Comments (1)
Hmmm. Tricky.
The code you refer to checks for the validity of keys solely in order to provide a more helpful error message than that returned by the GPG library (notably, specifying which of the keys isn't trusted). You can double check, but I'm pretty sure that removing the check will simply replace the error with another more cryptic message directly from the GPG call here (note that we also pass in the always_trust
parameter to this call): https://github.com/sihil/hiera-eyaml-gpg/blob/master/lib/hiera/backend/eyaml/encryptors/gpg.rb#L141
It might be that GPGME::VALIDITY_FULL
is too high and the latter call would pass with lower validity levels. However, fundamentally all I'm doing in this code is wrapping the existing behaviour of GPG which is tripping you up here due to GPG being designed only for human->human communication and not really designed for communication with machines - in which I agree the human->human web of trust
GPG does have separate concepts of trust and validity. The former being the level of trust in the owner of a key and the latter being the confidence in a given encryption or signing key. I haven't used it enough, but it might be possible that there are ways of saying a key is valid without trusting it.
One alternative is to have a whitelist of valid keys that are not validity checked. Any key not on the whitelist is checked by the code that is there and we always pass in always_trust=true
to the main GPG call.
If you can build the model you are after with the GPG CLI then I'm happy to tweak the implementation or accept a PR. However, I have a hunch that you are trying to change how the GPG library works.
from hiera-eyaml-gpg.
Related Issues (20)
- Cannot edit files if you don't have a private key HOT 7
- default recipient file not looked for in cwd hierarchy HOT 3
- missing git tags HOT 1
- wrong version in version.rb HOT 2
- Editing encrypted credentials fails on GPG v1
- eyaml incorrectly errors when it cannot decrypt a key HOT 6
- undefined method `value' for nil:NilClass
- blank lines in a recipients file results in the first key in the being used to encrypt the secrets
- hiera5 support HOT 8
- Using gpg 2.1 and long gpghome paths fails without meaningful error
- Output eyaml filepath and key when decryption fails HOT 1
- Cannot decrypt !
- Does not work with Puppet 5.5.3 HOT 5
- 0.7.0 Release Summary
- Output is Garbled if contention occurs on GPG random_seed.
- new release for GPG error output fix HOT 2
- Also use default gpg recipients file with `eyaml encrypt`
- not usable for encryption on windows due gpgme problem HOT 1
- gpg invocation discards stderr and leaves tempfiles behind
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hiera-eyaml-gpg.