fix input/output streams for gpg validation

currently, our gpg function which uses exec.Command to `gpg --encrypt` and `gpg --decrypt` does not allow for stdin or out to be anything but a buffer stream directly used in the program this causes `gpg` to error out since it cannot ask for validation on locked keys. Fix this by passing stdin to --decrypt as the "in" var and stdout as the "out" var to --encrypt resolves containers/podman#13539 Signed-off-by: cdoern <cdoern@redhat.com>
cdoern · Jun 3, 2022 · a599662 · a599662
1 parent c13785e
commit a599662
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/pkg/secrets/passdriver/passdriver.go b/pkg/secrets/passdriver/passdriver.go
@@ -126,7 +126,7 @@ func (d *Driver) Lookup(id string) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	if err := d.gpg(context.TODO(), nil, out, "--decrypt", key); err != nil {
+	if err := d.gpg(context.TODO(), os.Stdin, out, "--decrypt", key); err != nil {
 		return nil, errors.Wrapf(errNoSecretData, id)
 	}
 	if out.Len() == 0 {
@@ -145,7 +145,7 @@ func (d *Driver) Store(id string, data []byte) error {
 	if err != nil {
 		return err
 	}
-	return d.gpg(context.TODO(), in, nil, "--encrypt", "-r", d.KeyID, "-o", key)
+	return d.gpg(context.TODO(), in, os.Stdout, "--encrypt", "-r", d.KeyID, "-o", key)
 }
 
 // Delete removes the secret associated with the specified ID.  An error is returned if no matching secret is found.
@@ -164,7 +164,11 @@ func (d *Driver) gpg(ctx context.Context, in io.Reader, out io.Writer, args ...s
 	if d.GPGHomedir != "" {
 		args = append([]string{"--homedir", d.GPGHomedir}, args...)
 	}
-	cmd := exec.CommandContext(ctx, "gpg", args...)
+	gpg, err := exec.LookPath("gpg")
+	if err != nil {
+		return err
+	}
+	cmd := exec.CommandContext(ctx, gpg, args...)
 	cmd.Env = os.Environ()
 	cmd.Stdin = in
 	cmd.Stdout = out

diff --git a/pkg/secrets/passdriver/passdriver_test.go b/pkg/secrets/passdriver/passdriver_test.go
@@ -25,12 +25,15 @@ func setupDriver(t *testing.T) (driver *Driver, cleanup func()) {
 	})
 	require.NoError(t, err)
 
-	err = driver.gpg(context.TODO(), nil, nil, "--batch", "--passphrase", "--quick-generate-key", "testing@passdriver")
+	f, err := ioutil.TempFile("", "pass.txt")
+	defer require.NoError(t, err)
+	err = driver.gpg(context.TODO(), nil, os.Stdout, "--batch", "--passphrase-file", f.Name(), "--quick-generate-key", "testing@passdriver123")
 	require.NoError(t, err)
 
 	return driver, func() {
 		os.RemoveAll(base)
 		os.RemoveAll(gpghomedir)
+		os.Remove(f.Name())
 	}
 }