I use Blackbox to protect sensitive files in my repositories, but suddenly, inexplicably to me, it just stops working.
I am running a CI deployment for a GitLab script, and blackbox_postdeployit crashes with a message gpg: [don't know] ctb=00.
I managed to find out what ctb=00usually deals with corrupt key chains, but since I run this on a clean Docker container (via GitLab CI), I don’t know how to fix it.
Here is the output from the GitLab CI script:
$ gpg -v --import <(echo "$GPG_PRIVATE_KEY")
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: pub 4096R/ABC1234 2017-04-28 Bot <bot@redacted.com>
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: using PGP trust model
gpg: key ABC1234: public key "Bot <bot@redacted.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
$ which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
/usr/bin/ssh-agent
$ eval $(ssh-agent -s)
Agent pid 72
$ ssh-add <(echo "$SSH_PRIVATE_KEY")
Identity added: /dev/fd/63 (rsa w/o comment)
$ mkdir -p ~/.ssh
$ [[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
$ git config --global url."git@gitlab.com:".insteadOf "https://gitlab.com/"
$ ln -s /builds /go/src/gitlab.com
$ cd /go/src/gitlab.com/me/mysystem
$ blackbox_postdeploy
========== Importing keychain: START
gpg: [don't know]: invalid packet (ctb=00)
gpg: key export failed: invalid packet
ERROR: Job failed: exit code 1
Things I tried:
- Manually delete Blackbox files.
- Strongly reinitialized Blackbox in the repository.
- Re-creating the public key for my deployment bot.
/root/.gnupg .
- ? , .
.