make Qubes split-gpg compatible with reprepro / libgpgme

[adrelanos]

reprepro (which is using libgpgme) is using the following gpg command line options which are currently rejected by Qubes split-gpg.

• --enable-special-filenames
• --no-sk-comments
• --exit-on-status-write-error
• --ttyname
• --ttytype

[1] [2]

---

Simply white listing these in /usr/bin/qubes-gpg-client-wrapper won't do the trick.

exec qubes-gpg-client --batch --status-fd 7 --no-tty --charset utf8 --enable-progress-filter --display :0 /dev/pts/2 xterm-256color -- '-&8'
gpg: WARNING: no command supplied.  Trying to guess what you mean ...

---

A full example command that reprepro is using.

gpg --enable-special-filenames --batch --no-sk-comments --status-fd 7 --no-tty --charset utf8 --enable-progress-filter --exit-on-status-write-error --display :0 --ttyname /dev/pts/2 --ttytype xterm-256color --output - -- '-&8

---

[1] (I learned about these by adding to /usr/bin/qubes-gpg-client-wrapper.)

set -x
exec 6>&2 2>> "/tmp/output"

[2] I haven't found an option in reprepro to configure which gpg binary to use so I replaced /usr/bin/gpg with /usr/bin/qubes-gpg-client-wrapper. (Of course after creating a backup of /usr/bin/gpg so I can revert it. - Or no backup - since TemplateBased AppVMs root image is conveniently reset every reboot anyhow. :) Asked the author of reprepro if such a feature exist of if he could kindly add this feature.

---

Related:

• #3320
• #3325

//cc @HW42 (reprepro looks like an excellent stress test for complex uses of gpg for #474.)

[adrelanos]

reprepro uses libgpgme, so it is quite limited in what it can do in that regard. Especially that seems to do some complicated magic like first looking for a gpgconf program and parsing that output. (And from the
comments in the code seems to assume that without that it is gpg1 instead of gpg2). It seems to have some function to change defaults but no real documentation about what it exactly expects there (and if that can even be used to choose a different gpg client).

As I understand it, everything that should be changed with those settings should also be possible by adding some directory in front of the PATH you call reprepro with that contains a gpgconf binary that outputs the correct things. (Though I have no idea what "correct" means there).

Bernhard R. Link

F8AC 04D5 0B9B 064B 3383 C3DA AFFC 96D1 151D FFDC

[adrelanos]

reprepro uses libgpgme, so it is quite limited in what it can do in that regard. Especially that seems to do some complicated magic like first looking for a gpgconf program and parsing that output. (And from the
comments in the code seems to assume that without that it is gpg1 instead of gpg2). It seems to have some function to change defaults but no real documentation about what it exactly expects there (and if that can even be used to choose a different gpg client).

As I understand it, everything that should be changed with those settings should also be possible by adding some directory in front of the PATH you call reprepro with that contains a gpgconf binary that outputs the correct things. (Though I have no idea what "correct" means there).

Bernhard R. Link

F8AC 04D5 0B9B 064B 3383 C3DA AFFC 96D1 151D FFDC

[marmarek]

--enable-special-filenames

This should be possible to handle, but not trivial. Perhaps with a help from qubes-gpg-client-wrapper. Like replacing "special filenames" (-&n according to manual), with /proc/self/fd/n.

--no-sk-comments
--exit-on-status-write-error

Those can be easily included in the whitelist.

--ttyname
--ttytype

What those options do? I don't see them in gpg2 manual. If I'm guessing correctly, it would be tricky to correctly implement them - backend (intentionally) have no access to frontend console. But it might work if you ignore those options in qubes-gpg-client-wrapper.

[marmarek]

--enable-special-filenames

This should be possible to handle, but not trivial. Perhaps with a help from qubes-gpg-client-wrapper. Like replacing "special filenames" (-&n according to manual), with /proc/self/fd/n.

--no-sk-comments
--exit-on-status-write-error

Those can be easily included in the whitelist.

--ttyname
--ttytype

What those options do? I don't see them in gpg2 manual. If I'm guessing correctly, it would be tricky to correctly implement them - backend (intentionally) have no access to frontend console. But it might work if you ignore those options in qubes-gpg-client-wrapper.

[grote]

kmail is also using libgpgme and it is trying to call gpg like this:

--enable-special-filenames --batch --no-sk-comments --status-fd 52 --no-tty --charset utf8 --enable-progress-filter --exit-on-status-write-error --display :0 --ttyname /dev/pts/0 --ttytype xterm-256color --decrypt --output - -- -&54

[grote]

kmail is also using libgpgme and it is trying to call gpg like this:

--enable-special-filenames --batch --no-sk-comments --status-fd 52 --no-tty --charset utf8 --enable-progress-filter --exit-on-status-write-error --display :0 --ttyname /dev/pts/0 --ttytype xterm-256color --decrypt --output - -- -&54

[marmarek]

See QubesOS/qubes-app-linux-split-gpg#16

[marmarek]

See QubesOS/qubes-app-linux-split-gpg#16