在作业 Circle Ci 中使用 Blackbox 时出错 "gpg: decryption failed: No secret key"
Error "gpg: decryption failed: No secret key" when using Blackbox in job Circle Ci
我有这个 workflow/job Circle Ci:
build:
docker:
- image: circleci/python:3.7
environment:
PIPENV_VENV_IN_PROJECT: true
steps:
- checkout
#other stuff here -> installing dependencies
- run:
name: Running blackbox
command: |
git clone https://github.com/StackExchange/blackbox.git
cd blackbox && sudo make symlinks-install && cd ..
echo "Importing key"
echo -e "$GPG_KEY_CI" | gpg --import
blackbox_postdeploy
当管道为 运行 时,我因错误 "gpg: decryption failed: No secret key" 而卡住了将近 3 个小时。我在 Circle Ci 上设置了 GPG_KEY_CI 作为环境变量,并且我做了一些测试 "echo gpg --list-secret-keys" 以检查是否导入了密钥(私钥) .所以,一切看起来都是正确的。
这是输出:
Cloning into 'blackbox'...
remote: Enumerating objects: 18, done.
remote: Counting objects: 100% (18/18), done.
remote: Compressing objects: 100% (16/16), done.
remote: Total 2151 (delta 6), reused 7 (delta 2), pack-reused 2133
Receiving objects: 100% (2151/2151), 617.31 KiB | 1.10 MiB/s, done.
Resolving deltas: 100% (1369/1369), done.
Symlinking files from ./bin to /usr/local/bin
Done.
Importing key
gpg: directory '/home/circleci/.gnupg' created
gpg: keybox '/home/circleci/.gnupg/pubring.kbx' created
gpg: /home/circleci/.gnupg/trustdb.gpg: trustdb created
gpg: key 9FxxxxxxxxxxxxD9: public key "Circle Ci <xxxxxxxxxx@gmail.com>" imported
gpg: key 9FxxxxxxxxxxxxD9: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
========== Importing keychain: START
gpg: Total number processed: 1
gpg: unchanged: 1
========== Importing keychain: DONE
========== Decrypting new/changed files: START
gpg: decryption failed: No secret key
3 小时后,我发现导出的密钥带有保护私钥的密码。因此,只需按照以下步骤再次导出私钥:
1)首先列出获取指纹的keys:
>> gpg --list-secret-keys
/Users/xxxxxx/.gnupg/pubring.kbx
--------------------------------
sec rsa2048 2019-11-16 [SC] [expires: 2021-11-15]
FED8634xxxxxxxxxxxxxxxxxxxxxx1E4C7020D9 <====== fingerprint
uid [ultimate] Circle Ci <xxxx+circleci@gmail.com>
ssb rsa2048 2019-11-16 [E] [expires: 2021-11-15]
2) 从您的私钥中删除通行证。当 GnuPG 提示输入新密码时,将其留空并按回车键(两次):
>> gpg --edit-key <fingerprint>
passwd
save
3) 再次将私钥导出到剪贴板(pbcopy 将标准输入复制到剪贴板):
>> gpg -a --export-secret-keys <fingerprint> | cat -e | sed 's/$/\n/g' | pbcopy
4) 替换 Circle 上的密钥 Ci 环境变量
我有这个 workflow/job Circle Ci:
build:
docker:
- image: circleci/python:3.7
environment:
PIPENV_VENV_IN_PROJECT: true
steps:
- checkout
#other stuff here -> installing dependencies
- run:
name: Running blackbox
command: |
git clone https://github.com/StackExchange/blackbox.git
cd blackbox && sudo make symlinks-install && cd ..
echo "Importing key"
echo -e "$GPG_KEY_CI" | gpg --import
blackbox_postdeploy
当管道为 运行 时,我因错误 "gpg: decryption failed: No secret key" 而卡住了将近 3 个小时。我在 Circle Ci 上设置了 GPG_KEY_CI 作为环境变量,并且我做了一些测试 "echo gpg --list-secret-keys" 以检查是否导入了密钥(私钥) .所以,一切看起来都是正确的。
这是输出:
Cloning into 'blackbox'...
remote: Enumerating objects: 18, done.
remote: Counting objects: 100% (18/18), done.
remote: Compressing objects: 100% (16/16), done.
remote: Total 2151 (delta 6), reused 7 (delta 2), pack-reused 2133
Receiving objects: 100% (2151/2151), 617.31 KiB | 1.10 MiB/s, done.
Resolving deltas: 100% (1369/1369), done.
Symlinking files from ./bin to /usr/local/bin
Done.
Importing key
gpg: directory '/home/circleci/.gnupg' created
gpg: keybox '/home/circleci/.gnupg/pubring.kbx' created
gpg: /home/circleci/.gnupg/trustdb.gpg: trustdb created
gpg: key 9FxxxxxxxxxxxxD9: public key "Circle Ci <xxxxxxxxxx@gmail.com>" imported
gpg: key 9FxxxxxxxxxxxxD9: secret key imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
========== Importing keychain: START
gpg: Total number processed: 1
gpg: unchanged: 1
========== Importing keychain: DONE
========== Decrypting new/changed files: START
gpg: decryption failed: No secret key
3 小时后,我发现导出的密钥带有保护私钥的密码。因此,只需按照以下步骤再次导出私钥:
1)首先列出获取指纹的keys:
>> gpg --list-secret-keys
/Users/xxxxxx/.gnupg/pubring.kbx
--------------------------------
sec rsa2048 2019-11-16 [SC] [expires: 2021-11-15]
FED8634xxxxxxxxxxxxxxxxxxxxxx1E4C7020D9 <====== fingerprint
uid [ultimate] Circle Ci <xxxx+circleci@gmail.com>
ssb rsa2048 2019-11-16 [E] [expires: 2021-11-15]
2) 从您的私钥中删除通行证。当 GnuPG 提示输入新密码时,将其留空并按回车键(两次):
>> gpg --edit-key <fingerprint>
passwd
save
3) 再次将私钥导出到剪贴板(pbcopy 将标准输入复制到剪贴板):
>> gpg -a --export-secret-keys <fingerprint> | cat -e | sed 's/$/\n/g' | pbcopy
4) 替换 Circle 上的密钥 Ci 环境变量