gpg --status-fd problems

Mon Jun 24 23:12:01 CEST 2002

Okay, I just got the idea of running gpg on the command-line in batch
mode with --passphrase-fd=0 to see if the problem persisted with the
same options that evolution passes to gpg and I discovered for certain
that gpg does NOT send a NEED_PASSPHRASE status message until a
passphrase has been sent.

bash$ gpg --verbose --no-secmem-warning --no-greeting --batch --yes
--status-fd=1 --passphrase-fd=0 --sign -b -u fejj at stampede.org camel.h
--output -
(gpg waits for a passphrase...)
<passphrase>
[GNUPG:] USERID_HINT DF4D8864F38934AB Jeffrey Stedfast (fejj)
<fejj at stampede.org>
[GNUPG:] NEED_PASSPHRASE DF4D8864F38934AB DF4D8864F38934AB 17 0
[GNUPG:] GOOD_PASSPHRASE
gpg: writing to stdout
gpg: signing: `camel.h'gpg: can't open --output: No such file or
directory
gpg: signing failed: file open error

Hmmm, that "gpg: signing `camel.h'gpg:..." line seems a bit broken too
:)

Hope this helps...

Jeff

On Mon, 2002-06-24 at 15:01, Jeffrey Stedfast wrote:
> I've taken a quick look at gnupg-1.0.7/g10/status.c and it seems to me
> that that code is flushing the streams as it should.
> 
> This leads me to conclude that either:
> 
> 1. my code is broken
> 2. gpg doesn't send the NEED_PASSPHRASE message until after gpg has a
> passphrase in its hands.
> 
> I'm really stuck here because I can't find the problem in my code (maybe
> I'm just missing something?) and it seems to me that if I run gpg from
> the command-line with --status-fd=1 that I do indeed get a
> NEED_PASSPHRASE before I type it in.
> 
> However... in my code select() seems to tell me that status-fd is not
> ready for reading until after I've sent a passphrase to gpg and closed
> the pipe.
> 
> here's some pseudocode:
> 
> if ((ready = select (maxfd + 1, [ stdout, stderr, status_fd ], [ stdin,
> passphrase_fd ], NULL, &timeout)) == 0)
> 	return 0;
> 
> if (ready == -1)
> 	return -1;
> 
> if (status_fd is ready) {
> 	read a block up to 4k and save it into a buffer;
> 	if (we've got a line-feed in our buffered data) {
> 		parse a line;
> 		if we've got more \n's, just loop in here until we're out of \n's and
> then memmove the remaining bytes to the beginning of the buffer;
> 	}
> }
> 
> if (stdout is read) {
> 	...
> }
> 
> if (stderr is ready) {
> 	...
> }
> 
> if (passphrase_fd is ready && NEED_PASSPHRASE has been intercepted) {
> 	send our passphrase to gpg and then close (passphrase_fd);
> }
> 
> if (stdin is ready && have data to write) {
> 	...
> }
> 
> The above code gets run in a loop until we've finished (encounted a
> SIG_CREATED .. or an END_DECRYPTION etc and we've written and read
> everything we can from the stdin/stdout pipes respectively)
> 
> In the actual code, I've got a printf() to dump "we are trying to read
> from status_fd\n" or whatever. I do not see a single debug line saying
> that we are attempting to read from the status_fd until after I've sent
> the passphrase (I had modified the passphrase code to send a passphrase
> even if we had not encounted a NEED_PASSPHRASE status message).
> 
> Thus my confusion...
> 
> Any help would be much appreciated.
> 
> Jeff
> 
> On Sat, 2002-06-22 at 16:37, Jeffrey Stedfast wrote:
> > I'm trying to write a library that wraps gpg to
> > sign/encrypt/decrypt/verify/etc and I'm having some trouble with the
> > status-fd.
> > 
> > It seems that operations requiring a passphrase require me to send the
> > passphrase and close the passphrase fd BEFORE gpg will send me a
> > USERID_HINT and/or NEED_PASSPHRASE status message over the status-fd
> > pipe. Is this the desired behavior? If so, what's the use? I was hoping
> > that I'd get USERID_HINT and NEED_PASSPHRASE status messages BEFORE
> > having to prompt my users for a passphrase.
> > 
> > Is gpg perhaps not flushing its streams?
> > 
> > Jeff
> > 
> > -- 
> > Jeffrey Stedfast
> > Evolution Hacker - Ximian, Inc.
> > fejj at ximian.com  - www.ximian.com
> > 
> > 
> > _______________________________________________
> > Gnupg-devel mailing list
> > Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
> -- 
> Jeffrey Stedfast <fejj at ximian.com>
> Ximian, Inc.
> 
> 
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
-- 
Jeffrey Stedfast <fejj at ximian.com>
Ximian, Inc.