From b75f3d4eda5b5f9c7b2b7fe391358778da2289eb Mon Sep 17 00:00:00 2001 From: Dominik Schulz Date: Mon, 5 Apr 2021 13:22:56 +0200 Subject: [PATCH] Use shorter SSH control path (#1899) Fixes #1896 RELEASE_NOTES=[BUGFIX] Fix SSH control path Signed-off-by: Dominik Schulz --- docs/faq.md | 1 + internal/backend/storage/fs/fsck.go | 8 +++++++- internal/backend/storage/gitfs/ssh_others.go | 5 ++++- internal/store/leaf/fsck.go | 3 +++ 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/docs/faq.md b/docs/faq.md index ff5937b9a2..83dc6220b4 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -11,6 +11,7 @@ * *gopass fails with 'gpg failed to sign the data fatal: failed to write commit object'* - If git is not able to interface with GPG, commits will fail because gopass configures git to sign commits by default. Have a look a [this question](https://stackoverflow.com/questions/39494631/gpg-failed-to-sign-the-data-fatal-failed-to-write-commit-object-git-2-10-0) for more information. * *Can gopass be used with Terraform?* - Yes, there is a gopass-based [Terraform provider](https://github.com/camptocamp/terraform-provider-pass) available. * *How can I fix ´"gpg: decryption failed: No secret key"` errors?* - Set the ´auto-expand-secmem` option in your gpg-agent.conf, if your version of GnuPG supports it. +* *I'm getting `Path too long for Unix domain socket` errors, usually on MacOS*. This can be fixed by setting `export TMPDIR=/tmp` (or any other suiteable location with a path shorter than 80 characters). ## API Stability diff --git a/internal/backend/storage/fs/fsck.go b/internal/backend/storage/fs/fsck.go index 39c0d08f48..530f2cc378 100644 --- a/internal/backend/storage/fs/fsck.go +++ b/internal/backend/storage/fs/fsck.go @@ -12,6 +12,7 @@ import ( "github.com/gopasspw/gopass/pkg/ctxutil" "github.com/gopasspw/gopass/pkg/debug" "github.com/gopasspw/gopass/pkg/fsutil" + "github.com/gopasspw/gopass/pkg/termio" ) // Fsck checks the storage integrity @@ -47,7 +48,12 @@ func (s *Store) Fsck(ctx context.Context) error { } debug.Log("checking root dir %q", s.path) - return s.fsckCheckDir(ctx, s.path) + if err := s.fsckCheckDir(ctx, s.path); err != nil { + return err + } + + debug.Log("checking git config") + return s.InitConfig(ctx, termio.DetectName(ctx, nil), termio.DetectEmail(ctx, nil)) } func (s *Store) fsckCheckFile(ctx context.Context, filename string) error { diff --git a/internal/backend/storage/gitfs/ssh_others.go b/internal/backend/storage/gitfs/ssh_others.go index af3f619800..7deb8fc8f8 100644 --- a/internal/backend/storage/gitfs/ssh_others.go +++ b/internal/backend/storage/gitfs/ssh_others.go @@ -11,6 +11,9 @@ import "os" // // Note: Setting GIT_SSH_COMMAND, possibly to an empty string, will take // precedence over this setting. +// +// %C is a hash of %l%h%p%r and should avoid "path too long for unix domain socket" +// errors. If you still encounter this error set TMPDIR to a short path, e.g. /tmp. func gitSSHCommand() string { - return "ssh -oControlMaster=auto -oControlPersist=600 -oControlPath=" + os.TempDir() + "/.gopass-ssh-${USER}-%r@%h:%p" + return "ssh -oControlMaster=auto -oControlPersist=600 -oControlPath=" + os.TempDir() + "/.ssh-%C" } diff --git a/internal/store/leaf/fsck.go b/internal/store/leaf/fsck.go index fd325073c2..efc2903cce 100644 --- a/internal/store/leaf/fsck.go +++ b/internal/store/leaf/fsck.go @@ -101,6 +101,9 @@ func (s *Store) fsckCheckEntry(ctx context.Context, name string) error { } // check itemRecps matches storeRecps + // TODO we need to noramlize both slices before we can compare them, + // otherwise one might contain a short key id or a name while the other has + // the full key id missing, extra := compareStringSlices(perItemStoreRecps, itemRecps) if len(missing) > 0 { out.Errorf(ctx, "Missing recipients on %s: %+v\nRun fsck with the --decrypt flag to re-encrypt it automatically, or edit this secret yourself.", name, missing)