Looking more at this, it would actually be great if we would detect
multi-line errors from GnuPG in `Import()`, `Decrypt()` and `Encrypt()`
so that we can slightly improve the formatting of the errors with a
newline seperator before the `gpg: ...\ngpg: ...` output. As this would
likely increase readability.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
The error returned by `gpgExec` has just been swallowed. Now it is
stringified and returned together with any output to stderr.
Signed-off-by: Max Jonas Werner <mail@makk.es>
This argument was confusing and/or misleading, as we do specify a home
directory as the next argument.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
There have been reports about the new logic breaking certain GnuPG
shims (#1294).
As this behavior is only really required when SDK users are making
use of the GnuPG using SOPS as an SDK. Prefer any runtime configuration
when no custom GnuPG home is configured on the key source, instead of
providing an absolute `--homedir` to `gpg`.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Replace the logging of failed encryption and decryption attempts from
error to info level.
This to address a regression in which an encryption or decryption
attempt with a series of keys would result in a list of failed attempts
logged to stderr even when the operation itself eventually succeeded.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Deprecation of `io/ioutil`, removal of unused functions, possible nil
pointer dereference, and other tiny nits.
There are (many) more, but these would require their own (commit)
context.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
This commit renames the Go module from `go.mozilla.org/sops/v3` to
`github.com/getsops/sops/v3` without a major version bump, to align
with new stewardship.
For more information around this change, refer to
https://github.com/getsops/sops/issues/1246.
For a one-liner to change the `go.mod` and any import paths in your
Go project making use of this module, run:
```
find /path/to/repo -type f \( -name "*.go" -o -name "go.mod" \) -exec sed -i 's|go.mozilla.org/sops/v3|github.com/getsops/sops/v3|g' {} \;
find /path/to/repo -type f \( -name "*.go" -o -name "go.mod" \) -exec sed -i '' 's|go.mozilla.org/sops/v3|github.com/getsops/sops/v3|g' {} \;
```
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Most of the rewritten key sources introduced `WithError` calls, which
does not appear to go well with the UX of the CLI. This reverts it to
be the semi equal to current `master`.
During the diff, I noticed the current age implementation in master
does make use of `WithError`. Which makes me wonder if errors are not
returned twice at present in the CLI.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This replaces the current PGP keysource implementation with a modernized
version the Flux project has been using[1].
It includes utilites to configure the MasterKey via other means than
environment variables, to allow SDK users to have extensive control
over what things are decrypted with. This can for example be combined
with an own keyserver implementation.
To be able to contribute it back upstream while keeping it backwards
compatible with SOPS, a couple of changes have been made compared to
Flux:
- Instead of removing the enabling of the agent while making use of
GnuPG, it can now be disabled.
- Support for OpenPGP has been added back. Note however my comments
on this in-code, as I am not quite sure to what extend it is used
at the moment, as it will not work on most setups (GnuPG <2.1 was
released in 2017.)
- The absolute paths to the pub and sec keyrings can now be configured
by SDK users. This would add more reason to keep OpenPGP around, if
they are able to produce the keyring files themselves via other means
than GnuPG.
- When a sec keyring is not detected, a lookup for the pub keyring is
made and loaded instead if found. This to account for GnuPG >=2.1
merging the sec keyring into pub keyring.
- Support for fetching keys from servers has been removed. This can be
added back if we need to keep it around for a little longer.
This has extensive test coverage for GnuPG, but would need coverage for
the re-added OpenPGP implementation before it can be deemed ready.
[1]: ffdda3f3da/internal/sops/pgp
Signed-off-by: Hidde Beydals <hello@hidde.co>
* `golang.org/x/crypto/openpgp` requires keys contain identity information.
* A email address can have only a single key with identity information on keys.openpgp.org.
* Fix tests
* Fix endless loop in x/crypto/openpgp func ReadMessage
This fixes https://github.com/mozilla/sops/issues/665
See also https://github.com/golang/go/issues/28786
In some strange situations it can happen, that openpgp.ReadMessage()
runs into a endless loop. This seems to be triggered by a slightly
inconsistency in key settings.
It happened to me, but I wasn't able to reproduce it with a fresh key.
A proposed solution from the x/crypto community was, to break this loop
in the callback passphrasePrompt.
* Revert "Fix tests"
This reverts commit 285f4dc8a1.
* Improve error description
https://github.com/mozilla/sops/pull/690#discussion_r451630193
since we encode binary data this is generally a good idea
this commit fixes #278 - now both crypto/openpgp and gpg work in a binary
mode, and we can safely use both interchangeably
(e.g. encrypt with crypto/openpgp, and then decrypt with gpg)
