fix GPG "hang" on malformed PGP message (detached signature)

commit 6c65c12a6c9b740fe6b79534e2731e5e92a4c27f
parent d9ff31bf8a03bf67e42b03aaffe1dab5579208fe
Author: Sascha Silbe <sascha-pgp@silbe.org>
Date:   Tue,  5 Oct 2010 07:25:33 -0400

fix GPG "hang" on malformed PGP message (detached signature)

A PGP message chunk (bounded by "-----BEGIN PGP MESSAGE-----" and
"-----END PGP MESSAGE-----") can contain a detached signature. By default GPG
will wait for the payload to be supplied on stdin if it gets passed a lone
detached signature. To the user it will appear as GPG (or sup, since they
don't see any output from GPG) hanging.

The best way to solve this would be enabling batch mode, but then passphrase
querying without gpg-agent wouldn't work anymore. So we resort to passing
--multifile which has the side effect of not allowing detached signatures.

Encountered and tested with message
 [1] on the git
mailing list.

[1] http://marc.info/?l=git&m=128623349711269&q=raw

Signed-off-by: Sascha Silbe 

Diffstat:

lib/sup/crypto.rb

1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/sup/crypto.rb b/lib/sup/crypto.rb
@@ -144,7 +144,7 @@ EOS
     output_fn = Tempfile.new "redwood.output"
     output_fn.close
 
-    message = run_gpg "--output #{output_fn.path} --skip-verify --yes --decrypt #{payload_fn.path}", :interactive => true
+    message = run_gpg "--output #{output_fn.path} --multifile --skip-verify --yes --decrypt #{payload_fn.path}", :interactive => true
 
     unless $?.success?
       info "Error while running gpg: #{message}"

sup.git