gnupg on read-only filesystem
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Oct 10 15:48:29 CEST 2017
On Tue 2017-10-10 10:51:16 +0200, Fourhundred Thecat wrote:
> I am using gnupg 2.1.18-6 on Debian Stretch.
Stretch currently ships 2.1.18-8~deb9u1. please update ;)
> My root partition (/) is mounted read-only and I cannot use gpg as root,
> because gpg wants to start gpg-agent and write to /root/.gnupg/
>
> ie:
>
> gpg -d file.gpg
>
> gpg: error creating keybox '/root/.gnupg/pubring.kbx': Read-only file system
> gpg: keyblock resource '/root/.gnupg/pubring.kbx': Read-only file system
> gpg: can't connect to the agent: IPC connect call failed
> gpg: problem with the agent: No agent running
> gpg: decryption failed: No secret key
>
> With gpg version 1, I could use --lock-never and --no-use-agent and it
> worked on read-only filesystem.
>
> How can I use gpg version 2 on read-only filesystem and without agent ?
it looks like you're trying to decrypt a file. it also looks like you
don't have any public keys stored on this machine.
so maybe you're trying to decrypt a symmetrically-encrypted
(password-protected) file?
I'm assuming that you have a writeable filesystem somehwere
(e.g. /tmp). You could try the following:
export GNUPGHOME=$(mktemp -d)
gpg -d file.gpg
rm -rf "$GNUPGHOME"
hth,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20171010/9e62442f/attachment.sig>
More information about the Gnupg-users
mailing list