gpg on read-only filesystem

Fourhundred Thecat 400thecat at gmx.ch
Sun Oct 20 07:22:46 CEST 2019


Hello,

how can I use gpg without agent ?
Also, how can I use gpg as root, when / is mounted read-only?

I understand the advantages of gpg agent, and I am happily using it as
user on my desktop.

But, on my remote server , I don't want to use any agent. I don't need
any program remembering my passwords, and I don't need any fancy
password prompts.

I just need basic function (decrypt .gpg file)

Also, I consider it good practice to have / mounted read-only, and I
don't understand why gpg would need to open trustdb.gpg in rw mode, when
using  simple operations such as gpg --verify.

gpg: Fatal: can't open '/root/.gnupg/trustdb.gpg': Operation not permitted

In older versions of gpg, it complained abut missing agent and readonly
filesystem, but it still worked.

Now on gpg 2.2.12 I am unable to use it even for the simplest operations.

In short, it seems to me very bad design decisions have been made, which
have rendered gpg basically unusable.

Has this been done intentionally? gpg is part of core infrastructure. It
should be simple and functional. Any fancy "features" should be
implemented as option, not forced.

How am I supposed to use gpg now ?

I would appreciate any feedback from this community.

Below are the errors I am getting.

# gpg --batch -d zz.gpg
gpg: failed to create temporary file
'/root/.gnupg/.#lk0x00005608d3406ed0.buster64-dev.14763': Read-only file
system
gpg: keyblock resource '/root/.gnupg/pubring.kbx': Read-only file system
gpg: AES256 encrypted data
gpg: failed to create temporary file
'/root/.gnupg/.#lk0x00005608d3407f60.buster64-dev.14763': Read-only file
system
gpg: can't connect to the agent: Read-only file system
gpg: problem with the agent: No agent running
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key

thanks,



More information about the Gnupg-users mailing list