Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git secret tell me does import all keys in the keychain #176

Closed
sobolevn opened this issue May 10, 2018 · 6 comments
Closed

git secret tell me does import all keys in the keychain #176

sobolevn opened this issue May 10, 2018 · 6 comments
Labels
bug

Comments

@sobolevn
Copy link
Owner

What are the steps to reproduce this issue?

  1. Add some keys to your main gpg key chain
  2. Create clean repo: git init + git secret init
  3. Run git secret tell me

What happens?

» g tell me
done. me added as someone who know(s) the secret.
cleaning up...

~/Desktop/vue_docker  master ✗                                                 
» g whoknows
[email protected]
[email protected]
some@mail
...
ja@...
ev@...
ev@...
me@...

What were you expecting to happen?

There should be an error, that this key does not exist.

What versions of software are you using?

Operating system: (uname -a) latest macOS

git-secret path: (which git-secret) /usr/bin/local/git-secret

git-secret version: (git secret --version) master (commit hash: commit dff1aaf9242b25826d3db77868ba5508d5ac48e5)

git version: (git --version) git version 2.16.1, hub version 2.2.9

Shell type and version: ($SHELL --version) zsh 5.3.1 (x86_64-apple-darwin15.6.0)

gpg version: (gpg --version) gpg (GnuPG) 2.2.3
@sobolevn sobolevn added the bug label May 10, 2018
@joshrabinowitz
Copy link
Collaborator

So, the bug here is that git secret tell substr will add all keys with a uid that contain substr anywhere in the uid.

joshrabinowitz pushed a commit that referenced this issue Jul 17, 2018
test that each email 'told' exists in user's keyring. Closes #176
2e074aa
@joshrabinowitz joshrabinowitz mentioned this issue Jul 17, 2018
Closed
@joshrabinowitz
Copy link
Collaborator

@sobolevn can you confirm that #243 this fixes this issue?

@sobolevn
Copy link
Owner Author

@joshrabinowitz still happens to me with the master branch (commit 6251fae396da5dc181f5a015b2cb5654616475dc (HEAD -> master, origin/master, origin/HEAD)):

~/Desktop/git-secret-test  master ✗                                            
» g init
'/Users/sobolev/Desktop/git-secret-test/.gitsecret/' created.
cleaning up...

~/Desktop/git-secret-test  master ✗                                            
» g whoknows
git-secret: abort: no public keys for users found. run 'git secret tell email@address'.

~/Desktop/git-secret-test  master ✗                                         1 ⚡
» g tell me
gpg: keybox '/Users/sobolev/Desktop/git-secret-test/.gitsecret/keys/pubring.kbx' created
gpg: /Users/sobolev/Desktop/git-secret-test/.gitsecret/keys/trustdb.gpg: trustdb created
done. me added as someone who know(s) the secret.
cleaning up...

~/Desktop/git-secret-test  master ✗                                            
» g whoknows
[email protected]
[email protected]
some@mail
...

@joshrabinowitz
Copy link
Collaborator

oh, I see, #243 was never completed or merged.

@joshrabinowitz
Copy link
Collaborator

joshrabinowitz commented Sep 24, 2018
edited
Loading

The underlying issue is that if you issue gpg --export --armor substr, it will export a text key for all the keys matching substr.

For example:

# note multiple keys in the user's keyring:

% gpg --list-keys | grep uid
uid                  examp <[email protected]>
uid                  examp <[email protected]>
uid                  examp <[email protected]>
uid                  user4 <[email protected]>

# show that if we export 'examp' key (which doesn't exist), 
# we get all key for all uids with 'examp' anywhere in substr

% gpg --export --armor examp | gpg -v  | grep pub
Version: GnuPG v2.0.22 (GNU/Linux)
gpg: armor header: pub  2048R/33CF057D 2018-04-16 examp <[email protected]>
pub  2048R/70D2D686 2018-04-17 examp <[email protected]>
pub  2048R/E0E58FD3 2018-07-14 examp <[email protected]>

@joshrabinowitz joshrabinowitz mentioned this issue Sep 25, 2018
Merged
@sobolevn
Copy link
Owner Author

Closed via #267

@joshrabinowitz joshrabinowitz mentioned this issue Sep 6, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshrabinowitz @sobolevn