@@ -1155,9 +1155,16 @@ main (int argc, char *argv[])
11551155 strcat (key_arg , "'" );
11561156 }
11571157
1158+ // passing the passphrase via the environment is at least better than using a CLI parameter
1159+ gchar * sign_passphrase = getenv ("APPIMAGETOOL_SIGN_PASSPHRASE" );
1160+
11581161 sprintf (command ,
1159- "%s --batch --detach-sign --armor %s %s %s" ,
1160- gpg2_path , key_arg ? key_arg : "" , sign_args ? sign_args : "" , digestfile
1162+ "%s --detach-sign --armor %s %s %s %s" ,
1163+ gpg2_path ,
1164+ key_arg ? key_arg : "" ,
1165+ sign_args ? sign_args : "" ,
1166+ sign_passphrase != NULL ? "--passphrase-fd 0 --pinentry-mode loopback" : "" ,
1167+ digestfile
11611168 );
11621169
11631170 free (key_arg );
@@ -1166,12 +1173,25 @@ main (int argc, char *argv[])
11661173 if (verbose )
11671174 fprintf (stderr , "%s\n" , command );
11681175
1169- fp = popen (command , "r" );
1176+ fp = popen (command , "w" );
1177+
1178+ if (fp == NULL ) {
1179+ perror ("ERROR: popen() call failed" );
1180+ exit (1 );
1181+ }
1182+
1183+ // write passphrase to stdin (fd 0 of subprocess)
1184+ if (sign_passphrase != NULL ) {
1185+ if (fwrite (sign_passphrase , sizeof (char ), strlen (sign_passphrase ), fp ) != strlen (sign_passphrase )) {
1186+ perror ("ERROR: failed to pass passphrase to process, exiting" );
1187+ exit (1 );
1188+ }
1189+ }
11701190
11711191 if (pclose (fp ) != 0 ) {
1172- fprintf (stderr , "ERROR: %s command did not succeed, could not sign, continuing\n" , using_gpg ? "gpg" : "gpg2" );
1192+ int errno_backup = errno ;
1193+ fprintf (stderr , "ERROR: %s command did not succeed, could not sign (%s), continuing\n" , using_gpg ? "gpg" : "gpg2" , strerror (errno_backup ));
11731194 } else {
1174-
11751195 fp = NULL ;
11761196
11771197 FILE * destinationfp = fopen (destination , "r+" );
0 commit comments