Please describe the problem.
I'm not sure this is a bug.
We are trying to share a git-lfs special remote on GitLab, encrypted with gcrypt, but one client is getting "gpg: decryption failed: No secret key" when getting or copying content, but sync works well.
I followed the private encrypted git remote on a git-lfs hosting site guide.
I can sync/add/get git-annex content from the git-lfs special remote (named origin), I can also clone the repository on another machine and get/copy content to origin with no problems.
My collegue (listed in gcryt-participants) is able to clone the repo and sync the remote but he cannot get/add content to it (see below).
What steps will reproduce the problem?
Fist I created an new empty project on GitLab
On my machine I created an empty swws-library directory then:
git init
# initialize git annex and set the encrypted git-lfs remote
git annex init
git annex initremote origin type=git-lfs url=gcrypt::git@gitlab.com:softwareworkers/swws-library.git keyid=FCE2EDE78BD9B2CB keyid=D37D0EA7CECC3912
git config remote.origin.gcrypt-participants "D37D0EA7CECC3912 FCE2EDE78BD9B2CB"
git annex sync
# I had to unprotect the master branch in the GitLab project repository settings and again:
git annex sync
# Add a couple of media files
git annex sync --content
# All went fine
Then, my collegue (the owner of the FCE2EDE78BD9B2CB gpg key) cloned the repository and:
git annex enableremote origin
git config remote.origin.gcrypt-participants "D37D0EA7CECC3912 FCE2EDE78BD9B2CB"
git push origin master git-annex
git annex sync
# git annex add <some media>
git annex sync
# all is going fine
On my machine I can "git annex sync origin" and get the updated repository, but my collegue cannot get or copy from/to that remote:
a9i@trix:~/Repos/SW/swws-library$ git annex get
smarketing/220517_workshop_testuale_part1.mp3
get smarketing/220517_workshop_testuale_part1.mp3 (from origin...)
gpg: decryption failed: No secret key
user error (gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
exited 2)
Unable to access these remotes: origin
Maybe add some of these git remotes (git remote add ...):
5e070ec6-adbe-4a60-be06-af60b777d03f --
g@renaissance:~/{git}/softwareworkers.it/swws-library
failed
get: 1 failed
This is the debug output when copying annexed files to the origin remote:
a9i@trix:~/Repos/SW/swws-library$ LC_ALL=C git annex copy --debug --to=origin corsi/
[2022-07-18 15:47:28.478299533] (Utility.Process) process [269581] read:
git
["--git-dir=.git","--work-tree=.","--literal-pathspecs","-c","annex.debug=true","show-ref","git-annex"]
[2022-07-18 15:47:28.480014105] (Utility.Process) process [269581] done
ExitSuccess
[2022-07-18 15:47:28.480418294] (Utility.Process) process [269582] read:
git
["--git-dir=.git","--work-tree=.","--literal-pathspecs","-c","annex.debug=true","show-ref","--hash","refs/heads/git-annex"]
[2022-07-18 15:47:28.482213732] (Utility.Process) process [269582] done
ExitSuccess
[2022-07-18 15:47:28.491746214] (Utility.Process) process [269583] read:
git
["--git-dir=.git","--work-tree=.","--literal-pathspecs","-c","annex.debug=true","log","refs/heads/git-annex..19a97025cc5689891c920766f8fa3ed85fe16229","--pretty=%H","-n1"]
[2022-07-18 15:47:28.494757234] (Utility.Process) process [269583] done
ExitSuccess
[2022-07-18 15:47:28.496856609] (Utility.Process) process [269584] chat:
git
["--git-dir=.git","--work-tree=.","--literal-pathspecs","-c","annex.debug=true","cat-file","--batch"]
[2022-07-18 15:47:28.507245457] (Utility.Process) process [269585] read:
git
["--git-dir=.git","--work-tree=.","--literal-pathspecs","-c","annex.debug=true","ls-files","--stage","-z","--error-unmatch","--","corsi/"]
[2022-07-18 15:47:28.509053804] (Utility.Process) process [269586] chat:
git
["--git-dir=.git","--work-tree=.","--literal-pathspecs","-c","annex.debug=true","cat-file","--batch-check=%(objectname)
%(objecttype) %(objectsize)","--buffer"]
[2022-07-18 15:47:28.510594336] (Utility.Process) process [269587] chat:
git
["--git-dir=.git","--work-tree=.","--literal-pathspecs","-c","annex.debug=true","cat-file","--batch=%(objectname)
%(objecttype) %(objectsize)","--buffer"]
[2022-07-18 15:47:28.511891608] (Utility.Process) process [269584] done
ExitSuccess
[2022-07-18 15:47:28.513074507] (Utility.Process) process [269588] chat:
git
["--git-dir=.git","--work-tree=.","--literal-pathspecs","-c","annex.debug=true","cat-file","--batch=%(objectname)
%(objecttype) %(objectsize)","--buffer"]
copy corsi/2022-06-09_Landing-Pages/2022-06-09_Landing-Pages.org
[2022-07-18 15:47:28.524203277] (Utility.Process) process [269590] chat:
gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
gpg: decryption failed: No secret key
[2022-07-18 15:47:28.532883171] (Utility.Process) process [269590] done
ExitFailure 2
(user error (gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
exited 2)) failed
copy corsi/2022-06-09_Landing-Pages/2022-06-09_Landing-Pages.org~
[2022-07-18 15:47:28.533500984] (Utility.Process) process [269592] chat:
gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
gpg: decryption failed: No secret key
[2022-07-18 15:47:28.540138973] (Utility.Process) process [269592] done
ExitFailure 2
(user error (gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
exited 2)) failed
copy corsi/2022-06-09_Landing-Pages/202206 Formaper - Landing page.pdf
[2022-07-18 15:47:28.540791533] (Utility.Process) process [269594] chat:
gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
gpg: decryption failed: No secret key
[2022-07-18 15:47:28.551983197] (Utility.Process) process [269594] done
ExitFailure 2
(user error (gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
exited 2)) failed
copy corsi/2022-06-09_Landing-Pages/3700213292852724482.mp4 [2022-07-18
15:47:28.554726904] (Utility.Process) process [269596] chat: gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
gpg: decryption failed: No secret key
[2022-07-18 15:47:28.567432702] (Utility.Process) process [269596] done
ExitFailure 2
(user error (gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
exited 2)) failed
copy corsi/2022-06-09_Landing-Pages/6258438201216682752.mp4 [2022-07-18
15:47:28.571835037] (Utility.Process) process [269598] chat: gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
gpg: decryption failed: No secret key
[2022-07-18 15:47:28.579064056] (Utility.Process) process [269598] done
ExitFailure 2
(user error (gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
exited 2)) failed
copy corsi/2022-06-09_Landing-Pages/8959772244561726210.mp4 [2022-07-18
15:47:28.581423831] (Utility.Process) process [269600] chat: gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
gpg: decryption failed: No secret key
[2022-07-18 15:47:28.602507936] (Utility.Process) process [269600] done
ExitFailure 2
(user error (gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
exited 2)) failed
copy corsi/2022-06-09_Landing-Pages/Slide - Landing page efficaci.pdf
[2022-07-18 15:47:28.6080323] (Utility.Process) process [269602] chat:
gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
gpg: decryption failed: No secret key
[2022-07-18 15:47:28.616162922] (Utility.Process) process [269602] done
ExitFailure 2
(user error (gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
exited 2)) failed
copy corsi/2022-06-09_Landing-Pages/Story_mapping.png [2022-07-18
15:47:28.617007178] (Utility.Process) process [269604] chat: gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
gpg: decryption failed: No secret key
[2022-07-18 15:47:28.624214363] (Utility.Process) process [269604] done
ExitFailure 2
(user error (gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
exited 2)) failed
copy corsi/2022-06-09_Landing-Pages/canvas.png [2022-07-18
15:47:28.624826009] (Utility.Process) process [269606] chat: gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
gpg: decryption failed: No secret key
[2022-07-18 15:47:28.634726242] (Utility.Process) process [269606] done
ExitFailure 2
(user error (gpg
["--batch","--no-tty","--use-agent","--quiet","--trust-model","always","--decrypt"]
exited 2)) failed
[2022-07-18 15:47:28.634918681] (Utility.Process) process [269588] done
ExitSuccess
[2022-07-18 15:47:28.634986759] (Utility.Process) process [269587] done
ExitSuccess
[2022-07-18 15:47:28.635050868] (Utility.Process) process [269586] done
ExitSuccess
[2022-07-18 15:47:28.63509396] (Utility.Process) process [269585] done
ExitSuccess
copy: 9 failed
What version of git-annex are you using? On what operating system?
git-annex version: 10.20220624 on Guix on Debian as foreign distro.
Please provide any additional information below.
This is my collegue (the failing part) git repository configuration:
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote "origin"]
url = gcrypt::git@gitlab.com:softwareworkers/swws-library.git
gcrypt-id = :id:Fb42A4B5ODZW/35Z5ZoI
fetch = +refs/heads/*:refs/remotes/origin/*
annex-git-lfs = true
annex-uuid = 9b43bd79-3d24-4e6f-b196-46f5bc67f214
gcrypt-participants = D37D0EA7CECC3912 FCE2EDE78BD9B2CB
gcrypt-publish-participants = true
annex-ignore = false
[branch "master"]
remote = origin
merge = refs/heads/master
[annex]
uuid = 6a09ad78-19a1-451a-8ab5-fb51d18966eb
version = 8
[filter "annex"]
smudge = git-annex smudge -- %f
clean = git-annex smudge --clean -- %f
Have you had any luck using git-annex before? (Sometimes we get tired of reading bug reports all day and a lil' positive end note does wonders)
Oh yes, I'm using git-annex since many many years ago and it's my preferred storage solution, I really love it!
Kudos Joey!
I think that the problem is that keyid= can only be specified once, so the last keyid= you specified was used, which was yours, and it ignored the other one.
Try
git-annex enableremote origin keyid+=FCE2EDE78BD9B2CBI found some documentation that says that keyid= can be repeated multiple times, and I think that documentation is wrong, and probably led you astray. It's also possible that it used to work and was broken in some option parsing changes, unsure. I'm working to correct the documentation now.
(Or, encryption=shared seems likely to avoid whatever the problem is.)