fix: prompt for GPG passphrase on unlock (drop --batch)#26
Merged
Conversation
gpg_decrypt_from_file used --batch with .output(), which suppressed pinentry and left stdin/stderr disconnected — passphrase-protected secret keys failed with "Inappropriate ioctl for device". Mirror git-crypt: drop --batch and inherit stdin/stderr so pinentry (terminal or GUI) can reach the user; pipe only stdout for the plaintext. Unlock now also enumerates local secret-key fingerprints up front and only attempts files whose recipient we hold a key for, so pinentry fires at most once and gpg doesn't spam stderr with "no secret key" for every other collaborator. Clear error when nothing matches. Tests (cross-platform): unit test asserting --batch is never in the decrypt command (the direct regression), passphrase-protected unlock roundtrip via gpg loopback + passphrase-file (no TTY needed in CI), and clear-error case when the keyring has no matching secret key. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
gitveil unlockfailed withInappropriate ioctl for devicewhenever the GPG private key was passphrase-protected.gpg_decrypt_from_filepassed--batch(suppressing pinentry) and used.output()(closing stdin / capturing stderr), leaving pinentry no way to reach the user. Match git-crypt: drop--batch, inherit stdin/stderr, pipe only stdout for the plaintext..gpgfiles inunlockby the fingerprints of secret keys present in the local keyring. Pinentry now fires at most once per unlock, and gpg no longer spams stderr with "no secret key" for every other collaborator.Test plan
cargo fmt --checkcargo clippy --all-targets -- -D warningscargo test— 95 pass (33 unit + 40 integration + 16 GPG + 6 cross-compat)--batchreintroduced, the new unit testdecrypt_command_does_not_use_batchfails with the expected diagnostictest_gpg_unlock_with_passphrase_protected_keyexercises the full passphrase-protected roundtrip using gpg'spinentry-mode loopback+passphrase-fileso it runs headless on Linux/macOS/Windows CItest_gpg_unlock_no_matching_secret_key_gives_clear_errorverifies the new "no matching secret key" error path🤖 Generated with Claude Code