gnupg on read-only filesystem

Daniel Kahn Gillmor dkg at
Tue Oct 10 15:48:29 CEST 2017

On Tue 2017-10-10 10:51:16 +0200, Fourhundred Thecat wrote:
> I am using gnupg 2.1.18-6 on Debian Stretch.

Stretch currently ships 2.1.18-8~deb9u1.  please update ;)

> My root partition (/) is mounted read-only and I cannot use gpg as root,
> because gpg wants to start gpg-agent and write to /root/.gnupg/
> ie:
>   gpg -d file.gpg
>   gpg: error creating keybox '/root/.gnupg/pubring.kbx': Read-only file system
>   gpg: keyblock resource '/root/.gnupg/pubring.kbx': Read-only file system
>   gpg: can't connect to the agent: IPC connect call failed
>   gpg: problem with the agent: No agent running
>   gpg: decryption failed: No secret key
> With gpg version 1, I could use --lock-never and --no-use-agent and it
> worked on read-only filesystem.
> How can I use gpg version 2 on read-only filesystem and without agent ?

it looks like you're trying to decrypt a file.  it also looks like you
don't have any public keys stored on this machine.

so maybe you're trying to decrypt a symmetrically-encrypted
(password-protected) file?

I'm assuming that you have a writeable filesystem somehwere
(e.g. /tmp).  You could try the following:

    export GNUPGHOME=$(mktemp -d)
    gpg -d file.gpg
    rm -rf "$GNUPGHOME"


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20171010/9e62442f/attachment.sig>

More information about the Gnupg-users mailing list