On Fri 2019-11-08 02:10:48 -0500, Daniel Kahn Gillmor wrote:
> +                out:subprocess.CompletedProcess[bytes] = 
> subprocess.run(['gpg', '--decrypt'],
> +                                                                        
> stdin=inp,
> +                                                                        
> capture_output=True)

sigh.  this line should have the '--batch' option added between 'gpg'
and its command '--decrypt'.  I can send you a revised patch, or you can
feel free to fix it up yourself when applying.  let me know if you'd
prefer a revised patch.

PS gpg(1) says:

       --batch
       --no-batch
              Use  batch  mode.  Never ask, do not allow interactive commands.
              --no-batch disables this option.  Note that even with a filename
              given  on  the  command  line, gpg might still need to read from
              STDIN (in particular if gpg figures that the input is a detached
              signature  and no data file has been specified).  Thus if you do
              not want to feed data via STDIN, you  should  connect  STDIN  to
              g‘/dev/null’.

              It  is  highly recommended to use this option along with the op‐
              tions --status-fd and --with-colons for any  unattended  use  of
              gpg.

I am deliberately choosing to not use either --status-fd or
--with-colons for email-print-mime-structure.

I'm not using --with-colons because there is no output from GnuPG that
we expect to be machine-readable -- we're just looking for the cleartext
of whatever ciphertext is in the message part.

I'm not using --status-fd because there is nothing actionable we can do
with GnuPG status messages, and asking for them would require switching
from subprocess.run to subprocess.Popen to take advantage of the
pass_fds argument, which in turn would make the script only work in a
POSIX environment (i believe, but have not tested, that the script can
currently be used on Windows).

Attachment: signature.asc
Description: PGP signature

Reply via email to