I am trying to run the following commands on Heroku to import and trust a PGP public key which I need to use to encrypt a file before sending it via SFTP:
heroku run gpg --import key.asc
heroku run gpg --edit-key email#example.com
The first command seems to work, but when I run the second command it fails to find the key. I get the following output when running heroku run gpg --list-keys:
gpg: directory '/app/.gnupg' created
gpg: keybox '/app/.gnupg/pubring.kbx' created
gpg: /app/.gnupg/trustdb.gpg: trustdb created
This may be due to the fact that Heroku does not allow writing to the file system, but I wanted to see if anyone knows what is going on and can help me figure out how to use this public key for encryption. It works locally using the iostreams gem to run something similar to the third example here
I guess that the problem is in the first command.The key.asc file in not in the dyno, it is on your computer. So, it is not importing anything.
You can run: heroku run bash and play directly inside the dyno.
Hope it helps!!!
Related
Using Github actions I'm able to run a script to decrypt files using gpg. This doesn't seem to work in Xcode cloud (I guess because gpg is not installed there).
Is there another way to encrypt and decrypt files when using Xcode cloud for CI? Or maybe there's a way to install gpg in Xcode cloud?
E.g. I want to be able to decrypt my JSON cloud config files.
After a lot of searching I can't seem to find any alternatives or even discussion about it. Is there a way to do it?
Or is this a silly thing to do in the first place? Maybe there's a better approach?
It turns out you can install gpg on Xcode cloud using homebrew.
I just added this line to my shell script before the decrypt lines and the build passed!
brew install gpg
See https://developer.apple.com/documentation/xcode/writing-custom-build-scripts for more info.
Ok, so I have installed WSL2 Ubuntu on my Windows 10 pc. I'm trying to sign a commit from intellij (running as admin) installed on windows, and I'm using the git binary from the WSL2 vm, I have configured the gpg and git stuff in both windows and wsl, but I don't know why this is not working...
Here is a screenshot of the gpg signing working on the wsl vm.
And here I have another picture of the gpg signing working on the windows terminal.
The dialog showed successfully on both terminals asking for my passphrase. Using the git cli the gpg key works:
And this is the error I get:
After some more research I found a workaround:
I found this comment in the YouTrack site. Which led me to this stackoverflow post. The workaround/solution is the following:
Edit the ~/.gnupg/gpg-agent.conf inside your WSL setup and add the following line (or replace it if you already had a config with the same key):
This config will tell gpg to use the windows gui instead of the cli when asking for your passphrase
pinentry-program "/mnt/c/Program Files (x86)/GnuPG/bin/pinentry-basic.exe"
You can keep the program path to the pinentry-basic.exe (that's the default one), but if you have it under another location make sure to change it.
After that you can try the following command and check that the windows pinentry dialog shows up:
This command will sign the text "test" and will ask you for your key passphrase.
echo "test" | gpg --clearsign
I'm trying to enable commit signing on OS X Mojave.
git commit -S -am "Test"
The error is:
error: gpg failed to sign the data
fatal: failed to write commit object
What I tried:
gpg works fine (see below), did not install gpg1 or gpg2
Installed GPG KeyChain and added a new key (even added a separate sign-only subkey whithin)
Installed pinentry
gpg2 --clearsign works fine (generates a new .asc file for files, outputs text for plain text)
Questions I looked into and tried every option:
gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]
Git error - gpg failed to sign data
What am I doing wrong?
I also had this problem. I found a good solution.
Just try to sign a file before you commit.
$ touch a.txt
$ gpg --sign a.txt
Then, the OS will let you input the password.
If this step is OK, now you can commit by signing correctly.
I just added the key ID to the global config
list all keys:
gpg --list-keys
Select the one you added to github and set it.
git config --global user.signingkey [public key ID]
Heh, of course, right after I posted this question, I found the solution.
So my problem was that I followed this doc: https://help.github.com/en/articles/telling-git-about-your-signing-key
And set up both GPG and smimesign, when I have Git < 2.19 and no proper X.509 keys.
So I just removed the part with smimesign from global ~/.gitconfig
Try with echo "foobar" | gpg --clearsign. It should ask for your key's passphrase and return the signature.
If instead you see the following error message:
error: gpg failed to sign the data
fatal: failed to write commit object
You might want to try running export GPG_TTY=$(tty). If after testing again you're prompted for the password and it works, run this everytime on startup, adding it to ~/.bashrc, which is actually required according to gpg-agent's documentation, as mentioned in this dev.gnupg thread and which you can verify with man gpg-agent.
I also found this gitHub gist very useful.
To prompt you to enter a PIN or passphrase when required, install pinentry-mac
$ brew install pinentry-mac
$ echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
$ killall gpg-agent
Im trying to install halyard in Ubuntu 16.04.
I have downloaded installhalyard script using curl
curl -O https://raw.githubusercontent.com/spinnaker/halyard/master/install/debian/InstallHalyard.sh
After Im executing sudo bash InstallHalyard.sh to install halyard command.
But Its not getting installed and showing the below error
jayanth#jayanth-VirtualBox:~$ sudo bash InstallHalyard.sh
[sudo] password for jayanth:
Please supply a non-root user to run Halyard as: jayanth
Halyard version will be stable
Halyard will be downloaded from gs://spinnaker-artifacts/halyard
Halyard config will come from bucket gs://halconfig
Halconfig will be stored at /home/jayanth/.hal/config
Uninstall script is located at /home/jayanth/.hal/uninstall.sh
Running ubuntu 16.04
gpg: keyring `/tmp/tmptyeoozb6/secring.gpg' created
gpg: keyring `/tmp/tmptyeoozb6/pubring.gpg' created
gpg: requesting key 86F44E2A from hkp server keyserver.ubuntu.com
**Error: retrieving gpg key timed out.**
gpg: /tmp/tmptyeoozb6/trustdb.gpg: trustdb created
gpg: key 86F44E2A: public key "Launchpad OpenJDK builds (all archs)" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK
Due to the above error, Im unable to install Halyard.
Please help me here.
BR
Jayanth
i use below command to deploy halyard
kubectl create deployment hal --image gcr.io/spinnaker-marketplace/halyard:1.20.2
I have again tried sudo apt-get update this time and installed open ssh client and server.
This time it worked.
Looks as though you either had a problem with network connectivity or some other reason that your system can't reach the host keyserver.ubuntu.com. Make sure you can reach that server (try pinging it for instance) and your install should work.
Every now and then I'm encountering problems with scripts hosted on Github which have been linked using https. I've usually managed to get around it one way or the other, but I'm wondering what's the proper way of solving this?
Here's an example: I'd like to make use of this Rails Application template.
Running
rails new APP_NAME -m https://raw.github.com/RailsApps/rails3-application-templates/master/rails3-devise-rspec-cucumber-template.rb -T
will throw:
certificate verify failed (OpenSSL::SSL::SSLError)
What is the proper way of going about this situation without editing the script itself?
UPDATE
I've tried so far as well
export GIT_SSL_NO_VERIFY=true
but I keep on getting the same error.
I also exported the certificate from Firefox as github.com.pem and simply dragged it into my unlocked Keychain Access. The certificate is now listed but the error remains the same.
UPDATE 2
As awful this solution is, this hack works: http://blog.dominicsayers.com/2011/08/16/howto-use-a-rails-template-from-github-on-windows/
It seems that simply "updating" the certificates is the best option:
$ cd /usr/share/curl/
$ sudo wget http://curl.haxx.se/ca/cacert.pem
$ sudo mv curl-ca-bundle.crt old.curl-ca-bundle.crt
$ sudo mv cacert.pem curl-ca-bundle.crt