search

yegor256 / rultor

DevOps team assistant that helps you merge, deploy, and release GitHub-hosted apps and libraries
https://www.rultor.com
Other
560 stars 156 forks source link

gpg: decryption failed: bad key #1221

Open jayvdb opened 6 years ago

jayvdb commented 6 years ago

The repository coala/coala-bears stopped working four days ago. Our issue about it is https://github.com/coala/coala/issues/4876

Examples

This is somewhat similar to https://github.com/yegor256/rultor/issues/1138

Full log:

+ ff=only
+ rebase=false
+ container=coala_coala-bears_2127
+ as_root=true
+ mkdir -p /home/rultor/.ssh
+ echo -e 'Host github.com\n\tStrictHostKeyChecking no\n'
+ chmod 600 /home/rultor/.ssh/config
+ git clone git@github.com:coala/coala-bears.git repo
Cloning into 'repo'...
+ cd repo
+ git config user.email me@rultor.com
+ git config user.name rultor
+ '[' -z 'export '\''fork=git@github.com:RaiVaibhav/coala-bears.git'\''' ']'
+ cd ..
+ cat
+ '[' true = true ']'
+ cat
+ chmod a+x entry.sh
+ cat
+ echo 'export '\''fork=git@github.com:RaiVaibhav/coala-bears.git'\''' ';' 'export '\''fork_branch=mybranch1'\''' ';' 'export '\''head=git@github.com:coala/coala-bears.git'\''' ';' 'export '\''head_branch=master'\''' ';' 'export '\''pull_id=2127'\''' ';' 'export '\''pull_title=CSSCombBear.py: Add use_space_before_opening_brace'\''' ';' 'export '\''author=makman2'\''' ';' 'DATE=`date --utc +%Y%m%d%H%M%S`' ';' 'python3 .ci/adjust_version_number.py bears/VERSION -b "$DATE"' ';' 'bash .ci/check_maintainership.sh' ';' 'bash .ci/deploy.pypi.sh' ';'
+ gpgconf --reload gpg-agent
+ gpg --keyserver hkp://pool.sks-keyservers.net --verbose --recv-keys 9AF0FA4C
gpg: requesting key 9AF0FA4C from hkp server pool.sks-keyservers.net
gpg: armor header: Version: SKS 1.1.6
gpg: armor header: Comment: Hostname: keys.klaus-uwe.me
gpg: pub  2048R/9AF0FA4C 2014-08-17  Rultor.com <gpg@rultor.com>
gpg: key 9AF0FA4C: "Rultor.com <gpg@rultor.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
+ gpg --version
gpg (GnuPG) 1.4.20
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
++ pwd
++ pwd
+ gpg --verbose --keyring=/tmp/rultor-pkMZ/.gpg/pubring.gpg --secret-keyring=/tmp/rultor-pkMZ/.gpg/secring.gpg --decrypt repo/.ci/rultor_secrets.sh.asc
gpg: public key is 9A839C3A
gpg: using subkey 9A839C3A instead of primary key 9AF0FA4C
gpg: using subkey 9A839C3A instead of primary key 9AF0FA4C
gpg: encrypted with 2048-bit RSA key, ID 9A839C3A, created 2014-08-17
      "Rultor.com <gpg@rultor.com>"
gpg: AES256 encrypted data
gpg: original file name='rultor-OCHk'
+ gpg --no-tty --batch --verbose --decrypt --passphrase rultor-key:coala/coala-bears rultor_secrets.sh.enc
gpg: AES encrypted data
gpg: gpg-agent is not available in this session
gpg: encrypted with 1 passphrase
gpg: decryption failed: bad key
'cid' file is absent, container wasn't started correctly
0crat commented 6 years ago

@yegor256 please, pay attention to this issue

jayvdb commented 6 years ago

Note that this has not yet been seen on our other repositories. Only this one so far.

yegor256 commented 6 years ago

@jayvdb looks like the passphrase rultor-key:coala/coala-bears is really invalid. Maybe you encrypted your artifacts for a different repository, while trying to use them here?

Makman2 commented 6 years ago

I'm not an expert in encryption and decryption and the rultor docs aren't that detailed. Does it mean that rultor generates a key-set online for each repository? If I understand it correctly, when you do rultor encrypt -p my/repo file, it does

On merging, the rultor bot then