[PATCH consfigurator] GPG: batch mode and print stderr to *ERROR-OUTPUT*

Russell Sim rsl at simopolis.xyz
Wed Sep 21 21:06:53 BST 2022 

This makes the output of commands that interact with the PGP datastore more
verbose.  But have the advantage they will produce an error message when the
GPG command fails.

Without this change if there is an error from the subprocess, nothing helpful
is output to understand what is wrong with the underlying GPG
configuration. If for example I have no `default-recipient` SET-DATA will
fail, in this case we will see.

----
CONSFIG> (data.pgp:set-data *pgp-file* 'test 'test131 "foo")
; Evaluation aborted on #<SUBPROCESS-ERROR {1006B3C7E3}>.

Subprocess #<UIOP/LAUNCH-PROGRAM::PROCESS-INFO {1006B3B483}>
 with command ("gpg" "--encrypt")
 exited with error code 2
   [Condition of type SUBPROCESS-ERROR]
----

By running in batch mode and sending stderr to *ERROR-OUTPUT*, users should be
more able to reason about failures.

----
CONSFIG> (data.pgp:set-data *pgp-file* 'test 'test131 "foo")
gpg: no valid addressees
gpg: [stdin]: encryption failed: No user ID
; Evaluation aborted on #<SUBPROCESS-ERROR {10070B69D3}>.
----

This does however come at a cost, even with the `-q` quite flag, we still see
much more verbose output in the case where there has been successful commands
run.

----
CONSFIG> (data.pgp:set-data *pgp-file* 'test 'test131 "foo")
gpg: encrypted with 4096-bit RSA key, ID 779DBDE3AC2410E7, created 2015-09-08
      "Russell Sim <russell.sim at gmail.com>"
NIL
NIL
0
----

Signed-off-by: Russell Sim <rsl at simopolis.xyz>
---

There are possibly other ways to do this, like capturing the stderr
 stream and then storing that and either printing it or returning it as
 part of the condition.  But this seemed like a simple fix, but might be
 a bit more verbose.  My config i still very small, so i don't know the
 full impact of printing this much info.
 
 src/data/util.lisp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/data/util.lisp b/src/data/util.lisp
index aa0451f..e95ad6a 100644
--- a/src/data/util.lisp
+++ b/src/data/util.lisp
@@ -47,11 +47,12 @@ INPUT and OUTPUT have the same meaning as for RUN-PROGRAM, except that OUTPUT
 defaults to :STRING.  The default return value is thus the output from gnupg,
 as a string."
   (run-program
-   `("gpg"
+   `("gpg" "-q" "--batch"
      ,@(and *data-source-gnupghome*
             (list "--homedir" (namestring *data-source-gnupghome*)))
      , at args)
    :input  input
+   :error-output *error-output*
    :output (or output :string)))

 (defun gpg-file-as-string (location)
--
2.37.2

More information about the sgo-software-discuss mailing list