gopass icon indicating copy to clipboard operation
gopass copied to clipboard

Published 20 hours ago verified publisher icon gopasspw

GPG encryption & thereby secret creation fails on NixOS

Open rounakdatta opened this issue 8 months ago • 2 comments

Summary

On a NixOS setup, while using the browser extension, secret creation fails consistently. Upon enabling debugging, I noticed that the encryption step fails with exit status 2.

Steps To Reproduce

  • Set up gopass using Nixpkgs on NixOS
  • Configure gopass-jsonapi for Chrome
  • Try creating a new secret using the browser extension

Expected behavior

Secret creation should succeed.

Environment

  • OS: NixOS
  • OS version: Linux 6.5.9 #1-NixOS
  • gopass Version: gopass 1.15.8 go1.21.3 linux amd64
  • Installation method: Nixpkgs

Additional context

Please note that new secret creation via the gopass CLI is working perfectly fine.

Here are some additional logs when logging was enabled for the bridge wrapper script:

2023/11/02 23:40:11.039804 gitconfig/configs.go:196     gitconfig.(*Configs).Get        no value for recipients.check found
2023/11/02 23:40:11.039827 cli/keyring.go:35    cli.(*GPG).listKeys     /nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg [/nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg --with-colons --with-fingerprint --fixed-list-mode --list-secret-keys XXXXX]
2023/11/02 23:40:11.045431 cli/keyring.go:35    cli.(*GPG).listKeys     /nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg [/nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg --with-colons --with-fingerprint --fixed-list-mode --list-public-keys XXXXX]
2023/11/02 23:40:11.050244 cli/encrypt.go:48    cli.(*GPG).Encrypt      /nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg [/nix/store/wd3xl6h29kjr9ng2kl0yf3mh7ciw3pri-gnupg-2.4.1/bin/gpg --quiet --yes --compress-algo=none --no-encrypt-to --no-auto-check-trustdb --encrypt]
2023/11/02 23:40:11.054836 leaf/write.go:40     leaf.(*Store).Set       Failed encrypt secret: exit status 2

Could it be that the gpg encrypt command is not correctly getting constructed? Does it seem like the recipients list is empty?

rounakdatta avatar Nov 02 '23 18:11 rounakdatta

Is Chrome also installed using Nixpkgs? This seems like a rather specific bug that might be hard to debug without having a Nix VM, sorry if it takes us much longer than we'd like to tackle it.

AnomalRoil avatar Feb 06 '24 10:02 AnomalRoil

Yes! I've installed google-chrome via Nixpkgs. No worries, thanks, I've been meaning to debug and fix this myself, but have been a bit busy lately. Now that I've been reminded, I'll try to block some time to work on this.

rounakdatta avatar Feb 06 '24 16:02 rounakdatta