).

I suppose I could make it a custom hack on my system. Where I create a
"psuedo-gpg" that creates a temporary file. However, I just tested it,
and it fails as well.

Using this fake-gpg.py:

#!/usr/bin/env python
"""read from sys.stdin into a temporary file, and then have gpg sign it.
"""

import os, subprocess, sys, tempfile

t = tempfile.NamedTemporaryFile()
t.write(sys.stdin.read())

p = subprocess.Popen(['gpg', '--output', '-', '--clearsign', t.name],
                stdout=subprocess.PIPE)

out, err = p.communicate()

sys.stdout.write(out)
sys.exit(p.returncode)

t.close()

And then if I just do:
./fake-gpg.py
test<ENTER>
^D<ENTER>

It prompts me for a password correctly, and then does the signature.
doing
echo "test" | ./fake-gpg.py

Fails to prompt, and won't sign.

So if you don't like the temporary file approach for whatever reason,
what if I just add an option for:

gpg_use_temp_file=True

And then if that is true, it will use a temporary file and '--output -',
otherwise it will just use stdin for gpg.

I need some sort of workaround, and I don't think I can easily do it
with a plugin. Though I guess I can write a plugin for a new GPGStrategy.

I just figured if I'm running into the problem, other people would be as
well. It isn't like I'm running a custom pinentry or anything.

So, let me know what you think. I can probably do it either way. One way
I need to refactor the gpg code so that we can have a nicer way of
handling the default strategy. (Otherwise, I'll just have a plugin which
monkey patches GpgStrategy to be my custom class, since it is
instantiated directly by both cmd_re_sign, and Commit.)

At this point, if you don't think the gpg code should be re-written,
I'll just write a plugin which monkey patches GpgStrategy.

John
=:->

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060214/6073e6f0/attachment.pgp

More information about the bazaar mailing list