I have the following property for one of my hosts:
File.hasPrivContent "/usr/share/debug-me/keyring/a_CS2613_prof.gpg" anyContext
Unsurprisingly, the first time I run propellor --spin my-host I get
** warning: Missing privdata PrivFile "/usr/share/debug-me/keyring/a_CS2613_prof.gpg" (for any)
Fix this by running:
propellor --set 'PrivFile "/usr/share/debug-me/keyring/a_CS2613_prof.gpg"' 'any' \
< /usr/share/debug-me/keyring/a_CS2613_prof.gpg
I cut and paste the suggested lines (after previously copying the file into place manually, but it doesn't seem to change anything. On subsequent runs I get the same thing.
if I run propellor --dump 'PrivFile "/usr/share/debug-me/keyring/a_CS2613_prof.gpg"' 'any' | gpg I get
gpg: WARNING: no command supplied. Trying to guess what you mean ...
[2020-08-20 10:03:07 ADT] command line: Dump (PrivFile "/usr/share/debug-me/keyring/a_CS2613_prof.gpg") (Context "any")
[2020-08-20 10:03:07 ADT] read: git ["config","gpg.program"]
[2020-08-20 10:03:07 ADT] process done ExitFailure 1
[2020-08-20 10:03:07 ADT] chat: gpg ["--decrypt","privdata/privdata.gpg"]
gpg: encrypted with 4096-bit RSA key, ID 70E3C0DE87068451, created 2019-06-08
"David Bremner <bremner@debian.org>"
[2020-08-20 10:03:08 ADT] process done ExitSuccess
pub rsa4096 2014-09-22 [SC]
7A18807F100A4570C59684207E4E65C8720B706B
uid David Bremner <bremner@unb.ca>
uid David Bremner <david@tethera.net>
uid David Bremner <bremner@debian.org>
sub rsa4096 2014-09-22 [E] [expired: 2020-07-23]
sub rsa3072 2017-07-24 [S] [expired: 2020-07-23]
sub rsa4096 2017-07-24 [A] [expired: 2020-07-23]
sub rsa4096 2019-06-08 [S] [expires: 2021-06-07]
sub rsa4096 2019-06-08 [E] [expires: 2021-06-07]
sub rsa4096 2019-06-08 [A] [expires: 2021-06-07]
I understand that the propellor run is using a different copy of privdata, but I verified the checksums match between my user propellor install and the one in /usr/local/propellor.
Other uses of privFileContent with anyContext work fine on the same host.
I think there could be some confusion here about where you run the propellor command to set the privdata.
I always run those commands locally, not on the host being managed by propellor. --spin decrypts it and copies the parts a host needs to the host.
In this special case I don't really need privData, I worked around it by running
gpg. I'm not sure if my usecase is common enough to warrant extendingPropellor.Property.GpgOK, I belatedly see what you mean. It's not relevant if the remote privdata.gpg blob matches or not, since iiuc, only the local one is used by --spin.
I'm having a similar issue with
Property.Gpg.keyImported.** warning: Missing privdata GpgKey (for 815B63982A79F8E7C72786C4762B57BB784206AD) Fix this by running: propellor --set 'GpgKey' '815B63982A79F8E7C72786C4762B57BB784206AD' \ < (Either a gpg public key, exported with gpg --export -a, or a gpg private key, exported with gpg --export-secret-key -a) cs2613 root has gpg key "815B63982A79F8E7C72786C4762B57BB784206AD" ... failed ** warning: Missing privdata GpgKey (for 7A18807F100A4570C59684207E4E65C8720B706B) Fix this by running: propellor --set 'GpgKey' '7A18807F100A4570C59684207E4E65C8720B706B' \ < (Either a gpg public key, exported with gpg --export -a, or a gpg private key, exported with gpg --export-secret-key -a)Of course I did what propellor suggests, but it doesn't seem to make a difference. Is it possible gpg armoured text is being treated specially as privdata?
In answer to my own question, it's not related to the content. Here we can see a PrivFile has content:
╭─ convex:~/.propellor ╰─ (git)-[master]-% propellor --dump 'PrivFile "/root/foo"' 'any' [2020-08-22 16:57:32 ADT] command line: Dump (PrivFile "/root/foo") (Context "any") [2020-08-22 16:57:32 ADT] read: git ["config","gpg.program"] [2020-08-22 16:57:32 ADT] process done ExitFailure 1 [2020-08-22 16:57:32 ADT] chat: gpg ["--decrypt","privdata/privdata.gpg"] gpg: encrypted with 4096-bit RSA key, ID 70E3C0DE87068451, created 2019-06-08 "David Bremner <bremner@debian.org>" [2020-08-22 16:57:33 ADT] process done ExitSuccess sekritOn the other hand, when running
propellor --spin convex.localI get** warning: Missing privdata PrivFile "/root/foo" (for any) Fix this by running: propellor --set 'PrivFile "/root/foo"' 'any' \ < /root/fooI tried with a different workstation, spinning itself, and the same machine as above ("convex"), with the same results.
/usr/local/propellor/privdata/localfile is not obviously corrupted, but does not contain the string "/root/foo". The file "/root/foo" also does not show as used anywhere in the output ofpropellor --list-fields. I'm not sure if that is surprising or not.