From cbc7446ede98fdabd0457c6b41d8dc2886a811fa Mon Sep 17 00:00:00 2001 From: joshr Date: Fri, 25 Feb 2022 15:24:54 -0500 Subject: [PATCH 1/2] change how we pass passphrase to gnupg, for #781 --- src/_utils/_git_secret_tools.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 86675890..a889af52 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -812,8 +812,8 @@ function _decrypt { #echo "# gpg passphrase: $passphrase" >&3 local exit_code if [[ -n "$passphrase" ]]; then - echo "$passphrase" | $SECRETS_GPG_COMMAND "${args[@]}" --batch --yes --no-tty --passphrase-fd 0 \ - "$encrypted_filename" + exec 3<<<"$passphrase" + $SECRETS_GPG_COMMAND "${args[@]}" --batch --yes --no-tty --passphrase-fd 3 "$encrypted_filename" exit_code=$? else $SECRETS_GPG_COMMAND "${args[@]}" "$encrypted_filename" From beb9a424a6c7bdbc2543befdc28c034edea7ec6f Mon Sep 17 00:00:00 2001 From: joshr Date: Sat, 5 Mar 2022 11:05:08 -0500 Subject: [PATCH 2/2] use file descriptor 4, not 3 --- src/_utils/_git_secret_tools.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index a889af52..6c974a04 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -812,8 +812,8 @@ function _decrypt { #echo "# gpg passphrase: $passphrase" >&3 local exit_code if [[ -n "$passphrase" ]]; then - exec 3<<<"$passphrase" - $SECRETS_GPG_COMMAND "${args[@]}" --batch --yes --no-tty --passphrase-fd 3 "$encrypted_filename" + exec 4<<<"$passphrase" # use 4, because descriptor 3 is used by bats + $SECRETS_GPG_COMMAND "${args[@]}" --batch --yes --no-tty --passphrase-fd 4 "$encrypted_filename" exit_code=$? else $SECRETS_GPG_COMMAND "${args[@]}" "$encrypted_filename"