fix input/output streams for gpg validation

currently, our gpg function which uses exec.Command to `gpg --encrypt` and `gpg --decrypt` does not allow for stdin or out to be anything but a buffer stream directly used in the program this causes `gpg` to error out since it cannot ask for validation on locked keys. Fix this by passing stdin to --decrypt as the "in" var and stdout as the "out" var to --encrypt resolves containers/podman#13539 Signed-off-by: cdoern <cdoern@redhat.com>
cdoern · Jun 2, 2022 · 9a02d92 · 9a02d92
1 parent c13785e
commit 9a02d92
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/pkg/secrets/passdriver/passdriver.go b/pkg/secrets/passdriver/passdriver.go
@@ -126,7 +126,7 @@ func (d *Driver) Lookup(id string) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	if err := d.gpg(context.TODO(), nil, out, "--decrypt", key); err != nil {
+	if err := d.gpg(context.TODO(), os.Stdin, out, "--decrypt", key); err != nil {
 		return nil, errors.Wrapf(errNoSecretData, id)
 	}
 	if out.Len() == 0 {
@@ -145,7 +145,7 @@ func (d *Driver) Store(id string, data []byte) error {
 	if err != nil {
 		return err
 	}
-	return d.gpg(context.TODO(), in, nil, "--encrypt", "-r", d.KeyID, "-o", key)
+	return d.gpg(context.TODO(), in, os.Stdout, "--encrypt", "-r", d.KeyID, "-o", key)
 }
 
 // Delete removes the secret associated with the specified ID.  An error is returned if no matching secret is found.

diff --git a/pkg/secrets/passdriver/passdriver_test.go b/pkg/secrets/passdriver/passdriver_test.go
@@ -28,6 +28,9 @@ func setupDriver(t *testing.T) (driver *Driver, cleanup func()) {
 	err = driver.gpg(context.TODO(), nil, nil, "--batch", "--passphrase", "--quick-generate-key", "testing@passdriver")
 	require.NoError(t, err)
 
+	err = driver.gpg(context.TODO(), os.Stdin, os.Stderr, "--batch", "--passphrase", "--quick-generate-key", "testing@passdriver")
+	require.NoError(t, err)
+
 	return driver, func() {
 		os.RemoveAll(base)
 		os.RemoveAll(gpghomedir)