set -e causes silent death in _user_required() when gpg has non-fatal error

[notjames]

I use two different systems for this repo. One on Darwin; the other in Linux. This problem is happening on my Linux side, though admittedly, I have had to switch to using the Darwin side because sadly, the original git-secret worked on Mac and not Linux. Now I'm trying to transition to using my Linux repo as I prefer to stay as far away from Mac as possible.

What are the steps to reproduce this issue?

1. gpg --list-keys on my repo db gives odd but terminal error of: gpg: skipped packet of type 12 in keybox
2. When attempting to git-secret reveal, git-secret silently dies

What happens?

Nothing except gpg: skipped packet of type 12 in keybox multiple times to STDOUT.

What were you expecting to happen?

Some kind of error from git-secret except that the error from gpg above is non-fatal.

Any other comments?

A workaround I've implemented, though not ideal, is the following lines:

   535   set +e                                                                                                                                                                                                      
   536   local keys_exist                                                                                                                                                                                            
   537   keys_exist=$($gpg_local -n --list-keys 2>/dev/null)                                                                                                                                                         
   538   set -e                                                                                                                                                                                                      

What versions of software are you using?

Linux VM:

Operating system: (uname -a) Ubuntu 17.10

git-secret path: (which git-secret) /usr/bin/git-secret

git-secret version: (git secret --version) 0.2.3

git version: (git --version) git version 2.16.2

Shell type and version: ($SHELL --version) bash 4.4.12(1)-release

gpg version: (gpg --version)
gpg (GnuPG) 2.1.15
libgcrypt 1.7.8
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/<me>/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Darwin:

Operating system: (uname -a) Darwin 16.7.0 (MacOS Sierra 10.12.6)

git-secret path: (which git-secret) /usr/local/bin/git-secret

git-secret version: (git secret --version) 0.2.3

git version: (git --version) git version 2.14.3 (Apple Git-98)

Shell type and version: ($SHELL --version) bash 3.2.57(1)-release

gpg version: (gpg --version)
gpg (GnuPG) 2.2.6
libgcrypt 1.8.2
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/<me>/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

[joshrabinowitz]

This is similar to #136. Is it possible the 'keybox' was created by a different version of gpg?
https://lists.gnupg.org/pipermail/gnupg-devel/2017-May/032846.html

[notjames]

They are indeed different. Nevertheless, git-secret should be able to throw a meaningful error or something to give a hint to the problem. What happens instead is a silent abort.

[joshrabinowitz]

@notjames I don't think two versions of GPG are mentioned in your bug report above, so the bug report might be a little misleading.

Not wanting a silent abort is reasonable, though.

[notjames]

@joshrabinowitz that's fair. To be honest, I just didn't think about it. I work between Darwin and my Linux VM. My VM is the machine I work on the most (I hate Darwin). Since we started using git-secret in 0.2.2, which didn't work properly in Linux (I opened a bug report about that weeks back), which caused me to move this particular repo to Mac, which uses a different version of gpg. Frankly, I just didn't even think about it, so I apologize about that and missing it in the original report.

That said, I'm pretty sure my use case is not a silo. Anyway, I appreciate your pointing it out, though, and my apologies. I fixed the original BR. :)

[joshrabinowitz]

@notjames see my latest comment on issue 136 - #136 (comment)

[joshrabinowitz]

I believe the latest git-secret will no longer cause a silent abort in this scenario (instead, it will give an error message).

#136 is still open and this issue is specifically about the 'silent abort'.
How about we close this issue?