File permissions are not preserved in macOS

[mig8447]

Tested with homebrew blackbox version 1.20181219 (macOS 10.14.4, GPG 2.1) for a file that has 400 permissions. When decrypting, it stores the file as 644.

Even changing the permissions to the .gpg file didn't help, decryption is still giving 644

Related to issue #100

[TomOnTime]

This is due to how gpg works, not how blackbox works.

You can control this, somewhat by setting the umask:

export DECRYPT_UMASK=0277

Does that help?

[tlimoncelli]

tbh, I think the stuff we did around permissions was a design mistake. Adjusting permissions is a layering violation.
Permissions should be handled at a different layer.

Cloning the permissions of .gpg doesn't make as much sense as when we originally thought. Git doesn't maintain permissions very well (intentionally). Plus, this could get you into a bad situation: What if you want permissions on the unencrypted file that wouldn't make sense on the encrypted file?

I haven't made any decisions but I'm considering deprecating all permission-related code. Instead, people should run a script afterwords that fixes permissions.

[a2f0]

Based on my testing this morning the unencryption process honors the umask setting in the shell, this is sufficient for my use case.

EDIT: allow me to backpedal on this. I think I I reported bad information. The unencrypted files appear to take the permission of the encrypted file. I had to set the umask before I cloned the repo.