-
-
Notifications
You must be signed in to change notification settings - Fork 491
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable remove recipient even with --force flag #1964
Comments
I guess you'd need to turn on debug logs and provide us with some more information. Run the command with |
I have the same issuse when I use email to delete a user. Error pattern: # init store
gopass init --store my-company
# add some key
gopass insert my-company/server1
gopass insert my-company/server2
# add a different user to my-company store
gopass recipients add --store my-company willy@email.com
# remove the user
gopass recipients rm --store my-company willy@email.com then I got the message like : I removed all the store, and created a new store with $PUBLIC_KEY_ID,
|
I have the same issue with gopass 1.12.8 (2021-08-28). Truncated (for privacy reasons) logs are below:
Hope this might help with debugging. |
I'm guessing this could be related to #1843 |
I had this issue as well and found that I had a mix of key ID's and emails and names, in the format The email names are tied to public keys in my keyring. As a side note: it also explains why some recipient could not get access while my overview claimed the person was added. They were not, ultimately. |
…nst the string itself, we may need to do a query to crypto.FindRecipients to get their details to match against when removing. Fix for gopasspw#1964
…nst the string itself. We may need to do a query to crypto.FindRecipients to get their details to match against when removing. Fix for gopasspw#1964 RELEASE_NOTES=[BUGFIX] Fixes an issue where recipients remove may fail with "recipient not in store" Signed-off-by: Ben Phegan <benphegan@gmail.com>
I came across a very similar issue, and have pushed up a PR that I have forward ported to master (I ran this on a branch of 1.13.1 and it resolved the issue). Essentially the code was not querying the crypto system for the ids that might be used but the string represented in .gpg-ids, however it was for the provided identifier to remove. In some instances this results in no match being found. NOTE: I have used and tested this on 1.13.1. Golang 1.18 has thrown my dev environment slightly, and I have not been able to build/run this successfully on master. Also, normally I would build out a bunch of tests for this, but there were very few to enhance or extend in this case. It would probably take much longer than I have to build out the requisite test cases for this. |
…nst the string itself. (#2147) * Depending on how the .gpg-ids file was written, we may not match against the string itself. We may need to do a query to crypto.FindRecipients to get their details to match against when removing. Fix for #1964 RELEASE_NOTES=[BUGFIX] Fixes an issue where recipients remove may fail with "recipient not in store" Signed-off-by: Ben Phegan <benphegan@gmail.com> * Fixed variable naming and Printf to Warningf as per PR. RELEASE_NOTES=[BUGFIX] Fixes an issue where recipients remove may fail with "recipient not in store" Signed-off-by: Ben Phegan <benphegan@gmail.com>
I have the same issue. It looks like gopass is searching only for the key id in I had the following
And the key id of
And got the error:
As a workaround, I replaced the |
I had a similar issue with and old deleted cert:
I recreated a key named "foobar" as realname and gopass was able to delete the recipient:
|
You should always be able to remove a key by specifying its fingerprint. What happens behind the scene is that we rely on GPG to select the right key, so if running:
or whatever identifier you want. If it is not finding your key, it's normal it's not working without specifying My wild guess is that you are trying to delete a key from your store for which you don't have the public key locally in your GPG keyring. But that's why we have But I think we have a bug: a quick lookup seems to show we might have a bug when removing "unknown keys" indeed: gopass/internal/action/recipients.go Lines 176 to 204 in d122a9c
because when gopass/internal/action/recipients.go Lines 180 to 183 in d122a9c
but then gopass/internal/action/recipients.go Lines 194 to 197 in d122a9c
will rely on: gopass/internal/backend/crypto/gpg/cli/keyring.go Lines 49 to 56 in d122a9c
which won't find the key since it's not in your keyring and therefore returns gopass/internal/store/leaf/recipients.go Lines 122 to 126 in d122a9c
WDYT @dominikschulz ? |
I'm glad to have found this edgy bug :) My problem: I did not have the fingerprint of this non-published key. I deleted the pub key a long time ago (it was a mistake) and Now everything is fine and my recipients are clean. |
@AnomalRoil That looks like a bug indeed. But for better test coverage someone would need to add a test harness with GPG. We have only very limited GPG test coverage right now. |
RELEASE_NOTES=[BUGFIX] Allow removing unknown recipients Fixes gopasspw#1964 Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
RELEASE_NOTES=[BUGFIX] Allow removing unknown recipients with --force Fixes #1964 Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
…nst the string itself. (gopasspw#2147) * Depending on how the .gpg-ids file was written, we may not match against the string itself. We may need to do a query to crypto.FindRecipients to get their details to match against when removing. Fix for gopasspw#1964 RELEASE_NOTES=[BUGFIX] Fixes an issue where recipients remove may fail with "recipient not in store" Signed-off-by: Ben Phegan <benphegan@gmail.com> * Fixed variable naming and Printf to Warningf as per PR. RELEASE_NOTES=[BUGFIX] Fixes an issue where recipients remove may fail with "recipient not in store" Signed-off-by: Ben Phegan <benphegan@gmail.com>
RELEASE_NOTES=[BUGFIX] Allow removing unknown recipients with --force Fixes gopasspw#1964 Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Summary
Try to remove recipient with --force flag
gopass> recipients rm --force=true --store store-name
choose recipient number from a list
get response:
failed to remove recipient "0CC1E5DD9B4208C3800B813C0735458EFE35F54B": recipient not in store
The same result with
gopass> recipients rm --force --store store-name
How can I fix it?
The text was updated successfully, but these errors were encountered: