I am trying to import a GPG key on a Gitlab CI system with an ubuntu:bionic Docker image. To do this securely, I have to store the key in a so called secret variable (which then simply becomes an environment variable at runtime).

So I tried to export the key in a non-binary format like this:

gpg2 --armor --export-secret-keys "my name <my email>" > my-gpg-key.asc 

my-gpg-key.asc looked like this then:

-----BEGIN PGP PRIVATE KEY BLOCK----- long multi line ascii string -----END PGP PRIVATE KEY BLOCK----- 

Then I copied the file contents and defined a secret variable from it. The variable is called LAUNCHPAD_GPG_PRIVATE_KEY

Here is what I tried:

apt-get -qq update --yes apt-get -qq install --yes gnupg2 > /dev/null export GPG_TTY=$(tty) # compensate for ioctl error gpg2 --list-keys gpg2 -v --import <(echo "$LAUNCHPAD_GPG_PRIVATE_KEY") gpg2 --list-keys 

This causes:

gpg: key 17B1EA9E090F697D/17B1EA9E090F697D: error sending to agent: No such file or directory gpg: error building skey array: No such file or directory 

I also tried to export and import the key with gpg instead of gpg2: Same result...

I also tried running

gpg-agent --daemon 

and

gpg-agent --daemon --allow-loopback-pinentry 

before the import... but still: Same error.

Any ideas how this can be done properly?

1 Answer

I managed import it without any errors by adding the batch flag.

gpg2 -v --batch --import <(echo "$LAUNCHPAD_GPG_PRIVATE_KEY") 

Don't ask me why this fixes it. It took me hours to figure this out...

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy