Use a bundled GPG binary #1373
Description
Our gpg integration is currently in a kind of an "it works if you're lucky" state. I'd started revisiting the ways we interact with gpg in #846, but quickly ran into problems because of the complexity of adapting to the gpg versions and configurations that users could have installed. gpg 1.x, 2.0.x, and 2.1.x+ all have different command-line arguments, accepted ways for third-party applications to pass them credentials, and GNUPGHOME storage formats. Most dangerously, running gpg 2.1.x+ on a GNUPGHOME used by an older version of gpg will automatically migrate private key storage to a new format that is not backwards compatible, which I believe will make it look like all of your private keys have vanished 😱
Instead, the direction I'd like to go is:
- Call bundled
gpgandgpg-agentbinaries that we ship with the package, much like we do with git. I've already gotten the building and distribution story in place in atom/squeegpg-native. Fortunately, this'll only add an MB or two to our bundled size, which will be dwarfed by dugite anyway. - Use a persistent, isolated GNUPGHOME, likely somewhere in
.atom. Bootstrap it by copying or (sym/hard)linking files from an existing GNUPGHOME when appropriate, but configure gpg-agent to use an Atom-backed pinentry instead. I've started working on the Node API to manage this in atom/squeegpg.
This should improve our gpg support to the level of our git support and provide a nice balance between "working with the local keys you already have if you have one" and "working reliably out of the box."