From c303513be400db4efd65d8f19ca101a1e470796f Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 3 Apr 2017 13:24:25 +0100
Subject: [PATCH] Fix issues with GPG default key.

- Remove --no-options gpg option when using GPG key.
- Improve gpg default key tests

To use the default key, ~/.gnupg/gpg.conf needs:
  default-key <keyid>
  default-recipient-self
Or
  default-recipient <keyid>

Otherwise the first key in the keyring is used.
---
 extras/test/gnupg/gpg.conf |  8 ++++++++
 extras/test/runtests       |  4 +++-
 tomb                       | 12 ++++++------
 3 files changed, 17 insertions(+), 7 deletions(-)
 create mode 100644 extras/test/gnupg/gpg.conf

diff --git a/extras/test/gnupg/gpg.conf b/extras/test/gnupg/gpg.conf
new file mode 100644
index 0000000..997da9c
--- /dev/null
+++ b/extras/test/gnupg/gpg.conf
@@ -0,0 +1,8 @@
+# ~/.gnupg/gpg.conf
+
+# Description of options can be found here:
+# http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Options.html
+
+# GPG Configuration Options
+default-key 0B2235E660753AB0475FB3E23DC836481F44B31E
+default-recipient-self
diff --git a/extras/test/runtests b/extras/test/runtests
index 6618d4b..254ab91 100755
--- a/extras/test/runtests
+++ b/extras/test/runtests
@@ -196,7 +196,7 @@ test-tomb-recip() {
 test-tomb-recip-default() {
 
 	notice "wiping all default.tomb* in /tmp"
-	rm -f /tmp/default.tomb /tmp/default.tomb.key
+	rm -f /tmp/default.tomb /tmp/default.tomb.key /tmp/default.tmp 
 	
 	notice "Testing tomb with the default recipient"
 	res=0
@@ -207,6 +207,8 @@ test-tomb-recip-default() {
 	tt lock /tmp/default.tomb -k /tmp/default.tomb.key \
         --ignore-swap --unsafe -g
     { test $? = 0 } || { res=1 }
+    gpg -d --status-fd 2 /tmp/default.tomb.key 1> /dev/null 2> /tmp/default.tmp 
+    [[ -z "$(grep 'Tomb Test 2' /tmp/default.tmp)" ]] && { res=1 }
     { test $res = 0 } && { results+=(recip-default SUCCESS) }
 }
 
diff --git a/tomb b/tomb
index 636f80d..ac2a3c0 100755
--- a/tomb
+++ b/tomb
@@ -995,7 +995,7 @@ gpg_decrypt() {
     local gpgpass="$1\n$TOMBKEY"
     local tmpres ret
     typeset -a gpgopt
-    gpgpopt=(--batch --no-tty --passphrase-fd 0)
+    gpgpopt=(--batch --no-tty --passphrase-fd 0 --no-options)
 
     { option_is_set -g } && {
         gpgpass="$TOMBKEY"
@@ -1015,7 +1015,7 @@ gpg_decrypt() {
     [[ $gpgver == "1.4.11" ]] && {
         _verbose "GnuPG is version 1.4.11 - adopting status fix."
         TOMBSECRET=`print - "$gpgpass" | \
-            gpg --decrypt ${gpgpopt[@]} --no-options`
+            gpg --decrypt ${gpgpopt[@]}`
         ret=$?
         unset gpgpass
         return $ret
@@ -1024,7 +1024,7 @@ gpg_decrypt() {
     _tmp_create
     tmpres=$TOMBTMP
     TOMBSECRET=`print - "$gpgpass" | \
-        gpg --decrypt ${gpgpopt[@]} --no-options  \
+        gpg --decrypt ${gpgpopt[@]}  \
             --status-fd 2 --no-mdc-warning --no-permission-warning \
             --no-secmem-warning 2> $tmpres`
     unset gpgpass
@@ -1329,15 +1329,15 @@ gen_key() {
 
         # Set gpg inputs and options
         gpgpass="${tombpass}\n$TOMBSECRET"
-        gpgopt=(--passphrase-fd 0 --symmetric)
+        gpgopt=(--passphrase-fd 0 --symmetric --no-options)
         opt='-n'
     }
 
     _tmp_create
     local tmpres=$TOMBTMP
     print $opt - "$gpgpass" \
-        | gpg --openpgp --force-mdc --cipher-algo ${algo} --batch \
-              --no-options --no-tty ${gpgopt[@]} \
+        | gpg --openpgp --force-mdc --cipher-algo ${algo} \
+              --batch --no-tty ${gpgopt[@]} \
               --status-fd 2 -o - --armor 2> $tmpres
     unset gpgpass
     # check result of gpg operation