Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error raised if '.gnupg/gpg-agent.conf' does not exist #176

Closed
RomanBredehoft opened this issue Aug 29, 2023 · 2 comments · Fixed by #181 or zama-ai/concrete-ml#222
Closed

Error raised if '.gnupg/gpg-agent.conf' does not exist #176

RomanBredehoft opened this issue Aug 29, 2023 · 2 comments · Fixed by #181 or zama-ai/concrete-ml#222
Labels
kind/enhancement

Comments

@RomanBredehoft
Copy link

RomanBredehoft commented Aug 29, 2023
edited
Loading

Behaviour

The action failed to run and raised Error: ENOENT: no such file or directory, open '.gnupg/gpg-agent.conf' when trying to configure the GnuPG agent

Steps to reproduce this issue

I used the action for signing tags in the following step :

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }}
          git_user_signingkey: true
          git_tag_gpgsign: true

Expected behaviour

The action should work without raising an issue. If the file does not exist, I believe it should be created instead.

Actual behaviour

The following error was raised : Error: ENOENT: no such file or directory, open '.gnupg/gpg-agent.conf'

Configuration

Complete yaml can be found here.

Logs

Action logs 

Run crazy-max/ghaction-import-gpg@v5
  with:
    gpg_private_key: ***
  
    passphrase: ***
    git_user_signingkey: true
    git_tag_gpgsign: true
    git_config_global: false
    git_commit_gpgsign: false
    git_push_gpgsign: if-asked
    workdir: .
  env:
    ACTION_RUN_URL: https://github.com/zama-ai/concrete-ml/actions/runs/6010454835
    IS_RC: True
    GIT_TAG: v1.2.0-rc0
    RELEASE_BRANCH_NAME: release/1.2.x
GnuPG info
  Version    : 2.2.19 (libgcrypt 1.8.5)
  Libdir     : /usr/lib/x86_64-linux-gnu/gnupg
  Libexecdir : /usr/lib/gnupg
  Datadir    : /usr/share/gnupg
  Homedir    : /root/.gnupg
GPG private key info
  Fingerprint  : 05BB1A52365C60244EB41DB3818604E7F89DE1C0
  KeyID        : 818604E7F89DE1C0
  Name         : Zama Bot
  Email        : [email protected]
  CreationTime : Tue Aug 29 2023 10:23:37 GMT+0200 (Central European Summer Time)
Fingerprint to use
  05BB1A52365C60244EB41DB3818604E7F89DE1C0
Importing GPG private key
  gpg: directory '/root/.gnupg' created
  gpg: keybox '/root/.gnupg/pubring.kbx' created
  gpg: /root/.gnupg/trustdb.gpg: trustdb created
  gpg: key 818604E7F89DE1C0: public key "Zama Bot (GPG key to enable the Zama bot to sign git commits) <[email protected]>" imported
  gpg: key 818604E7F89DE1C0: secret key imported
  gpg: Total number processed: 1
  gpg:               imported: 1
  gpg:       secret keys read: 1
  gpg:   secret keys imported: 1
Configuring GnuPG agent
Error: ENOENT: no such file or directory, open '.gnupg/gpg-agent.conf'

@RomanBredehoft RomanBredehoft mentioned this issue Aug 30, 2023
Merged
@RomanBredehoft
Copy link
Author

So I've taken a deeper look into the code and found a workaround to make it work. There seem to basically be 2 issues :

  • if the gpg-agent.conf file does not exist, an error is raised (while I believe we could just create it empty)
  • the getGnupgHome function does not work properly

Regarding the second one, I believe the issue is that, for some reasons, my GPG's home directory is /root/.gnupg (the logs say Homedir : /root/.gnupg) while getGnupgHome returns .gnupg. The reason probably comes from line 27 in gpg.ts :

 let homedir: string = path.join(process.env.HOME || '', '.gnupg');

Instead of process.env.HOME, we should probably use GPG's home directory from function getDirs for example. Or at least something similar that retrieve's the homedir from GPG directly. Or am i missing something ?

For now, this is how I managed to make it work :

      - name: Create gpg-agent.conf file
        run: |
          # Get GPG's home directory
          GPG_HOMEDIR="$(gpgconf --list-dirs | grep "^homedir:" | sed 's/homedir://')"
          GPG_AGENT_CONF="${GPG_HOMEDIR}/gpg-agent.conf"

          # Create GPG's home directory
          mkdir "${GPG_HOMEDIR}"

          # Create GPG's agent configuration file 
          touch "${GPG_AGENT_CONF}"

          # Give permissions in order to avoid GPG unsafe warnings
          chmod 600 "${GPG_HOMEDIR}"

          # Store GPG's home directory as an environment variable
          echo "GPG_HOMEDIR=${GPG_HOMEDIR}" >> "$GITHUB_ENV"

      - name: Import GPG
        uses: crazy-max/[email protected]
        with:
          gpg_private_key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }}
          git_user_signingkey: true
          git_tag_gpgsign: true
        env:
          GNUPGHOME: ${{ env.GPG_HOMEDIR }}

It seems that also I needed to add some permissions to the directory, else a "warning: unsafe permissions" was raised by GPG: https://gist.github.com/oseme-techguy/bae2e309c084d93b75a9b25f49718f85

Besides, even with that, I was not able to use the git_config_global option as it would raise an aobscure $HOME not set error. Solutions like in this topic did not solve anything. Fortunately, I did not need this and I could just avoid it.

Hope this gives a better idea of the issue !

@crazy-max crazy-max mentioned this issue Sep 3, 2023
Merged
@crazy-max
Copy link
Owner

Latest release should fix this issue, thanks for your feedback

@RomanBredehoft RomanBredehoft mentioned this issue Sep 4, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement
Projects
None yet
Milestone
No milestone
2 participants
@crazy-max @RomanBredehoft