Comments (11)
I've confirmed that using a Sign+Encrypt subkey works as expected, so that's at least a workaround. (It works in my particular case... however, there are other scenarios where one can not add an additional encryption subkey because it's generally expected that there be only a single encrypting subkey.)
Regardless, there is a slight bug (minor annoyance, really) when using only a subkey: this action reports a warning during workflow cleanup that the secret key is missing. This annotation is displayed on the workflow summary, as well as in detail within the workflow log output.
gpg: key "EC4A05892FB2603243F5031D249FB5A789A6EF28" not found gpg: EC4A05892FB2603243F5031D249FB5A789A6EF28: delete key failed: Not found
My assumption is that this action is attempting to delete the secret key that was added. However, if the secret key contains only a subkey, then the deletion fails.
from ghaction-import-gpg.
@crazy-max Hi. I have tried to use crazy-max/ghaction-import-gpg@subkey and it works. Previous version v4 was failed with ##[error]Could not find valid encryption key packet in key
from ghaction-import-gpg.
I'm having the same problem, and for me it traces back to https://github.com/crazy-max/ghaction-import-gpg/blob/master/src/openpgp.ts#L33
A signing-only key will not have an encryption key, so it fails there it seems. If I remove that line, this removes the error for me. I don't know how much knock-on damage that does though.
from ghaction-import-gpg.
I'm currently using a fork that makes https://github.com/crazy-max/ghaction-import-gpg/blob/master/src/openpgp.ts#L33 optional.
from ghaction-import-gpg.
I had the same issue with a sign only key. I just added a enctyption subkey and this also works when importing both and not just the sign-only subkey
from ghaction-import-gpg.
Hi @jasonkarns, I will take a look this week on this issue. Thanks for your input and concise report. Btw maybe linked to #39 (comment)
from ghaction-import-gpg.
Agree, thread in #39 sounds similar. I also exported with gpg --armor --export-secret-subkeys SUBKEYID!
as mentioned there.
Looks like openpgp.js supposedly supports this now? openpgpjs/openpgpjs#865 But this action is already using a version that includes that patch so 🤷 ...
from ghaction-import-gpg.
A signing-only key will not have an encryption key, so it fails there it seems.
So does that mean that a sub key will work fine so long as the sub key is signing+encryption?
While this bug/feature should still remain open, that would at least unblock me by allowing sub keys. (I haven't tried importing sub keys with additional capabilities yet).
from ghaction-import-gpg.
Hi, I see a several merges but the issue is still open. Is there still more to do here?
from ghaction-import-gpg.
@jason-swissre Look closely; they're all merged to other repositories ;)
GitHub will show when someone mentions an issue elsewhere, so those merges just show a lot of people are running into this.
from ghaction-import-gpg.
I started something in #112. Can someone try it with uses: crazy-max/ghaction-import-gpg@subkey
and let me know if it looks good? Thanks.
from ghaction-import-gpg.
Related Issues (20)
- No errors but can't sign commits HOT 5
- Set trust on private key import HOT 2
- Transient ERR 67108891 Not found <GPG Agent> HOT 5
- Error: Misformed armored text HOT 1
- Delete key fails when you use set a subkey for the fingerprint input HOT 2
- Premature key removal in cleanup due to concurrency HOT 3
- 67108933 Not implemented <GPG Agent> HOT 3
- No secret key when signing with goreleaser HOT 1
- Allow using any UID from a key
- Deprecated Node.js 12 actions (Update to Node.js 16) HOT 2
- Unable to export GPG key HOT 3
- Keygrip empty
- SSH Signing-Key Support? HOT 1
- Input required and not supplied: gpg_private_key HOT 2
- Error raised if '.gnupg/gpg-agent.conf' does not exist HOT 2
- openpgp is an outdated version that does not support ECC keys HOT 4
- Getting error `gpg: error reading key: No secret key` HOT 4
- Suggestion: pass or allow `--global` flag when configuring properties in `git config` HOT 2
- Post-cleanup GPG action generates a warning if the same key is imported twice HOT 1
- Support `if-asked` for `git-push-gpgsign` HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ghaction-import-gpg.