gnupg specify gpg-agent path - gnupg

I am using python-gnupg wrapper, I have copied gpg binary (/usr/bin/gpg) along with dependent libraries identified by ldd gpg command, When defining gpghome i did specify the binary path as well.
gpg = gnugp.GPG(gnupghome='/tmp', gpgbinary='/var/task/gpg')
I get below error
gpg: failed to start agent '/usr/bin/gpg-agent': No such file or directory
I have copied gpg-agent in /var/task/gpg, but it still fails because it is starting the gpg-agent from /usr/bin, How can i change the path for gpg-agent from /usr/bin to /var/task/gpg?

Related

IPC Error on GPG Agent with Git on Windows

I would like to use GPG without Gpg4win installed on Windows because Git for Windows includes the binary for GPG we well, so I would like to use it instead of installing an extra application.
However, when I setup the GPG (e.g adding Path etc), I have encountered the following error:
C:\Users\me> gpgconf --launch gpg-agent
gpgconf: error running '/usr/bin/gpg-connect-agent': exit status 1
gpgconf: error running '/usr/bin/gpg-connect-agent NOP': General error
And with gpg-connect-agent:
C:\Users\me> gpg-connect-agent /bye
gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: waiting for the agent to come up ... (4s)
gpg-connect-agent: waiting for the agent to come up ... (3s)
gpg-connect-agent: waiting for the agent to come up ... (2s)
gpg-connect-agent: waiting for the agent to come up ... (1s)
gpg-connect-agent: can't connect to the agent: IPC connect call failed
gpg-connect-agent: error sending standard options: No agent running
I need the agent to be running in order to sign the git commits, so I am not sure what is happening.
Before this error happens, I was using Gpg4win, which has no errors at all (to make sure it is not a versioning issue, I have removed everything in %userprofile%/.gnupg)
System Info:
Windows 10 21H1 19043.1110
git version 2.29.2.windows.1
C:\Users\me> gpg --version
gpg (GnuPG) 2.2.23-unknown
libgcrypt 1.8.7
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: C:/Users/me/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
where gpg: C:\Program Files\Git\usr\bin\gpg.exe
where git: C:\Program Files\Git\cmd\git.exe
Any help would be appreciated. Thanks
I had the same problem on a fresh install of gnupg2 on a new MacOS (Monterey). It seems the installation doesn't create the .gnupg folder.
In my case this was solved by running:
gpg -K
which resulted in the creation of the missing folder
gpg: directory '/Users/xxx/.gnupg' created
gpg: keybox '/Users/xxx/.gnupg/pubring.kbx' created
gpg: /Users/xxx/.gnupg/trustdb.gpg: trustdb created
and all was well.
I managed to figure it out.
This is because the gpg in git for windows uses MINGW64 for the environment. And because I manually set the GNUPGHOME environment variable to a Windows path: C:/users/me/.gnupg, it will not work.
(I never use the included MINGW64 git bash, I only use cmd and add those exe, like git, gpg into PATH)
So, if you have manually set the GNUPGHOME env variable, you need to change to a MINGW64 path.
So in my case, C:/users/me/.gnupg -> /c/users/me/.gnupg
I am not sure about --homedir though.

How to run nvm command from bash file in GCP Cloud Shell (global install)?

What we're trying to do
We are using Cloud Shell Editor (IDE) on GCP.
According to the documentation for Environment customization script:
Cloud Shell automatically runs the script,
$HOME/.customize_environment, when your instance boots up. Unlike
.profile or .bashrc, this script runs once when Cloud Shell boots
(rather than once for each shell login).
This script runs as root and you can install any packages that you
want to exist in each Cloud Shell session using Debian package
management commands.
For example, if you'd like to have erlang installed on Cloud Shell,
your .customize_environment file will look like this:
#!/bin/sh
apt-get update
apt-get -y install erlang
We are trying to pre-install node versions and automate configuration for our developers using nvm.
Where we have issues
We've looked into several articles on making nvm callable from within a bash script file (the .customize_environment file):
nvm command not available in bash script
Can't use nvm from bash script
Node Version Manager install - nvm command not found
None of these answers seem to resolve our issue.
GCP nvm details
Cloud Shell pre-installs nvm (globally); it is located at /usr/local/nvm/nvm.sh.
There is no ~/.nvm folder.
I can run nvm without issue from Cloud Shell (command line) directly.
I cannot run nvm (nor using the for path) from a bash file.
Closest attempt
Running the following comes close, but I'm limited on privileges that you can't sudo around due to Cloud Shell limitations:
. /usr/local/nvm/nvm.sh
nvm install 14
Results in:
Downloading and installing node v14.15.4...
mkdir: cannot create directory ‘/usr/local/nvm/.cache/bin/node-v14.15.4-linux-x64’: Permission denied
creating directory /usr/local/nvm/.cache/bin/node-v14.15.4-linux-x64/files failed
Downloading https://nodejs.org/dist/v14.15.4/node-v14.15.4-linux-x64.tar.xz...
Warning: Failed to create the file
Warning: /usr/local/nvm/.cache/bin/node-v14.15.4-linux-x64/node-v14.15.4-linux-
Warning: x64.tar.xz: No such file or directory
curl: (23) Failed writing body (0 != 966)
Binary download from https://nodejs.org/dist/v14.15.4/node-v14.15.4-linux-x64.tar.xz failed, trying source.
grep: /usr/local/nvm/.cache/bin/node-v14.15.4-linux-x64/node-v14.15.4-linux-x64.tar.xz: No such file or directory
Provided file to checksum does not exist.
Binary download failed, trying source.
Detected that you have 4 CPU core(s)
Running with 3 threads to speed up the build
mkdir: cannot create directory ‘/usr/local/nvm/.cache/src’: Permission denied
creating directory /usr/local/nvm/.cache/src/node-v14.15.4/files failed
Downloading https://nodejs.org/dist/v14.15.4/node-v14.15.4.tar.xz...
Warning: Failed to create the file
Warning: /usr/local/nvm/.cache/src/node-v14.15.4/node-v14.15.4.tar.xz: No such
Warning: file or directory
curl: (23) Failed writing body (0 != 965)
Binary download from https://nodejs.org/dist/v14.15.4/node-v14.15.4.tar.xz failed, trying source.
grep: /usr/local/nvm/.cache/src/node-v14.15.4/node-v14.15.4.tar.xz: No such file or directory
Provided file to checksum does not exist.
Important lines: mkdir: cannot create directory ‘...’: Permission denied
I can't sudo around it, run usermod (e.g. usermod -a -G staff $(whoami)), even though Google's documentation says I should be able to:
When you set up a Cloud Shell session, you get a regular Unix user account with a username based on your email address. With this access, you have full root privileges on your allocated VM and can even run sudo commands, if you need to.
Question
How can we use nvm within a bash script file in GCP's Cloud Shell?
I managed to resolve this with the help of comments by #Kolban and #HarshManvar.
I assume this solution would also work for any other scripts that aren't working with direct calls from .customize_environment.
The example below is influenced by the answer found here. The code installs a specific node version.
Note: nvm is globally installed in Cloud Shell by default.
#!/usr/bin/bash
sudo su -c '. /usr/local/nvm/nvm.sh && nvm install 14'

gpg --import on Heroku

I am trying to run the following commands on Heroku to import and trust a PGP public key which I need to use to encrypt a file before sending it via SFTP:
heroku run gpg --import key.asc
heroku run gpg --edit-key email#example.com
The first command seems to work, but when I run the second command it fails to find the key. I get the following output when running heroku run gpg --list-keys:
gpg: directory '/app/.gnupg' created
gpg: keybox '/app/.gnupg/pubring.kbx' created
gpg: /app/.gnupg/trustdb.gpg: trustdb created
This may be due to the fact that Heroku does not allow writing to the file system, but I wanted to see if anyone knows what is going on and can help me figure out how to use this public key for encryption. It works locally using the iostreams gem to run something similar to the third example here
I guess that the problem is in the first command.The key.asc file in not in the dyno, it is on your computer. So, it is not importing anything.
You can run: heroku run bash and play directly inside the dyno.
Hope it helps!!!

gpg "failed to write commit object"

I'm trying to enable commit signing on OS X Mojave.
git commit -S -am "Test"
The error is:
error: gpg failed to sign the data
fatal: failed to write commit object
What I tried:
gpg works fine (see below), did not install gpg1 or gpg2
Installed GPG KeyChain and added a new key (even added a separate sign-only subkey whithin)
Installed pinentry
gpg2 --clearsign works fine (generates a new .asc file for files, outputs text for plain text)
Questions I looked into and tried every option:
gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]
Git error - gpg failed to sign data
What am I doing wrong?
I also had this problem. I found a good solution.
Just try to sign a file before you commit.
$ touch a.txt
$ gpg --sign a.txt
Then, the OS will let you input the password.
If this step is OK, now you can commit by signing correctly.
I just added the key ID to the global config
list all keys:
gpg --list-keys
Select the one you added to github and set it.
git config --global user.signingkey [public key ID]
Heh, of course, right after I posted this question, I found the solution.
So my problem was that I followed this doc: https://help.github.com/en/articles/telling-git-about-your-signing-key
And set up both GPG and smimesign, when I have Git < 2.19 and no proper X.509 keys.
So I just removed the part with smimesign from global ~/.gitconfig
Try with echo "foobar" | gpg --clearsign. It should ask for your key's passphrase and return the signature.
If instead you see the following error message:
error: gpg failed to sign the data
fatal: failed to write commit object
You might want to try running export GPG_TTY=$(tty). If after testing again you're prompted for the password and it works, run this everytime on startup, adding it to ~/.bashrc, which is actually required according to gpg-agent's documentation, as mentioned in this dev.gnupg thread and which you can verify with man gpg-agent.
I also found this gitHub gist very useful.
To prompt you to enter a PIN or passphrase when required, install pinentry-mac
$ brew install pinentry-mac
$ echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
$ killall gpg-agent

Error while installing Halyard

Im trying to install halyard in Ubuntu 16.04.
I have downloaded installhalyard script using curl
curl -O https://raw.githubusercontent.com/spinnaker/halyard/master/install/debian/InstallHalyard.sh
After Im executing sudo bash InstallHalyard.sh to install halyard command.
But Its not getting installed and showing the below error
jayanth#jayanth-VirtualBox:~$ sudo bash InstallHalyard.sh
[sudo] password for jayanth:
Please supply a non-root user to run Halyard as: jayanth
Halyard version will be stable
Halyard will be downloaded from gs://spinnaker-artifacts/halyard
Halyard config will come from bucket gs://halconfig
Halconfig will be stored at /home/jayanth/.hal/config
Uninstall script is located at /home/jayanth/.hal/uninstall.sh
Running ubuntu 16.04
gpg: keyring `/tmp/tmptyeoozb6/secring.gpg' created
gpg: keyring `/tmp/tmptyeoozb6/pubring.gpg' created
gpg: requesting key 86F44E2A from hkp server keyserver.ubuntu.com
**Error: retrieving gpg key timed out.**
gpg: /tmp/tmptyeoozb6/trustdb.gpg: trustdb created
gpg: key 86F44E2A: public key "Launchpad OpenJDK builds (all archs)" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK
Due to the above error, Im unable to install Halyard.
Please help me here.
BR
Jayanth
i use below command to deploy halyard
kubectl create deployment hal --image gcr.io/spinnaker-marketplace/halyard:1.20.2
I have again tried sudo apt-get update this time and installed open ssh client and server.
This time it worked.
Looks as though you either had a problem with network connectivity or some other reason that your system can't reach the host keyserver.ubuntu.com. Make sure you can reach that server (try pinging it for instance) and your install should work.

Resources