Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Avoiding problems with gpg-agent when running from scripts - gpg2

Tags:

bash

gnupg

gpg-agent

I'm trying to use gpg to --clearsign a file (for debian packaging purposes) from a script.

I have an exported password-less private-key.gpg file and want to:

gpg --clearsign -o output input

I don't want to mess with the current user's ~/.gnupg or /run/user/$(id -u)/gnupg because they have nothing to do with my script. Also, the script could be running in multiple instances simultaneously and I don't want them interfering with one another.

I thought that would be easy. Setup $GNUPGHOME to a temp dir and be done with it. But I cannot figure out how to get gpg to run in a script without messing with the user's standard configuration at all. It seems gpg has gone to great lengths to make it impossible to avoid the gpg-agent and gpg-agent insists on using global/hard-coded paths.

Can I keep everything under $GNUPGHOME? Or how do I safely use gpg from a shell script without influencing the user's config or use of gpg or other instances of my script?

Details

Reading the gpg docs I see that:

--use-agent
--no-use-agent

    This is dummy option. gpg always requires the agent.

And gpg-agent docs say:

--use-standard-socket
--no-use-standard-socket
--use-standard-socket-p

    Since GnuPG 2.1 the standard socket is always used.
    These options have no more effect. The command gpg-agent
    --use-standard-socket-p will thus always return success.

This "standard socket" is presumably in /run/user/$(id -u)/gnupg - so it seems I can't avoid gpg messing with the user's "normal" use of gpg.

Versions: gpg 2.1.18 on Debian 9 / stretch / stable

like image 971
Peter V. Mørch Avatar asked Oct 02 '18 14:10

Peter V. Mørch

Video Answer

1 Answers

If you can't stop gpg from creating files, would it help to give gpg a place to put them that's unique to the current process?

# Create a temporary directory for gpg.
dir="$(mktemp -d)"

# Remove the directory and its contents when the script exits.
trap '[[ ! -d "${dir}" ]] || rm -r "${dir}"' EXIT

# Put your private-key.gpg in the temporary directory.
$(your command here)

# Tell gpg to use the temporary directory.
gpg --homedir "${dir}" --clearsign -o output input
like image 116
Adam Liss Avatar answered Oct 06 '22 12:10

Adam Liss
Sign in to Comment

Related questions

Unix command to search for text string in all files
String comparison in bash is not working
How to run grep inside awk?
alternatives --config java bash script
Recursively count specific files BASH
How to send data using curl from Linux command line?
Change file extensions of multiple files in a directory with terminal/bash?
extract date from a file name in unix using shell scripting
one-liner: print all lines except the last 3?
Finding duplicate files according to md5 with bash
Decompressing a .lzo file using shell script [closed]
How to pass 'yes' to python manage.py flush?
How to check if gcc has failed, returned a warning, or succeeded in Bash?
Compiled vim from source on Mac OSX and getting 'shell returned 127' error?
Error installing yeoman
SSH connection via PHP - Laravel
Launch interactive SSH bash session from PHP
Accessing stdin during systemd boot
How to rename files in zip archive without extracting and recompressing them?
Upload APK to Github with TravisCI

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!