gpg instructions fail on centos 7

[Tom Burdick]

I'm not entirely sure what the problem is here, but on centos 7 the documentation for the gpg renderer describe creating a key, which does not work, seems tied to the --homedir option not working as expected. Any ideas on how to work around this? When using the default ~/.gnupg (no --homedir option) things work just fine

cat /etc/centos-release

CentOS Linux release 7.2.1511 (Core) 

gpg --gen-key --homedir /etc/salt/gpgkeys                                                                                                                                                                    :(

gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:

   (1) RSA and RSA (default)

   (2) DSA and Elgamal

   (3) DSA (sign only)

   (4) RSA (sign only)

Your selection? 1

RSA keys may be between 1024 and 4096 bits long.

What keysize do you want? (2048) 4096

Requested keysize is 4096 bits

Please specify how long the key should be valid.

         0 = key does not expire

      <n>  = key expires in n days

      <n>w = key expires in n weeks

      <n>m = key expires in n months

      <n>y = key expires in n years

Key is valid for? (0) 0

Key does not expire at all

Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Test

Name must be at least 5 characters long

Real name: te...@test.com

Email address: te...@test.com

Comment: te...@test.com

You selected this USER-ID:

    "te...@test.com (te...@test.com) <te...@test.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

You need a Passphrase to protect your secret key.

gpg: can't connect to the agent: IPC connect call failed

gpg: problem with the agent: No agent running

gpg: can't connect to the agent: IPC connect call failed

gpg: problem with the agent: No agent running

gpg: Key generation canceled.

Any help is greatly appreciated. I tried explicitly running the gpg-agent with a --homedir option set to /etc/salt/gpgkeys without any success, along with a few other random attempts with env vars and such.

I'm tempted to just create the keys, then copy all of it to /etc/salt/gpgkeys but I have a feeling that won't work if this isn't working?

Cheers,

Tom

[patch...@gmail.com]

Hi Tom,

Have you found a workaround? I got the exact same problem on a master with CentOS 7.

Playing with the gpg agent or config did also allow me to go through the key creation process, but there's no way I can get it to work. I can't go beyond the following salt master error when I make use of it:

Could not decrypt cipher... 

[Tom Burdick]

Unfortunately now, I did see a bug report for fog about this problem. Perhaps sal-master since it's running as root could use the users gpg keys rather than the ones in etc. It's not something I've tried yet.

Tom

--
You received this message because you are subscribed to a topic in the Google Groups "Salt-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/salt-users/D3N3e1Kw7pA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to salt-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Paul Bruno]

Hello, 

I just attempted to use the gpg encryption in my pillar and have this same problem on Centos 7. I have tried not using the recommended homedir /etc/salt/gpgkeys, but not luck getting the gpg render to work. They keys get created however, but in /root/.gnupg.

Has anyone found a way around this?

Paul