search

aptly-dev / aptly

aptly - Debian repository management tool
https://www.aptly.info/
MIT License
2.54k stars 369 forks source link

Aptly publish API (curl) fails because gpg still asks for passphrase even when passing "Passphrase" or "PassphraseFile" #1252

Open pdepaulis opened 4 months ago

pdepaulis commented 4 months ago

Detailed Description

This happens when using gpg2 at least. In regular aptly command line, two options are required:

Context

When using the REST API for Publishing for the first time which requires passing the gpp passphrase to unlock the key. Note that because the key is gpg2 I cannot use the "internal" GPG provider since it looks for the legacy secring/pubring which don't exist in gpg2.

Possible Implementation

Not sure why "batch" is required, even when passing the PassPhraseFile with cmd line, but be that as it may, please provide a "batch" option for REST

Your Environment

Debian bookworm aptly version: 1.5.0+ds1-1+b4

    "gpgDisableSign": false,
    "gpgDisableVerify": false,
    "gpgProvider": "gpg2",
neolynx commented 2 months ago

how are you starting aptly ? gpg might need tty access or some agent to handle input.

neolynx commented 2 months ago

could you share your REST call?

the Batch option is available via REST, within the Singing block: 

    curl -fsS -X PUT -H 'Content-Type: application/json' --data \
        "{\"AcquireByHash\": true, \"Snapshots\": [{\"Component\": \"main\", \"Name\": \"$aptly_snapshot\"}],
                                   \"Signing\": {\"Batch\": true, \"Keyring\": \"aptly.repo/aptly.pub\",
                                                 \"secretKeyring\": \"aptly.repo/aptly.sec\", \"PassphraseFile\": \"aptly.repo/passphrase\"}}" \
        -u $aptly_user:$aptly_password ${aptly_api}/api/publish/$aptly_published

(from: upload-artifacts.sh)