Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Blackbox: GPG decrypt fails (don't know ctb=00)

Tags:

gnupg

gitlab-ci-runner

I'm using Blackbox to protect sensitive files in my repositories, but suddenly, inexplicably to me, it simply stopped working.

I am running a GitLab CI deployment script, and the blackbox_postdeploy fails with message gpg: [don't know] ctb=00.

I've been able to find out that ctb=00 usually has to do with corrupt keychains, but since I'm running this on a clean Docker-container (through the GitLab CI) I don't know how to fix it.

Here's the output from the GitLab CI script:

$ gpg -v --import <(echo "$GPG_PRIVATE_KEY")
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: pub  4096R/ABC1234 2017-04-28  Bot <[email protected]>
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: using PGP trust model
gpg: key ABC1234: public key "Bot <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
$ which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
/usr/bin/ssh-agent
$ eval $(ssh-agent -s)
Agent pid 72
$ ssh-add <(echo "$SSH_PRIVATE_KEY")
Identity added: /dev/fd/63 (rsa w/o comment)
$ mkdir -p ~/.ssh
$ [[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
$ git config --global url."[email protected]:".insteadOf "https://gitlab.com/"
$ ln -s /builds /go/src/gitlab.com
$ cd /go/src/gitlab.com/me/mysystem
$ blackbox_postdeploy
========== Importing keychain: START
gpg: [don't know]: invalid packet (ctb=00)
gpg: key export failed: invalid packet
ERROR: Job failed: exit code 1

Things I've tried:

  • Manually removing Blackbox files.
  • Forcefully re-initializing Blackbox in the repository.
  • Re-creating the public key for my deploy bot.
  • Removing the /root/.gnupg-folder on the container before deploying.

Can anyone help me along here? This is occasionally breaking my repositories, being a huge pain for my development process.

Thank you.

like image 865
Helge Talvik Söderström Avatar asked Nov 07 '22 21:11

Helge Talvik Söderström

1 Answers

Make sure to only use gpg2 when both are installed.

$ gpg2 -v --import <(echo "$GPG_PRIVATE_KEY")

The problems have been fixed in blackbox HEAD. Pull the latest blackbox version and call blackbox commands with an environment variable.

$ GPG=gpg2 blackbox_deploy
like image 77
mipmip Avatar answered Dec 26 '22 22:12

mipmip
Sign in to Comment

Related questions

gpg2 import of gpg1 secret key fails (gpg 2.1.15, Ubuntu 17.10)
Uninstalling GnuPG on Mac OS X
Decrypt a GPG file using a batch file
Using BouncyCastle with GnuPG 2.1's `pubring.kbx` file
Is there a canonical, if not core, Gnu Privacy Guard CPAN module?
encryption of php contact form with my public key
How to handle gpg-agent in WSL?
S.gpg-agent.browser not found error while adding ppa in debian strech

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!