[ale] FD 3 on gpg?

Lightner, Jeff JLightner at water.com
Mon Nov 18 13:43:01 EST 2013 

Since it is being set by reading a file in the first place you could use “—passphrase-file” to specify the file instead of doing the cat you’re doing in your “reliable” method.   At least it saves having one pipe in the middle so reduces a bit of the work load.

The man page on CentOS5 shows this:

--passphrase-file file
                 Read the passphrase from file file.  Only the first line will
                 be  read  from  file file.  This can only be used if only one
                 passphrase is supplied.  Obviously, a passphrase stored in  a
                 file is of questionable security if other users can read this
                 file.  Don’t use this option if you can avoid it.

From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Neal Rhodes
Sent: Monday, November 18, 2013 10:50 AM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] FD 3 on gpg?

yes, indeed the wily script has this buried:

    exec 3</home/<i-cant-tell-you>/k_file.asc

And this is apparently a one-shot trick;   Run that gpg command once, and it has eaten the response.   run again, and there ain't no response there no mo.



On Mon, 2013-11-18 at 13:55 +0000, Lightner, Jeff wrote:
File descriptors are just ways to keep track of open files.   (Remember everything in Linux/UNIX is really a “file” just not necessarily a “regular file”.)



There’s a good discussion of ways to set and use FDs other than 0-2 at:

http://www.tldp.org/LDP/abs/html/io-redirection.html



Additionally I notice the man page for gpg has other options to SET file descriptors.



You might look at the rest of the script (or whatever calls it) to see if it is setting a FD before it gets to the line below.






From: ale-bounces at ale.org<mailto:ale-bounces at ale.org> [mailto:ale-bounces at ale.org] On Behalf Of Neal Rhodes
Sent: Sunday, November 17, 2013 11:57 PM
To: Atlanta Linux Enthusiasts
Subject: [ale] FD 3 on gpg?



Here is a boiled down script buried in the bowels of a system which uploads data from pharmacies:

CMD="gpg --homedir $HOME_DIR/.gnupg --batch --passphrase-fd 3 --decrypt $HOLD 2> /tmp/gpg.err.$$ | /usr/local/bin/$PARSER  2>> $LOG_FILE"
eval "$CMD"


Which actually works.    I cannot fathom how.    The FM says it will read the passphrase from file descriptor 3.  Uh...Stdin, Stdout, Stderr,  There goes 0, 1, 2.    uh, that would be a file defined within gpg?

Well, it sorta works.   If you wiggle it, or jiggle it, modify it various ways, it stops working and typically says "Bad passphrase".

This:

CMD="cat something-something-icanttellyou/k_file.asc | gpg --homedir $HOME_DIR/.gnupg --batch --passphrase-fd 0 --decrypt $HOLD 2> /tmp/gpg.err.$$ | /usr/local/bin/$PARSER 2>> $LOG_FILE"
eval "$CMD"


Does work reliably under various combinations.

Maybe there is some magic about FD 3 here, but I'm not finding it.  Something about gpg-agent?

Neal Rhodes
MNOP Ltd





Athena®, Created for the Cause™

Making a Difference in the Fight Against Breast Cancer





How and Why I Should Support Bottled Water!
Do not relinquish your right to choose bottled water as a healthy alternative to beverages that contain sugar, calories, etc. Your support of bottled water will make a difference! Your signatures count! Go to http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and sign a petition to support your right to always choose bottled water. Help fight federal and state issues, such as bottle deposits (or taxes) and organizations that want to ban the sale of bottled water. Support community curbside recycling programs. Support bottled water as a healthy way to maintain proper hydration. Our goal is 50,000 signatures. Share this petition with your friends and family today!



---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------





_______________________________________________

Ale mailing list

Ale at ale.org<mailto:Ale at ale.org>

http://mail.ale.org/mailman/listinfo/ale

See JOBS, ANNOUNCE and SCHOOLS lists at

http://mail.ale.org/mailman/listinfo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20131118/eab8c25f/attachment-0001.html>

More information about the Ale mailing list