[rt-users] [patch] GPG inbound decrypt/verify problems in RT 3.8.1

Tim Wilde tim at krellis.org
Thu Sep 4 16:01:02 EDT 2008


Tim Wilde wrote:
[ snip ]
> Is it possible that all of this has something to do with specifying the
> passphrase in the config (verified multiple times to be the correct
> passphrase for the secret key for the queue, by the way) rather than
> using the agent?
[ snip ]

Greetings again all!

Ding ding ding ding, we have a winner!  After far too many hours of
digging, I found something that didn't look quite right to me, changed
it, and viola, problem solved.

The attached patch to lib/RT/Crypt/GnuPG.pm should make operation with a
passphrase specified in RT_SiteConfig.pm actually work - without it, I
don't think it can work, at least not with gpg 1.2.6.  The passphrase
needs to be deleted out of %opt before it's passed to
_PrepareGnuPGOptions, otherwise it gets very very grumpy in ways that
don't even come close to immediately pointing back to the real cause.

I note there was an additional section of code dealing with
$args{'Passphrase'} right after the one I moved - I didn't move that to
the new location, since it doesn't seem to much matter which place it
exists.  I assume the intent of GetPassphrase() is to allow for
subclassing and/or local versions of the module to do more than return
'test' all the time?  Otherwise, that code probably doesn't need to be
there at all. :)  This should probably be mentioned in the documentation.

Finally, the area of this module that this patch modifies could use some
additional attention/cleanup - almost identical code, with very few
variations, occurs 8 times in the same source file, as far as I can
tell.  It shouldn't be too difficult to factor the options handling out
and make maintenance considerably easier.

Best Practical folks, please review and apply this patch (or an
appropriate variation thereof) to the next release so that others don't
have to dig through these problems for as many hours as we did!  Please
feel free to contact me if you have any further questions about it.

Thanks,
Tim Wilde
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: GnuPG.pm.patch
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20080904/c6aa7a17/attachment.ksh>


More information about the rt-users mailing list