/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

git-remote-gcrypt not working with qubes-gpg-client-wrapper (-q and --gen-rand not supported) #3445

Open
whohoho opened this Issue Jan 4, 2018 · 6 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.2 updates
3 participants
@whohoho @marmarek @andrewdavidwong
@whohoho

whohoho commented Jan 4, 2018
edited
Edited 4 times
  • @whohoho whohoho edited Jan 4, 2018 (most recent)
  • @whohoho whohoho edited Jan 4, 2018
  • @whohoho whohoho edited Jan 4, 2018
  • @whohoho whohoho edited Jan 4, 2018

Qubes OS version: R3.2

Steps to reproduce the behavior:

sudo apt-get install git-remote-gcrypt
git config --add gpg.program /usr/bin/qubes-gpg-client-wrapper
git remote add crypted gcrypt::[remote-url]
git pull crypted master

Relevant errors:

/usr/bin/qubes-gpg-client-wrapper --no-tty --armor --gen-rand 1 9
qubes-gpg-client: unrecognized option '--gen-rand'

/usr/bin/qubes-gpg-client-wrapper --no-tty --status-fd 3 -q -d
qubes-gpg-client: invalid option -- 'q'

more errors after fixing prev. ones in git-remote-gcrypt

  • /usr/bin/qubes-gpg-client-wrapper --no-tty --with-colons --print-md SHA256
    qubes-gpg-client: unrecognized option '--print-md'

  • /usr/bin/qubes-gpg-client-wrapper --no-tty --batch --no-default-keyring --secret-keyring /dev/null --keyring /dev/null --passphrase-fd 3 -d
    qubes-gpg-client: unrecognized option '--no-default-keyring'

@andrewdavidwong andrewdavidwong added C: other enhancement labels Jan 5, 2018

@andrewdavidwong andrewdavidwong added this to the Release 3.2 updates milestone Jan 5, 2018

@whohoho

This comment has been minimized.

Show comment
Hide comment
@whohoho

whohoho Jan 13, 2018

another one:
gpg --no-tty --batch --force-mdc --compress-algo none --trust-model=always --passphrase-fd 3 -c

gpg --no-tty --compress-algo none --trust-model=always -se --throw-keyids --default-recipient-self

whohoho commented Jan 13, 2018
edited
Edited 1 time
  • @whohoho whohoho edited Jan 13, 2018 (most recent)

another one:
gpg --no-tty --batch --force-mdc --compress-algo none --trust-model=always --passphrase-fd 3 -c

gpg --no-tty --compress-algo none --trust-model=always -se --throw-keyids --default-recipient-self
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jan 13, 2018

Member
Member

marmarek commented Jan 13, 2018

@whohoho

This comment has been minimized.

Show comment
Hide comment
@whohoho

whohoho Jan 13, 2018

In that command symmetric encryption with a passprase is used, so it does not actually have to go to the gpg vm.

I am working on a patch now to have the local gpg do those things.

whohoho commented Jan 13, 2018

In that command symmetric encryption with a passprase is used, so it does not actually have to go to the gpg vm.

I am working on a patch now to have the local gpg do those things.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jan 13, 2018

Member

Ah, indeed there is -c. Currently options whitelist is not context aware, so it isn't possible to whitelist options for specific mode only. And better keep it this way for simplicity.

Handling it locally indeed may be a good idea, should be doable in gpg-client-wrapper script, or yet another wrapper.
Member

marmarek commented Jan 13, 2018

Ah, indeed there is -c. Currently options whitelist is not context aware, so it isn't possible to whitelist options for specific mode only. And better keep it this way for simplicity.

Handling it locally indeed may be a good idea, should be doable in gpg-client-wrapper script, or yet another wrapper.
@whohoho

marmarek added a commit to marmarek/qubes-app-linux-split-gpg that referenced this issue Jan 13, 2018

@marmarek
Fix handling -q option 
QubesOS/qubes-issues#3445
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
36736a0

@marmarek marmarek referenced this issue in QubesOS/qubes-app-linux-split-gpg Jan 13, 2018

Closed

Add additional options #16

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jan 13, 2018

Member

See QubesOS/qubes-app-linux-split-gpg#16
Member

marmarek commented Jan 13, 2018

See QubesOS/qubes-app-linux-split-gpg#16

@rysiekpl rysiekpl referenced this issue Jan 21, 2018

Open

Make Qubes split-gpg compatible with Mailpile #3485

marmarek added a commit to marmarek/qubes-app-linux-split-gpg that referenced this issue Feb 27, 2018

@marmarek
Fix handling -q option 
QubesOS/qubes-issues#3445
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
d6dbc11

This was referenced Feb 27, 2018

Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment