diff options
| author |  Joey Hess <joey@kitenet.net> | 2013-01-16 15:27:46 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2013-01-16 15:27:46 -0400 |
| commit | 643bb4a3e1494e35f276c5aa789ebecb2127f79f (patch) | |
| tree | f8697dcb0fc4e4418d37bdb5f206f4660d8a98d5 | |
| parent | ff469c1d5e41764651869e8dc2f0322257811a7a (diff) | |
Deal with incompatability in gpg2, which caused prompts for encryption passphrases rather than using the supplied --passphrase-fd.
| -rw-r--r-- | Utility/Gpg.hs | 5 | ||||
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | doc/bugs/With_S3__44___GPG_ask_for_a_new_passphrase.mdwn | 4 | ||||
| -rw-r--r-- | doc/bugs/encryption_given_a_gpg_keyid_still_uses_symmetric_encryption.mdwn | 8 |
4 files changed, 18 insertions, 1 deletions
diff --git a/Utility/Gpg.hs b/Utility/Gpg.hs index ca017ed3a..0c80ecdf3 100644 --- a/Utility/Gpg.hs +++ b/Utility/Gpg.hs @@ -58,6 +58,9 @@ pipeStrict params input = do - should write to it all the data to input to gpg. Finally, runs - a reader action that is passed a handle to gpg's output. - + - Runs gpg in batch mode; this is necessary to avoid gpg 2.x prompting for + - the passphrase. + - - Note that to avoid deadlock with the cleanup stage, - the reader must fully consume gpg's input before returning. -} feedRead :: [CommandParam] -> String -> (Handle -> IO ()) -> (Handle -> IO a) -> IO a @@ -71,7 +74,7 @@ feedRead params passphrase feeder reader = do let Fd pfd = frompipe let passphrasefd = [Param "--passphrase-fd", Param $ show pfd] - params' <- stdParams $ passphrasefd ++ params + params' <- stdParams $ [Param "--batch"] ++ passphrasefd ++ params closeFd frompipe `after` withBothHandles createProcessSuccess (proc "gpg" params') go where diff --git a/debian/changelog b/debian/changelog index 652752fd0..3595eb81b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,8 @@ git-annex (3.20130115) UNRELEASED; urgency=low * webapp: Has a page to view the log, accessed from the control menu. * webapp: Fix crash adding removable drive that has an annex directory in it that is not a git repository. + * Deal with incompatability in gpg2, which caused prompts for encryption + passphrases rather than using the supplied --passphrase-fd. -- Joey Hess <joeyh@debian.org> Mon, 14 Jan 2013 18:35:01 -0400 diff --git a/doc/bugs/With_S3__44___GPG_ask_for_a_new_passphrase.mdwn b/doc/bugs/With_S3__44___GPG_ask_for_a_new_passphrase.mdwn index 10be47679..e6f3524b2 100644 --- a/doc/bugs/With_S3__44___GPG_ask_for_a_new_passphrase.mdwn +++ b/doc/bugs/With_S3__44___GPG_ask_for_a_new_passphrase.mdwn @@ -15,3 +15,7 @@ So I create a new passphrase (two times) for each file I tried to upload. The pr What's this new passphrase for? BTW: git-annex version: 3.20130102 same precompiled binary on Arch Linux. + +> I've reproduced this with gpg 2.0.19. It is a documented incompatability +> between gpg 1.x and 2.x; the latter needs --batch included in its +> parameters. I've put in a fix. [[done]] diff --git a/doc/bugs/encryption_given_a_gpg_keyid_still_uses_symmetric_encryption.mdwn b/doc/bugs/encryption_given_a_gpg_keyid_still_uses_symmetric_encryption.mdwn index 457ec893a..15bc95f27 100644 --- a/doc/bugs/encryption_given_a_gpg_keyid_still_uses_symmetric_encryption.mdwn +++ b/doc/bugs/encryption_given_a_gpg_keyid_still_uses_symmetric_encryption.mdwn @@ -36,3 +36,11 @@ What version of git-annex are you using? On what operating system? Please provide any additional information below. +> Symmetric encryption is used as described in [[design/encryption]], +> with the symmetric key stored encrypted using your gpg key. +> +> The extra prompting described in the comments in the bug. +> +> I've reproduced this with gpg 2.0.19. It is a documented incompatability +> between gpg 1.x and 2.x; the latter needs --batch included in its +> parameters. I've put in a fix. [[done]] |