From db1c458921f1f0fee6739cc57d72f7772278e4fb Mon Sep 17 00:00:00 2001 From: Jayant-kernel Date: Tue, 3 Mar 2026 11:42:09 +0530 Subject: [PATCH] splitgpg2: allow xauthority OPTION for Flatpak clients Flatpak Evolution sends OPTION xauthority=/run/flatpak/Xauthority. The option was not whitelisted, so split-gpg2 filtered the command and decryption failed with 'command filtered out'. Treat xauthority like other session environment options and fake an OK response. Add a regression test to keep this in default options. Fixes QubesOS/qubes-issues#10340 --- splitgpg2/__init__.py | 1 + splitgpg2/test_server.py | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/splitgpg2/__init__.py b/splitgpg2/__init__.py index 0305925..7403786 100755 --- a/splitgpg2/__init__.py +++ b/splitgpg2/__init__.py @@ -569,6 +569,7 @@ def default_commands(self) -> Dict[bytes, 'NoneCallback']: @staticmethod def default_options() -> Dict[bytes, Tuple[OptionHandlingType, Optional[bytes]]]: return { + b'xauthority': (OptionHandlingType.fake, b'OK'), b'ttyname': (OptionHandlingType.fake, b'OK'), b'ttytype': (OptionHandlingType.fake, b'OK'), b'display': (OptionHandlingType.fake, b'OK'), diff --git a/splitgpg2/test_server.py b/splitgpg2/test_server.py index 517c542..7893a9e 100644 --- a/splitgpg2/test_server.py +++ b/splitgpg2/test_server.py @@ -590,6 +590,17 @@ async def go() -> None: await writer.wait_closed() self.loop.run_until_complete(go()) + def test_014_option_xauthority_allowed(self) -> None: + async def go() -> None: + reader, writer = await asyncio.open_unix_connection(self.socket_path) + self.assertEqual((await reader.readline()).rstrip(b'\n').split(b' ')[0], b'OK') + writer.write(b'OPTION xauthority=/run/flatpak/Xauthority\n') + self.assertEqual(await reader.readline(), b'OK\n') + writer.close() + await writer.wait_closed() + self.loop.run_until_complete(go()) + + class TC_Config(TestCase): key_uid = 'user@localhost'