Permission denied with 'ok' status?

Create issue
Issue #105 new
Former user created an issue


In my project I use your python package (python-gnupg, release: 0.4.2). I ran into the following problem:

[user@node ~]$ gpg --status-fd 2 --no-tty --fixed-list-mode --batch --with-colons --homedir /home/user/.gnupg --decrypt --output /tmp/tmp28Tvlc/ /tmp/tmp28Tvlc/; echo $?
[GNUPG:] ENC_TO A2BC7A32C4168DF9 1 0
gpg: encrypted with 4096-bit RSA key, ID C4168DF9, created 2018-04-13
      "TEST (Test key) <user@node>"
[GNUPG:] PLAINTEXT 62 1523622806 
gpg: error creating `/tmp/tmp28Tvlc/': Permission denied
gpg: Signature made Fri 13 Apr 2018 02:33:26 PM CEST using RSA key ID C4168DF9
[GNUPG:] SIG_ID qut7PTFOMCxhgnvYZpvbuycBFwo 2018-04-13 1523622806
[GNUPG:] GOODSIG A2BC7A32C4168DF9 TEST (Test key) <user@node>
gpg: Good signature from "TEST (Test key) <user@node>"
[GNUPG:] VALIDSIG EAC8932348832E5BE64BC6BEA2BC7A32C4168DF9 2018-04-13 1523622806 0 4 0 1 10 00 60A0514C0ECDA6511E8D8089F1F22635D214607C

As you can see, when I tried to decrypt my encrypted file, gpg gave a 'Permission denied' message because the user hadn't permission to write into the /tmp/tmp28Tvlc directory. But when I did the same thing with the python-gnupg package the 'ok' field of the decryption result object was True. I think two thing could happened: 1, The 'Crypt' and the 'Verify' objects's handle_status do nothing with the error line after the PLAINTEXT' message, or 2, The error line was handled but the 'DECRYPTION_OKAY' message overwrite the error and set the 'ok' to True and the 'state' to 'decryption ok'

And the other thing: The error code of the run of the gpg command was 2 but maybe it does not handled.

It was just a test about that if I revoke write permission from a directory (not just /tmp) where I want to write the output file of the gpg decryption then I need that the python-gnupg GPG().decrypt_file() return with an object which 'ok' field contain a False and its 'state' field contain an error message (eg. 'Permission denied'). But it haven't happened.

I hope it will help to you to investigate this problem. If you have any question, don't hesitate to ask me.

Thank you and best regards,


Comments (3)

  1. Vinay Sajip repo owner

    This may be a duplicate of #100. except that In this case, gpg doesn't give enough information to provide a useful error message, and doesn't even give a [GNUPG:] FAILURE message like we see in #100 (that was an encryption operation rather than decryption).

    I suggest you check your version of gpg is reasonably recent (you didn't state the gpg version in your report) and perhaps report the lack of useful diagnostics in the gpg output. Meanwhile, I will look at using the gpg return code as a cross-check, but even if it is reliable, it won't give any useful information other than "something went wrong".

  2. Log in to comment