如何从 cron 运行的脚本运行 gpg?
我有一个脚本,其中一部分如下所示:
for file in `ls *.tar.gz`; do
echo encrypting $file
gpg --passphrase-file /home/$USER/.gnupg/backup-passphrase \
--simple-sk-checksum -c $file
done
出于某种原因,如果我手动运行此脚本,则可以正常工作并且所有文件都已加密。 如果我将其作为 cron 作业运行,echo $file 工作正常(我在日志中看到“加密
有什么线索吗?
I have a script that has a part that looks like that:
for file in `ls *.tar.gz`; do
echo encrypting $file
gpg --passphrase-file /home/$USER/.gnupg/backup-passphrase \
--simple-sk-checksum -c $file
done
For some reason if I run this script manually, works perfectly fine and all files are encrypted. If I run this as cron job, echo $file works fine (I see "encrypting <file>" in the log), but the file doesn't get encrypted and gpg silent fails with no stdout/stderr output.
Any clues?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
您应该确保 cronjob 运行时 GPG 在您的路径中。 您最好的猜测是获取 GPG 的完整路径(通过执行
which gpg)并使用完整路径运行它(例如/usr/bin/gpp...>)。其他一些调试技巧:
$?的值(如下所示:echo "$?")。 这将为您提供退出代码,如果成功/usr/bin/gpg ... 2>&1>>gpg.log)You should make sure that GPG is in your path when the cronjob is running. Your best guess would be do get the full path of GPG (by doing
which gpg) and running it using the full path (for example/usr/bin/gpp...).Some other debugging tips:
$?after running GPG (like this: echo "$?"). This gives you the exit code, which should be 0, if it succeded/usr/bin/gpg ... 2>&1 >> gpg.log)确保运行 cron 作业的用户具有加密文件所需的权限。
make sure the user that is running the cron job has the permissions needed to encrypt the file.
我曾经遇到过这个问题。
我不能真正告诉你为什么,但我不认为 cron 使用与用户相同的环境变量执行。
实际上,我必须导出良好的路径才能使我的程序良好执行。
gpg 至少尝试执行吗?
或者当 cron 执行时您尝试加密的文件实际上位于当前目录中?
也许尝试在脚本中执行
echo whereis gpg和echo $PATH来查看它是否包含...对我有用。I've came across this problem once.
I can't really tell you why, but I dont think cron executes with the same environment variable as the user do.
I actually had to export the good path for my programs to execute well.
Is gpg at least trying to execute?
Or are the files you are trying to encypt actually in the current directory when the cron executes?
Maybe try to execute a
echo whereis gpgandecho $PATHin your script to see if it's included... Worked for me.@skinp Cron 作业由 sh 执行,而大多数现代 Unix 使用 bash 或 ksh 进行交互式登录。 最大的问题(根据我的经验)是 sh 不理解这样的事情:
需要更改为:
因此,如果 cron 运行一个使用第一个语法定义环境变量的 shell 脚本,那么在运行其他命令之前,另一个命令永远不会被执行,因为 sh 尝试定义变量时失败了。
@skinp Cron jobs are executed by sh, whereas most modern Unixes use bash or ksh for interactive logins. The biggest problem (in my experience) is that sh doesn't understand things like:
which needs to be changed to:
So if cron runs a shell script which defines an environment variable using the first syntax, before running some other command, the other command will never be executed because sh bombs out trying to define the variable.
就我而言:“gpg:解密失败:会话密钥错误”。
尝试添加 /usr/bin/gpg、检查版本、设置 --batch、设置 --home (使用 /root/.gnupg 和 /home/user/.gnupg),但所有这些都不起作用。
事实证明,AWS beanstalk 实例上的 cron 需要使用环境变量来设置 --passphrase $GPG_PP。 现在的克朗:
In my case: "gpg: decryption failed: Bad session key".
Tried adding /usr/bin/gpg, checking the version, setting --batch, setting --home (with /root/.gnupg and /home/user/.gnupg) and all did not work.
Turned out that cron on AWS beanstalk instance needed the environment variable being used to set the --passphrase $GPG_PP. Cron now:
在我的例子中,gpg 无法找到使用密钥的主目录:
所以我添加了
--homedir /root/.gnupg。 最终命令看起来像In my case gpg cant find home dir for using keys:
So I added
--homedir /root/.gnupg. The final command can looks like事实证明答案比我想象的要容易。 缺少
--batch参数,gpg 尝试从 cron 作业不存在的 /dev/tty 中读取。 为了调试我使用了--exit-on-status-write-error参数。 但使用它时,我受到了退出状态 2 的启发,按照 Cd-Man 的建议通过回显$?来报告。It turns out that the answer was easier than I expected. There is a
--batchparameter missing, gpg tries to read from /dev/tty that doesn't exist for cron jobs. To debug that I have used--exit-on-status-write-errorparam. But to use that I was inspired by exit status 2, reported by echoing$?as Cd-Man suggested.