gpg wrapper does not handle decryption #150
Description
When using git-annex with encrypted remotes, git will invoke gpg.program for both signing and decryption of remote files. However, ots-git-gpg-wrapper will discard most/all of the arguments.
For example, git-annex may invoke the wrapper as
ots-git-gpg-wrapper --gpg-program "gpg2" -- "--trust-model" "always" "--batch" "--decrypt" .git/annex/tmp/GPGHMACSHA1--0a29c47117f8f14a5966673d8581aa409c19911b(Here everything after the -- is provided as $@ in ots-git-gpg-wrapper.sh but for clarity I am ignoring the wrapper script.)
However, the gpg wrapper silently discards all options that are unrelated to signing, as you can see here:
opentimestamps-client/otsclient/git_gpg_wrapper.py
Lines 77 to 80 in 6d711ab
I believe the intended behavior was probably to loudly discard these arguments, notifying the user that the gpg wrapper is being invoked in an unexpected way. But an even better behavior would be to allow decryption.
To reproduce
- gpg-encrypt a file:
gpg2 -r 'andrew poelstra' -a -o null.gpg --encrypt /dev/null - Try to decrypt it with the wrapper:
ots-git-gpg-wrapper -- --decrypt null.gpg - Try to decrypt with gpg directly:
gpg2 --decrypt null.gpg.
You will see that with the wrapper, nothing happens and there is no output. Vs calling gpg2 directly, where the file gets decrypted.
(You probably need to change -r 'andrew poelstra' to your own name, unless you have access to my private keys.)