search

megastep / makeself

A self-extracting archiving tool for Unix systems, in 100% shell script.
https://makeself.io
GNU General Public License v2.0
2.31k stars 372 forks source link

gpg-extra issue: --passphrase-fd 0 #117

Open pavlodvornikov opened 7 years ago

pavlodvornikov commented 7 years ago

To automate generation of self-extractable encrypted archives I am trying to use --gpg-encrypt option with --gpg-extra "--passphrase-fd 0" (usage reference). There are no problems with archive generation but then, during decrypting password prompt appears and after entering password "bad key" error is thrown.

$ echo "1234" | makeself/makeself.sh --gpg-encrypt --gpg-extra "--passphrase-fd 0" test test.run "test" ./test.sh
Header is 556 lines long

About to compress 8 KB of data...
Adding files to archive named "test.run"...
Reading passphrase from file descriptor 0 ..../
./test.sh

CRC: 1051721136
MD5: 6e18503cb2210e5ecf4bcf1aaa612f87

Self-extractable archive "test.run" successfully created.
$ ./test.run 
Verifying archive integrity...  100%   All good.
Uncompressing testgpg: AES encrypted data
can't connect to `/home/user/.gnupg/S.gpg-agent': No such file or directory
gpg: can't connect to `/home/user/.gnupg/S.gpg-agent': connect failed
gpg: encrypted with 1 passphrase
gpg: decryption failed: bad key
 ... Extraction failed.
Signal caught, cleaning up

Please let me know if you need any additional details/debug info.

Could you tell me please if it's possible to add same "--gpg-extra" argument to archives generated with Makeself for passing gpg decryption parameters?

megastep commented 7 years ago

Again this a GPG error, it sounds like on your system it's trying to connect to a key server of some sort and failing. I'm not very familiar with how this works as the GPG stuff was submitted by another developer, but I'm pretty sure this is not Makeself's fault per se here.

woky commented 5 years ago

With GPG 2.2 on my system I also had to add --batch to --gpg-extra. However, as OP, I'm facing issue when decrypting. It seems that stdin is not duplicated to gpg because the following works:

mkfifo /tmp/pwfifo
exec 42<>/tmp/pwfifo
echo "1234" >/tmp/pwfifo
makeself.sh --gpg-encrypt --gpg-extra "--batch --passphrase-fd 42" test test.run "test" ./test.sh

EDIT: Yes, with --passphrase-fd 0, the password is the tar archive. :-) https://github.com/megastep/makeself/blob/937b344c148e7e9a1f0c59ce64e1d9790b83b0f8/makeself.sh#L507 https://github.com/megastep/makeself/blob/937b344c148e7e9a1f0c59ce64e1d9790b83b0f8/makeself.sh#L610