GPG2 无弹框验证的坑

写了个脚本给我仓库的包批量打包然后签名,发现签名时需要输入 GPG key 密码 (?当然)
由于是先打包再签名,打包时间又长,我不可能去盯着,所以经常出现 GPG 验证超时的情况。

1
2
3
$ gpg -b you_package.pkg.tar.xz
gpg: signing failed: Timeout
gpg: signing failed: Timeout

可不可以直接把密码写到脚本里呢? 我搜了下,发现有参数 –passphrase

1
gpg --passphrase your_password -b you_package.pkg.tar.xz

使用起来却出了问题, dont work. 经常是会要求输入密码,还有会超时的情况。于是我翻了翻 gpg 的 man 手册,果然

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
--passphrase-file file
Read the passphrase from file file. Only the first line will be read from file
file. This can only be used if only one passphrase is supplied. Obviously, a
passphrase stored in a file is of questionable security if other users can read
this file. Don't use this option if you can avoid it.

Note that since Version 2.0 this passphrase is only used if the option --batch
has also been given. Since Version 2.1 the --pinentry-mode also needs to be set
to loopback.

--passphrase string
Use string as the passphrase. This can only be used if only one passphrase is
supplied. Obviously, this is of very questionable security on a multi-user sys‐
tem. Don't use this option if you can avoid it.

Note that since Version 2.0 this passphrase is only used if the option --batch
has also been given. Since Version 2.1 the --pinentry-mode also needs to be set
to loopback.
Note  that since Version 2.0 this passphrase is only used if the option --batch
has also been given. Since Version 2.1 the --pinentry-mode also needs to be set
to loopback.

请注意,从版本2.0开始,只有选项 –batch 才会使用密码。 从版本2.1开始,还需要设置–pinentry-mode loopback

我的gpg 版本是 gpg (GnuPG) 2.2.17, 所以需要这样:

1
2
3
4
# 输入密码 
gpg --batch --passphrase your_password --pinentry-mode loopback -b you_package.pkg.tar.xz
# 也可以将密码写到文件里,使用文件
gpg --batch --passphrase-file your_password_file --pinentry-mode loopback -b you_package.pkg.tar.xz

我翻 archwiki 也看到了对于 GnuPG 2.1.0 以上的说明 Unattended passphrase
wiki 里特别说明了,还需要在 ~/.gnupg/gpg-agent.conf 写入

1
allow-loopback-pinentry

我觉得没啥用, 包括man 手册里要求的 –batch 也可以不加, 当然这取决于你.

然后杀掉gpg-agent就可以,你使用的时候会自动重启.

1
gpgconf --kill gpg-agent
Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×