gpg wrapper does not handle decryption #150
Comments
|
I believe there is a way to tell git-annex to use the wrapper for signing while using gpg2 directly for decryption, which would be a fine workaround. Investigating. |
|
Oh, here's a maybe more-elegant workaround. You can replace the wrapper script with #!/bin/sh
GPG=$(which gpg2)
for arg in "$@"; do
if [ "$arg" = "--decrypt" ]; then
exec "$GPG" "$@"
fi
done
ots-git-gpg-wrapper --gpg-program "$GPG" -- "$@"(Thanks chatgpt for the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When using git-annex with encrypted remotes, git will invoke
gpg.programfor both signing and decryption of remote files. However, ots-git-gpg-wrapper will discard most/all of the arguments.For example, git-annex may invoke the wrapper as
(Here everything after the
--is provided as$@inots-git-gpg-wrapper.shbut for clarity I am ignoring the wrapper script.)However, the gpg wrapper silently discards all options that are unrelated to signing, as you can see here:
opentimestamps-client/otsclient/git_gpg_wrapper.py
Lines 77 to 80 in 6d711ab
I believe the intended behavior was probably to loudly discard these arguments, notifying the user that the gpg wrapper is being invoked in an unexpected way. But an even better behavior would be to allow decryption.
To reproduce
gpg2 -r 'andrew poelstra' -a -o null.gpg --encrypt /dev/nullots-git-gpg-wrapper -- --decrypt null.gpggpg2 --decrypt null.gpg.You will see that with the wrapper, nothing happens and there is no output. Vs calling gpg2 directly, where the file gets decrypted.
(You probably need to change
-r 'andrew poelstra'to your own name, unless you have access to my private keys.)The text was updated successfully, but these errors were encountered: