New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does not find private keys on CI/Jenkins node #497
Comments
Hello, @theanimal666 , thank you for this issue report! My first thought is to check what version of gpg was used when creating the When running There are known compatibility issues when reading binary files created from different versions of gpg. See: #228 , #136, #208 . We have plans to move away from dependence on Please let us know if gnupg interoperability issues seem to explain the issues you're seeing. |
When you say |
Hi, Thanks for the quick answer. I do not have a On my dev machine, where i've setup the repository & added the keys i'm running gpg
I'll make a gpg upgrade and check if it works with a newer version, and let you know. |
@theanimal666 Yes both the content, and the filenames of the binary files used by different versions of gnupg may change, especially between disparate versions such as 2.0.x and 2.2.x. Quoting https://github.com/sobolevn/git-secret/blob/master/RFC/RFC001.md : GPG maintains backwards compatibility but not forwards compatibility. Running a new GPG version can and will upgrade the keyring storage files in a way that is not recognized by older versions of GPG. This is not normally a problem for typical GPG usage. Users will upgrade and rarely downgrade. It is a problem for git-secret as the keyring storage is committed to git and shared between users. Someone using an older version of GPG can no longer open the upgraded keyring file. |
I just compiled and installed gnupg 2.2 on the server and now everything works as expected 🎉🎉🎉 Thanks a lot for the great support! Without the hint i'd never guessed that 2.2 may not be compatible with 2.0, maybe too long working in semver county ;) |
What are the steps to reproduce this issue?
Try to run
git secret [cat|reveal] ...
as part of jenkins build.What happens?
Aborts with:
git-secret: abort: no public keys for users found. run 'git secret tell email@address'
What were you expecting to happen?
To decrypt our secrets.
Any logs, error output, etc?
When listing keys with
gpg --list-secret-keys
as part of the same build script just one line before the reveal command i get:The command
git secret reveal
returns:
Manually cloneig the repository and
git secret reveal
worksWhat versions of software are you using?
Operating system: (
uname -a
) …Linux jenkins1 3.10.0-957.21.3.el7.x86_64 #1 SMP Tue Jun 18 16:35:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
git-secret
path: (which git-secret
) …/bin/git-secret
git-secret
version: (git secret --version
) …0.2.6
git
version: (git --version
) …git version 1.8.3.1
Shell type and version: (
$SHELL --version
) …GNU bash, version 4.2.46(2)-release (x86_64-redhat-linux-gnu)
gpg
version: (gpg --version
) …kind regards & thanks for the great piece of stoftware you provide
Christian
The text was updated successfully, but these errors were encountered: