"Not a tty" 基于 Alpine 的口是心非图像中的错误
"Not a tty" error in Alpine-based duplicity image
这是我在 Whosebug 上的第一个问题,所以我希望它会遵守社区准则:
我构建了一个 docker image based on an already existing 映像,其唯一目的是 运行 在容器中进行口是心非,以将文件和文件夹备份到欧洲的 Amazon S3 存储桶中。
口是心非在 运行 手动放入由图像生成的容器中时工作了几天。现在,我通过带有 CoreOS 的主机上的单元文件转移到 运行 容器,但事情不再起作用了 - 但该命令也不起作用,我 运行 它在一个口是心非的容器中手动运行。
运行命令:
docker run --rm --env-file=<my backup env file>.env --name=<container image> -v <cache container>:/home/duplicity/.cache/duplicity -v <docker volume with gpg keys>:/home/duplicity/.gnupg --volumes-from <docker container of interest> gymnae/duplicity
env 文件包含以下内容:
PASSPHRASE=<my super secret passphrase>
AWS_ACCESS_KEY_ID=<my aws access key id>
AWS_SECRET_ACCESS_KEY=<my aws access key>
SOURCE_PATH=<where does the data come from>
REMOTE_URL=s3://s3.eu-central-1.amazonaws.com/<my bucket>
PARAMS_CLEAN="--remove-older-than 3M --force --extra-clean"
ENCRYPT_KEY=<derived from the gpg key>
而在 docker run 上调用的 init.sh 看起来像这样:
#!/bin/sh
duplicity \
--verbosity 8 \
--s3-use-ia \
--s3-use-new-style \
--s3-use-server-side-encryption \
--s3-european-buckets \
--allow-source-mismatch \
--ssl-no-check-certificate \
--s3-unencrypted-connection \
--volsize 150 \
--gpg-options "--no-tty" \
--encrypt-key $ENCRYPT_KEY \
--sign-key $ENCRYPT_KEY \
$SOURCE_PATH \
$REMOTE_URL
我试过 -i、-it、-t 和 -d - 但结果总是一样的:
===== Begin GnuPG log =====
gpg: using "<supersecret>" as default secret key for signing
gpg: signing failed: Not a tty
gpg: [stdin]: sign+encrypt failed: Not a tty
===== End GnuPG log =====
GPG error detail: Traceback (most recent call last):
File "/usr/bin/duplicity", line 1532, in <module>
with_tempdir(main)
File "/usr/bin/duplicity", line 1526, in with_tempdir
fn()
File "/usr/bin/duplicity", line 1380, in main
do_backup(action)
File "/usr/bin/duplicity", line 1508, in do_backup
incremental_backup(sig_chain)
File "/usr/bin/duplicity", line 662, in incremental_backup
globals.backend)
File "/usr/bin/duplicity", line 425, in write_multivol
at_end = gpg.GPGWriteFile(tarblock_iter, tdp.name, globals.gpg_profile, globals.volsize)
File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 356, in GPGWriteFile
file.close()
File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 241, in close
self.gpg_failed()
File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 226, in gpg_failed
raise GPGError(msg)
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: using "<supersecret>" as default secret key for signing
gpg: signing failed: Not a tty
gpg: [stdin]: sign+encrypt failed: Not a tty
===== End GnuPG log =====
gpg 尝试签名时的这个 Not a tty 错误很奇怪。
以前好像没什么问题,或者我在加夜班的时候疯狂打字说曾经能用,现在就是不想用了。
对于遇到同样问题的任何人,感谢 duply 的开发者,我找到了答案
https://sourceforge.net/p/ftplicity/bugs/76/#74c5
简而言之,你需要从gpg 2.1开始添加GPG_OPTS='--pinentry-mode loopback'并添加allow-loopback-pinentry到.gnupg/gpg-agent.conf
这让我离工作设置更近了一步。
这是我在 Whosebug 上的第一个问题,所以我希望它会遵守社区准则:
我构建了一个 docker image based on an already existing 映像,其唯一目的是 运行 在容器中进行口是心非,以将文件和文件夹备份到欧洲的 Amazon S3 存储桶中。
口是心非在 运行 手动放入由图像生成的容器中时工作了几天。现在,我通过带有 CoreOS 的主机上的单元文件转移到 运行 容器,但事情不再起作用了 - 但该命令也不起作用,我 运行 它在一个口是心非的容器中手动运行。
运行命令:
docker run --rm --env-file=<my backup env file>.env --name=<container image> -v <cache container>:/home/duplicity/.cache/duplicity -v <docker volume with gpg keys>:/home/duplicity/.gnupg --volumes-from <docker container of interest> gymnae/duplicity
env 文件包含以下内容:
PASSPHRASE=<my super secret passphrase>
AWS_ACCESS_KEY_ID=<my aws access key id>
AWS_SECRET_ACCESS_KEY=<my aws access key>
SOURCE_PATH=<where does the data come from>
REMOTE_URL=s3://s3.eu-central-1.amazonaws.com/<my bucket>
PARAMS_CLEAN="--remove-older-than 3M --force --extra-clean"
ENCRYPT_KEY=<derived from the gpg key>
而在 docker run 上调用的 init.sh 看起来像这样:
#!/bin/sh
duplicity \
--verbosity 8 \
--s3-use-ia \
--s3-use-new-style \
--s3-use-server-side-encryption \
--s3-european-buckets \
--allow-source-mismatch \
--ssl-no-check-certificate \
--s3-unencrypted-connection \
--volsize 150 \
--gpg-options "--no-tty" \
--encrypt-key $ENCRYPT_KEY \
--sign-key $ENCRYPT_KEY \
$SOURCE_PATH \
$REMOTE_URL
我试过 -i、-it、-t 和 -d - 但结果总是一样的:
===== Begin GnuPG log =====
gpg: using "<supersecret>" as default secret key for signing
gpg: signing failed: Not a tty
gpg: [stdin]: sign+encrypt failed: Not a tty
===== End GnuPG log =====
GPG error detail: Traceback (most recent call last):
File "/usr/bin/duplicity", line 1532, in <module>
with_tempdir(main)
File "/usr/bin/duplicity", line 1526, in with_tempdir
fn()
File "/usr/bin/duplicity", line 1380, in main
do_backup(action)
File "/usr/bin/duplicity", line 1508, in do_backup
incremental_backup(sig_chain)
File "/usr/bin/duplicity", line 662, in incremental_backup
globals.backend)
File "/usr/bin/duplicity", line 425, in write_multivol
at_end = gpg.GPGWriteFile(tarblock_iter, tdp.name, globals.gpg_profile, globals.volsize)
File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 356, in GPGWriteFile
file.close()
File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 241, in close
self.gpg_failed()
File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 226, in gpg_failed
raise GPGError(msg)
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: using "<supersecret>" as default secret key for signing
gpg: signing failed: Not a tty
gpg: [stdin]: sign+encrypt failed: Not a tty
===== End GnuPG log =====
gpg 尝试签名时的这个 Not a tty 错误很奇怪。
以前好像没什么问题,或者我在加夜班的时候疯狂打字说曾经能用,现在就是不想用了。
对于遇到同样问题的任何人,感谢 duply 的开发者,我找到了答案
https://sourceforge.net/p/ftplicity/bugs/76/#74c5
简而言之,你需要从gpg 2.1开始添加GPG_OPTS='--pinentry-mode loopback'并添加allow-loopback-pinentry到.gnupg/gpg-agent.conf
这让我离工作设置更近了一步。