Package: schleuder Version: 3.6.0-1 Control: tags -1 + patch upstream Control: affects -1 + gpg src:gnupg2 Forwarded: https://0xacab.org/schleuder/schleuder/-/merge_requests/358
When GnuPG was upgraded to 2.2.27-1, schleuder's autopkgtests broke: https://ci.debian.net/data/autopkgtest/testing/amd64/s/schleuder/10394911/log.gz they were working fine with GnuPG was at 2.2.20-1: https://ci.debian.net/data/autopkgtest/testing/amd64/s/schleuder/10384390/log.gz The failures are reported as: ``` Failures: 1) Schleuder::Runner#run mails not encrypted to the list key handles a mail which was encrypted to a passphrase and returns DecryptionFailed error Failure/Error: result = Schleuder::Runner.new().run(mail, list.email) GPGME::Error: No such file or directory # ./spec/schleuder/runner_spec.rb:246:in `block (4 levels) in <top (required)>' # ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>' ``` I reported this to upstream, and paz produced the merge request linked above, and the proposed patch attached here. I'm trying to apply it to 3.6.0-1, and can NMU if there are no objections. --dkg
From: paz <p...@nadir.org>
Date: Fri, 12 Feb 2021 15:40:38 +0100
Subject: Change way to block passphrase interaction
This changes the way we block gpg from asking interactively for a
passphrase, ever. It's also a less hacky way to force this. This works
with gpg-2.0.26+gpgme-1.5.1, gpg-2.1.18+gpgme-1.8.0,
gpg-2.2.27+gpgme-1.14.0, and gpg-2.2.27+gpgme-1.15.1, which makes me
optimistic that it's universally working.
The previous solution brought problems for some platforms and specific
combinations of gnupg with gpgme (resulting in "GPGME::Error no such
file or directory").
(cherry picked from commit 0b7c3a9ffd0178c7610752899e569758704ffd32)
---
lib/schleuder.rb | 3 ---
lib/schleuder/mail/message.rb | 4 +++-
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/lib/schleuder.rb b/lib/schleuder.rb
index f164420..b87becd 100644
--- a/lib/schleuder.rb
+++ b/lib/schleuder.rb
@@ -68,9 +68,6 @@ ENV["SCHLEUDER_CONFIG"] ||= '/etc/schleuder/schleuder.yml'
ENV["SCHLEUDER_LIST_DEFAULTS"] ||= '/etc/schleuder/list-defaults.yml'
ENV["SCHLEUDER_ENV"] ||= 'production'
ENV["SCHLEUDER_ROOT"] = rootdir.to_s
-# Ensure that gnupg never-ever tries to ask for a passphrase.
-ENV["GPG_TTY"] = "/nonexistant-#{rand}"
-ENV["DISPLAY"] = nil
GPGME::Ctx.set_gpg_path_from_env
GPGME::Ctx.check_gpg_version
diff --git a/lib/schleuder/mail/message.rb b/lib/schleuder/mail/message.rb
index e0875f7..8eadbca 100644
--- a/lib/schleuder/mail/message.rb
+++ b/lib/schleuder/mail/message.rb
@@ -24,7 +24,9 @@ module Mail
# Message#initialize.
def setup
if self.encrypted?
- new = self.decrypt(verify: true)
+ # Specify 'loopback'-pinentry-mode to ensure that gnupg never-ever
+ # tries to interactively ask for a passphrase.
+ new = self.decrypt(verify: true, pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK)
# Test if there's a signed multipart inside the ciphertext
# ("encapsulated" format of pgp/mime).
if encapsulated_signed?(new)
signature.asc
Description: PGP signature
