Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPG encryption & thereby secret creation fails on NixOS #2682

Open
rounakdatta opened this issue Nov 2, 2023 · 2 comments
Open

GPG encryption & thereby secret creation fails on NixOS #2682

rounakdatta opened this issue Nov 2, 2023 · 2 comments
Labels
bug Defects

Comments

@rounakdatta
Copy link

Summary

On a NixOS setup, while using the browser extension, secret creation fails consistently. Upon enabling debugging, I noticed that the encryption step fails with exit status 2.

Steps To Reproduce

  • Set up gopass using Nixpkgs on NixOS
  • Configure gopass-jsonapi for Chrome
  • Try creating a new secret using the browser extension

Expected behavior

Secret creation should succeed.

Environment

  • OS: NixOS
  • OS version: Linux 6.5.9 #1-NixOS
  • gopass Version: gopass 1.15.8 go1.21.3 linux amd64
  • Installation method: Nixpkgs

Additional context

Please note that new secret creation via the gopass CLI is working perfectly fine.

Here are some additional logs when logging was enabled for the bridge wrapper script:

2023/11/02 23:40:11.039804 gitconfig/configs.go:196     gitconfig.(*Configs).Get        no value for recipients.check found
2023/11/02 23:40:11.039827 cli/keyring.go:35    cli.(*GPG).listKeys     /nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg [/nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys XXXXX]
2023/11/02 23:40:11.045431 cli/keyring.go:35    cli.(*GPG).listKeys     /nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg [/nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg --with-colons --with-fingerprint --fixed-list-mode --list-public-keys XXXXX]
2023/11/02 23:40:11.050244 cli/encrypt.go:48    cli.(*GPG).Encrypt      /nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg [/nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg --quiet --yes --compress-algo=none --no-encrypt-to --no-auto-check-trustdb --encrypt]
2023/11/02 23:40:11.054836 leaf/write.go:40     leaf.(*Store).Set       Failed encrypt secret: exit status 2

Could it be that the gpg encrypt command is not correctly getting constructed? Does it seem like the recipients list is empty?
@dominikschulz dominikschulz added the bug Defects label Nov 2, 2023
@AnomalRoil
Copy link
Member

Is Chrome also installed using Nixpkgs?
This seems like a rather specific bug that might be hard to debug without having a Nix VM, sorry if it takes us much longer than we'd like to tackle it.

@rounakdatta
Copy link
Author

Yes! I've installed google-chrome via Nixpkgs. No worries, thanks, I've been meaning to debug and fix this myself, but have been a bit busy lately. Now that I've been reminded, I'll try to block some time to work on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Defects
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dominikschulz @AnomalRoil @rounakdatta