bash 如何从 cron 运行的脚本运行 gpg?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/39867/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to run gpg from a script run by cron?
提问by Marcin
I have a script that has a part that looks like that:
我有一个脚本,它有一个看起来像这样的部分:
for file in `ls *.tar.gz`; do
echo encrypting $file
gpg --passphrase-file /home/$USER/.gnupg/backup-passphrase \
--simple-sk-checksum -c $file
done
For some reason if I run this script manually, works perfectly fine and all files are encrypted. If I run this as cron job, echo $fileworks fine (I see "encrypting <file>" in the log), but the file doesn't get encrypted and gpg silent fails with no stdout/stderr output.
出于某种原因,如果我手动运行此脚本,则可以正常工作并且所有文件都已加密。如果我将此作为 cron 作业运行,则echo $file工作正常(我在日志中看到“正在加密 <file>”),但是文件没有被加密并且 gpg silent 失败,没有 stdout/stderr 输出。
Any clues?
有什么线索吗?
采纳答案by Marcin
It turns out that the answer was easier than I expected. There is a --batchparameter missing, gpg tries to read from /dev/tty that doesn't exist for cron jobs. To debug that I have used --exit-on-status-write-errorparam. But to use that I was inspired by exit status 2, reported by echoing $?as Cd-Man suggested.
事实证明,答案比我预期的要容易。--batch缺少一个参数,gpg 尝试从 cron 作业不存在的 /dev/tty 读取。为了调试我使用了--exit-on-status-write-error参数。但是使用它时,我受到退出状态 2 的启发,$?按照 Cd-Man 的建议通过回声报告。
回答by Sllouyssgort
In my case gpg cant find home dir for using keys:
在我的情况下,gpg 找不到使用密钥的主目录:
gpg: no default secret key: No secret key
gpg: 0003608.cmd: sign+encrypt failed: No secret key
gpg: 无默认秘钥:无秘钥
gpg:0003608.cmd:签名+加密失败:没有密钥
So I added --homedir /root/.gnupg. The final command can looks like
所以我加了--homedir /root/.gnupg。最后的命令看起来像
echo 'password' | gpg -vvv --homedir /root/.gnupg --batch --passphrase-fd 0 --output /usr/share/file.gpg --encrypt --sign /usr/share/file.tar.bz2
echo '密码' | gpg -vvv --homedir /root/.gnupg --batch --passphrase-fd 0 --output /usr/share/file.gpg --encrypt --sign /usr/share/file.tar.bz2
回答by Grey Panther
You should make sure that GPG is in your path when the cronjob is running. Your best guess would be do get the full path of GPG (by doing which gpg) and running it using the full path (for example /usr/bin/gpp...).
当 cronjob 运行时,您应该确保 GPG 在您的路径中。您最好的猜测是获取 GPG 的完整路径(通过执行which gpg)并使用完整路径运行它(例如/usr/bin/gpp...)。
Some other debugging tips:
其他一些调试技巧:
- output the value of
$?after running GPG (like this: echo "$?"). This gives you the exit code, which should be 0, if it succeded - redirect the STDERR to STDOUT for GPG and then redirect STDOUT to a file, to inspect any error messages which might get printed (you can do this a command line:
/usr/bin/gpg ... 2>&1 >> gpg.log)
$?运行 GPG 后输出的值(像这样:echo "$?")。这为您提供退出代码,如果成功,该代码应该为 0- 重定向STDERR到STDOUT的GPG,然后重定向STDOUT到一个文件中,检查这可能会印刷任何错误消息(您可以在此做一个命令行:
/usr/bin/gpg ... 2>&1 >> gpg.log)
回答by Mike Lapinskas
In my case: "gpg: decryption failed: Bad session key".
就我而言:“gpg:解密失败:会话密钥错误”。
Tried adding /usr/bin/gpg, checking the version, setting --batch, setting --home (with /root/.gnupg and /home/user/.gnupg) and all did not work.
尝试添加/usr/bin/gpg,检查版本,设置--batch,设置--home(使用/root/.gnupg 和/home/user/.gnupg),但都不起作用。
/usr/bin/gpg -d --batch --homedir /home/ec2-user/.gnupg --no-mdc-warning -quiet --passphrase "$GPG_PP" "$file"
Turned out that cron on AWS beanstalk instance needed the environment variable being used to set the --passphrase $GPG_PP. Cron now:
原来,AWS beanstalk 实例上的 cron 需要用于设置 --passphrase $GPG_PP 的环境变量。现在 Cron:
0 15 * * * $(source /opt/elasticbeanstalk/support/envvars && /home/ec2-user/bin/script.sh >> /home/ec2-user/logs/cron_out.log 2>&1)
回答by dr-jan
@skinp Cron jobs are executed by sh, whereas most modern Unixes use bash or ksh for interactive logins. The biggest problem (in my experience) is that sh doesn't understand things like:
@skinp Cron 作业由 sh 执行,而大多数现代 Unix 使用 bash 或 ksh 进行交互式登录。最大的问题(根据我的经验)是 sh 不理解以下内容:
export PS1='\u@\h:\w> '
which needs to be changed to:
需要更改为:
PS1='\u@\h:\w> '
export PS1
So if cron runs a shell script which defines an environment variable using the first syntax, before running some other command, the other command will never be executed because sh bombs out trying to define the variable.
因此,如果 cron 运行使用第一种语法定义环境变量的 shell 脚本,则在运行其他命令之前,将永远不会执行其他命令,因为 sh 尝试定义变量时会失败。
回答by Nick Berardi
make sure the user that is running the cron job has the permissions needed to encrypt the file.
确保运行 cron 作业的用户具有加密文件所需的权限。
回答by skinp
I've came across this problem once.
我曾经遇到过这个问题。
I can't really tell you why, but I dont think cron executes with the same environment variable as the user do.
我真的不能告诉你为什么,但我不认为 cron 与用户使用相同的环境变量执行。
I actually had to export the good path for my programs to execute well. Is gpg at least trying to execute?
实际上,我不得不为我的程序导出好的路径才能很好地执行。gpg 至少试图执行吗?
Or are the files you are trying to encypt actually in the current directory when the cron executes?
或者当 cron 执行时,您尝试加密的文件实际上是否在当前目录中?
Maybe try to execute a echo whereis gpgand echo $PATHin your script to see if it's included... Worked for me.
也许尝试在您的脚本中执行 a echo whereis gpgandecho $PATH以查看它是否包含在内...对我来说有效。
