gpg issues

John A Meinel john at arbash-meinel.com
Tue Feb 14 18:38:12 GMT 2006 

John A Meinel wrote:
> So I figured out why gpg cannot start the pinentry program. And it is
> because we are piping the information into stdin, which means that there
> is no terminal for pinentry to run on.
> 
> So what we want to be doing is creating a temporary file, and then using
> "gpg --clearsign /tmp/foo.aoeuaoeu" rather than "echo 'foo' | gpg
> --clearsign".
> 

...

> I just want to make sure that it is safe for me to make these changes.

So I found one issue with using a temp file. gpg defaults to creating a
signature file named "foo.asc". We can force a different one by using
"--output -" which will write the signature to standard out. Or we could
create our own temporary file, and use --output.

My question then becomes, what can we expect from the
gpg_signing_command? Can we expect that it will always create foo.asc?
Or can we require that it supports '--output -'?

I'm fine with either. I just would *really* like to get this change in,
because it will make my life *much* easier. Having the commit abort,
until I run gpg manually, and then rerunning the commit is a real pain.

Robert, when you wake up, can you please comment?

I suppose the other possibility is that we make the default command be
'gpg --output -', and just require that whatever gpg_signing_command
people use supports --clearsign accepting a filename and writing to
standard out.

But if we are going to extend the default command beyond just plain
'gpg', then I would say that we should make it "gpg --output -
--clearsign --batch", and people need to configure their
gpg_signing_command to take a filename.

Or we could add a config option for "gpg_signing_uses_stdin=False".
Which would let users state whether their signing command needs stdin,
or whether it uses a filename.

In the meantime, I modified it to add --output - --clearsign $tempfile,
to the gpg_signing_command, since that seemed reasonable, and was the
easiest thing to do.

The patch is attached, and present in jam-pending.

John
=:->

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: gpg-uses-filename.diff
Url: https://lists.ubuntu.com/archives/bazaar/attachments/20060214/2a83a2e6/attachment.diff 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060214/2a83a2e6/attachment.pgp

More information about the bazaar mailing list