Thoughts on GnuPG and automation

[Hans of Guardian]

On Mar 3, 2015, at 7:09 PM, Peter Lebbing wrote:

> On 03/03/15 18:29, Hans of Guardian wrote:
>> Android has an installed base of hundreds of millions.  Desktop UNIX
>> is the exotic system here as compared to Windows, Android, etc.
> 
> I have no idea about how difficult it is to launch the gpg binary with a
> few pipes attached to a few file descriptors and perhaps anything else
> you need.
> 
> But I fail to see why you brought it up.
> 
> I thought we were discussing two alternatives:
> 
> - Call gpg directly
> - Use a library such as GPGME that calls gpg for you
> 
> In both cases, the gpg binary is executed as a separate process. So it
> seems to me any issues with this are the same in both cases. In fact, if
> it indeed is tricky as you say, you're better off if you have a library
> do this for you, so you don't have to get it right in each and every
> application.
> 
> Peter.

GPGME is that library that wraps gpg execution, and I've spent weeks of my life working GPGME on Android.  The way that GPGME wraps gpg is built entirely on UNIX assumptions, which is turns out that Windows works actually pretty close to that.  Android, on the other hand is a very different story. Some key differences:

* Android will kill apps when it needs to, app lifecycle is automatically managed,
 the app has no control over it, and often zero warning is given

* Android was not meant to support launching processes from a shell/terminal,
 it was there for core debugging, then opened up on demand from devs, but it
 is very much a second class citizen to a Java Android app.

* all apps are child processes of 'zygote'

* there is no way to install shared libraries to be shared by apps

There are other differences as well.  And iOS actually works a lot like Android, but also blends some UNIX stuff in.  I think we can also find similar issues when looking at how to make a proper Python API for GnuPG (though probably not as extreme).

.hc