I am trying to import a GPG key on a Gitlab CI system with an ubuntu:bionic Docker image. To do this securely, I have to store the key in a so called secret variable (which then simply becomes an environment variable at runtime).
So I tried to export the key in a non-binary format like this:
gpg2 --armor --export-secret-keys "my name <my email>" > my-gpg-key.ascmy-gpg-key.asc looked like this then:
-----BEGIN PGP PRIVATE KEY BLOCK-----
long multi line ascii string
-----END PGP PRIVATE KEY BLOCK-----Then I copied the file contents and defined a secret variable from it.
The variable is called LAUNCHPAD_GPG_PRIVATE_KEY
Here is what I tried:
apt-get -qq update --yes
apt-get -qq install --yes gnupg2 > /dev/null
export GPG_TTY=$(tty) # compensate for ioctl error
gpg2 --list-keys
gpg2 -v --import <(echo "$LAUNCHPAD_GPG_PRIVATE_KEY")
gpg2 --list-keysThis causes:
gpg: key 17B1EA9E090F697D/17B1EA9E090F697D: error sending to agent: No such file or directory
gpg: error building skey array: No such file or directoryI also tried to export and import the key with gpg instead of gpg2: Same result...
I also tried running
gpg-agent --daemonand
gpg-agent --daemon --allow-loopback-pinentrybefore the import... but still: Same error.
Any ideas how this can be done properly?
1 Answer
I managed import it without any errors by adding the batch flag.
gpg2 -v --batch --import <(echo "$LAUNCHPAD_GPG_PRIVATE_KEY")Don't ask me why this fixes it. It took me hours to figure this out...
1
