Running a gpg shell script to decrypt a file via Automator

automatorscript

I regularly need to decrypt a gpg-encrypted file (always the same) to simply view it in TextEdit. I have a very simple shell script for that. It looks like this:

#!/bin/sh
outfile=`mktemp -t $$`  # Temporary file name
gpg --output $outfile --decrypt /path/to/file.gpg
open -a TextEdit $outfile
sleep 1
rm $outfile

When run from the terminal, all goes well. GPG asks for my passphrase in a pop-up window, TextEdit comes up, the temp file is deleted and all is great. Not so in Automator. I select "Run Shell Script", ignore the shell script input, paste the contents of the script (except for the first line). TextEdit pops up with a blank file and GPG never asks for the passphrase. I tried using the full path to GPG but that didn't do it. I know virtually nothing of Automator actions so the problem surely comes from me.

Any help appreciated!

Best Answer

The Automator “Run Shell Script” action runs the script in a non-interactive shell (for an explanation of the difference between interactive and non-interactive shells, see the pertinent section of the Advanced Bash Scripting Guide) – there is, simply spoken, no terminal to get user input from. I suppose the gpg utility recognizes this and skips the password prompt (else your script would hang).

You should be able to pipe your passphrase to GPG inside such an action using the --passphrase-fd 0 option (see gpg’s man page) , however, i.e.

echo "passphrase" |  gpg  --passphrase-fd 0 --output $outfile --decrypt /path/to/file.gpg

You can securely store your passphrase in the OS X Keychain and retrieve it from there. Although possible via a shell script (the TextMate blog has details on how to achieve that – be sure to read the comments), there are so many gotchas to that I’d recommend using a bit of AppleScript and Daniel Jalkut’s excellent Usable Keychain Scripting app. Once installed, the following bit of AppleScript will retrieve your password (assuming the account name is “GPG”):

tell application "Usable Keychain Scripting" to get password of first generic item of current keychain whose account is "GPG"

Either wrap it in an osascript shell command, i.e.

passphrase=$(osascript -e '<command above>')

or, as you are using Automator, add an AppleScript action, retrieve the passphrase inside it and pass it to the shell script.

Related Solutions

My Automator Workflow fails because it fails to find the git command within the ‘Run Shell Script’ command? Need help

Scripts run via Automator use the default search path which usually does not include /usr/local/bin. In your case an easy fix would be to put

export PATH=/usr/local/bin:$PATH

somewhere at the beginning of the script.

Automator to execute shell script with an input text file, copy it to specific directory

EDIT: Workflow now works with one bug: running the workflow twice results in two copies of the control file being copied

Make a new Automator SERVICE. At the beginning, for "receives selected as input" choose "documents". Add the process "set value of variable" and make a new "destination path" variable (default variable name is "destination path"). Add the process "open finder items" to the beginning to open the control file. Add the process "run applescript" to the workflow the code is the following:

on run {input, parameters}

set LineNumber to (the line in which the path is specified in the control file)
tell application "TextEdit"
    set theVariable to paragraph LineNumber of document 1
    set thePath to POSIX path of theVariable
    set thePath to text 1 thru -2 of thePath
end tell

return thePath
end run

I don't know why this couldn't have been in the same block, but you need to add a separate AppleScript process. The code is as follows:

on run {input, parameters}

tell application "Finder"
    set theFolder to POSIX path of input & "/DEBIAN"
    try
        make new folder in folder input with properties {name:"DEBIAN"}
    end try
end tell

return theFolder
end run

Add the process "set value of variable" and make a new destination path variable (default name is "destination path 1").
Add the "get value of variable" process and get the value of the variable with the path of the input file ("destination path"). Click on "options" on this process and check "ignore this action's input".
After this, Automator has a process called "copy finder items" and this can be used to copy the input (the output of "get value of variable", which is the input file). This worked for me, hope it works for you as well. Good luck :)

Best Answer

Related Solutions

My Automator Workflow fails because it fails to find the git command within the ‘Run Shell Script’ command? Need help

Automator to execute shell script with an input text file, copy it to specific directory

Related Question