github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

gpg: Pass the passphrase to the gpg2 tool using a file

Browse Source 
Rather than passing the passphrase via command line write it into
a temp. file and pass the name of the file using passphrase-file option.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
This commit is contained in:
Stefan Berger 2019-07-31 12:31:16 -04:00
parent 29930e9185
commit 6a25128791
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/encryption/gpg.go
View File

@ -131,7 +131,16 @@ func (gc *gpgv2Client) GetGPGPrivateKey(keyid uint64, passphrase string) ([]byte
args = append(args, []string{"--homedir", gc.gpgHomeDir}...) args = append(args, []string{"--homedir", gc.gpgHomeDir}...)
} }
args = append(args, []string{"--pinentry-mode", "loopback", "--batch", "--passphrase", passphrase, "--export-secret-key", fmt.Sprintf("0x%x", keyid)}...) tempfile, err := ioutil.TempFile("", "gpg2*")
if err != nil {
return nil, errors.Wrapf(err, "could not create temporary file")
}
defer os.Remove(tempfile.Name())
if err := ioutil.WriteFile(tempfile.Name(), []byte(passphrase), 0600); err != nil {
return nil, errors.Wrapf(err, "could not write to temporary file")
}
args = append(args, []string{"--pinentry-mode", "loopback", "--batch", "--passphrase-file", tempfile.Name(), "--export-secret-key", fmt.Sprintf("0x%x", keyid)}...)
cmd := exec.Command("gpg2", args...) cmd := exec.Command("gpg2", args...)