summaryrefslogtreecommitdiff
path: root/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey
diff options
context:
space:
mode:
Diffstat (limited to 'doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey')
-rw-r--r--doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_2_be582d804ba16e6acd3998eaf3eadb56._comment8
-rw-r--r--doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_3_51eff7a4898830a1adaa30da2b311c41._comment23
-rw-r--r--doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_4_4a0432687efa5b83e4cfefecdb355188._comment26
-rw-r--r--doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_5_2678027d2a3cf08cd977495d0b0afe91._comment30
-rw-r--r--doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_6_c526880fa0d866511c0ffecc6f90fcdf._comment8
5 files changed, 95 insertions, 0 deletions
diff --git a/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_2_be582d804ba16e6acd3998eaf3eadb56._comment b/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_2_be582d804ba16e6acd3998eaf3eadb56._comment
new file mode 100644
index 00000000..bffa29c1
--- /dev/null
+++ b/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_2_be582d804ba16e6acd3998eaf3eadb56._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="comment 2"
+ date="2020-08-21T23:51:40Z"
+ content="""
+In this case it's both the same host, but I don't think that's important. I'm just saying that propellor --dump verifies the local copy has the privdata, and I verified by checksums that the remote (host being managed) privdata blob is the same.
+"""]]
diff --git a/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_3_51eff7a4898830a1adaa30da2b311c41._comment b/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_3_51eff7a4898830a1adaa30da2b311c41._comment
new file mode 100644
index 00000000..2e948dd0
--- /dev/null
+++ b/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_3_51eff7a4898830a1adaa30da2b311c41._comment
@@ -0,0 +1,23 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="comment 3"
+ date="2020-08-22T15:08:16Z"
+ content="""
+In this special case I don't really need privData, I worked around it by running `gpg`.
+I'm not sure if my usecase is common enough to warrant extending `Propellor.Property.Gpg`
+
+[[!format haskell \"\"\"
+ & Cmd.cmdProperty \"gpg\" [ \"--output\"
+ , debugMeKeyFile
+ , \"--batch\"
+ , \"--yes\"
+ , \"--export\"
+ , \"7A18807F100A4570C59684207E4E65C8720B706B\"
+ ]
+ `changesFile` debugMeKeyFile
+ `requires` rootGpg
+
+\"\"\"]]
+
+"""]]
diff --git a/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_4_4a0432687efa5b83e4cfefecdb355188._comment b/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_4_4a0432687efa5b83e4cfefecdb355188._comment
new file mode 100644
index 00000000..a2688611
--- /dev/null
+++ b/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_4_4a0432687efa5b83e4cfefecdb355188._comment
@@ -0,0 +1,26 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="comment 4"
+ date="2020-08-22T17:02:41Z"
+ content="""
+OK, I belatedly see what you mean. It's not relevant if the remote privdata.gpg blob matches or not, since iiuc, only the local one is used by --spin.
+
+I'm having a similar issue with `Property.Gpg.keyImported`.
+
+[[!format text \"\"\"
+** warning: Missing privdata GpgKey (for 815B63982A79F8E7C72786C4762B57BB784206AD)
+Fix this by running:
+ propellor --set 'GpgKey' '815B63982A79F8E7C72786C4762B57BB784206AD' \
+ < (Either a gpg public key, exported with gpg --export -a, or a gpg private key, exported with gpg --export-secret-key -a)
+
+cs2613 root has gpg key \"815B63982A79F8E7C72786C4762B57BB784206AD\" ... failed
+** warning: Missing privdata GpgKey (for 7A18807F100A4570C59684207E4E65C8720B706B)
+Fix this by running:
+ propellor --set 'GpgKey' '7A18807F100A4570C59684207E4E65C8720B706B' \
+ < (Either a gpg public key, exported with gpg --export -a, or a gpg private key, exported with gpg --export-secret-key -a)
+\"\"\"]]
+
+Of course I did what propellor suggests, but it doesn't seem to make a difference. Is it possible gpg armoured text is being treated specially as privdata?
+
+"""]]
diff --git a/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_5_2678027d2a3cf08cd977495d0b0afe91._comment b/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_5_2678027d2a3cf08cd977495d0b0afe91._comment
new file mode 100644
index 00000000..dde10ae4
--- /dev/null
+++ b/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_5_2678027d2a3cf08cd977495d0b0afe91._comment
@@ -0,0 +1,30 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="comment 5"
+ date="2020-08-22T20:13:07Z"
+ content="""
+In answer to my own question, it's not related to the content.
+Here we can see a PrivFile has content:
+[[!format text \"\"\"
+╭─ convex:~/.propellor
+╰─ (git)-[master]-% propellor --dump 'PrivFile \"/root/foo\"' 'any'
+[2020-08-22 16:57:32 ADT] command line: Dump (PrivFile \"/root/foo\") (Context \"any\")
+[2020-08-22 16:57:32 ADT] read: git [\"config\",\"gpg.program\"]
+[2020-08-22 16:57:32 ADT] process done ExitFailure 1
+[2020-08-22 16:57:32 ADT] chat: gpg [\"--decrypt\",\"privdata/privdata.gpg\"]
+gpg: encrypted with 4096-bit RSA key, ID 70E3C0DE87068451, created 2019-06-08
+ \"David Bremner <bremner@debian.org>\"
+[2020-08-22 16:57:33 ADT] process done ExitSuccess
+sekrit
+\"\"\"]]
+On the other hand, when running `propellor --spin convex.local` I get
+[[!format text \"\"\"
+** warning: Missing privdata PrivFile \"/root/foo\" (for any)
+Fix this by running:
+ propellor --set 'PrivFile \"/root/foo\"' 'any' \
+ < /root/foo
+\"\"\"]]
+
+I tried with a different workstation, spinning itself, and the same machine as above (\"convex\"), with the same results.
+"""]]
diff --git a/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_6_c526880fa0d866511c0ffecc6f90fcdf._comment b/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_6_c526880fa0d866511c0ffecc6f90fcdf._comment
new file mode 100644
index 00000000..fa241e4b
--- /dev/null
+++ b/doc/forum/propellor_can__39__t_find_privdata_for_gpg_pubkey/comment_6_c526880fa0d866511c0ffecc6f90fcdf._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="comment 6"
+ date="2020-08-23T02:22:06Z"
+ content="""
+I confirmed that privdata is being transmitted, but that my test file is not. The resulting `/usr/local/propellor/privdata/local` file is not obviously corrupted, but does not contain the string \"/root/foo\". The file \"/root/foo\" also does not show as used anywhere in the output of `propellor --list-fields`. I'm not sure if that is surprising or not.
+"""]]