make和docker创建和导出gpg密钥的方法 。你需要交互式地运行这些命令,或者传递一个带换行的字符串给它 。这两件事在make和docker中都复杂得可怕 。因此,你需要登录到应用程序的容器中,并在那里直接运行这些命令 。这不是很简单,但无论如何,这只需要在一个新的开发人员入职时做一次 。
密钥导出到 secret.gpg,公钥导出到 gp.dev/gpg-keys/alice-public.gpg 。
# start the docker setupmake docker-up# log into the container ('winpty' is only required on Windows)winpty docker exec -ti dofroscra_local-application-1 bash# export key pairname="Alice Doe"email="alice@example.com"gpg --batch --gen-key < .dev/gpg-keys/alice-public.gpg$ make docker-upENV=local TAG=latest DOCKER_REGISTRY=docker.io DOCKER_NAMESPACE=dofroscra APP_USER_NAME=application APP_GROUP_NAME=application docker compose -p dofroscra_local --env-file ./.docker/.env -f ./.docker/docker-compose/docker-compose.yml -f ./.docker/docker-compose/docker-compose.local.yml up -dContainer dofroscra_local-application-1Created...Container dofroscra_local-application-1Started$ docker psCONTAINER IDIMAGECOMMANDCREATEDSTATUSPORTSNAMES...95f740607586dofroscra/application-local:latest"/usr/sbin/sshd -D"21 minutes agoUp 21 minutes0.0.0.0:2222->22/tcp dofroscra_local-application-1$ winpty docker exec -ti dofroscra_local-application-1 bashroot:/var/www/app# name="Alice Doe"root:/var/www/app# email="alice@example.com"gpg --batch --gen-key < Key-Type: 1> Key-Length: 2048> Subkey-Type: 1> Subkey-Length: 2048> Name-Real: $name> Name-Email: $email> Expire-Date: 0> %no-protection> EOFgpg: directory '/root/.gnupg' createdgpg: keybox '/root/.gnupg/pubring.kbx' createdgpg: /root/.gnupg/trustdb.gpg: trustdb createdgpg: key BBBE654440E720C1 marked as ultimately trustedgpg: directory '/root/.gnupg/openpgp-revocs.d' createdgpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/225C736E0E70AC222C072B70BBBE654440E720C1.rev'root:/var/www/app# gpg --output secret.gpg --armor --export-secret-key $emailroot:/var/www/app# head secret.gpg-----BEGIN PGP PRIVATE KEY BLOCK-----lQOYBGJD+bwBCADBGKySV5PINc5MmQB3PNvCG7Oa1VMBO8XJdivIOSw7ykv55PRP3g3R+ERd1Ss5gd5KAxLc1tt6PHGSPTypUJjCng2plwD8Jy5A/cC6o2x8yubOslLax1EC9fpcxUYUNXZavtEr+ylOaTaRz6qwSabsAgkg2NZ0ey/QKmFOZvhL8NlK9lTIGgZPTiqPCsr7hiNg0WRbT5h8nTmfpl/DdTgwfPsDn5Hn0TEMa79WsrPnnq16jsq0Uusuw3tOmdSdYnT8j7m1cpgcSj0hRF1eh4GVE0o62GqeLTWW9mfpcuv7n6mWaCB8DCH6H238gwUriq/aboegcuBktlvSY21q/MIXABEBAAEAB/wK/M2buX+vavRgDRgRhjUrsJTXO3VGLYcIetYXRhLmHLxBriKtcBa8OxLKKL5AFEuNourOBdcmTPiEwuxH5s39IQOTrK6B1UmUqXvFLasXghorv8o8KGRL4ABM4Bgn6o+KBAVLVIwvVIhQ4rlfroot:/var/www/app# gpg --armor --export $email > .dev/gpg-keys/alice-public.gpgroot:/var/www/app# head .dev/gpg-keys/alice-public.gpg-----BEGIN PGP PUBLIC KEY BLOCK-----mQENBGJD+bwBCADBGKySV5PINc5MmQB3PNvCG7Oa1VMBO8XJdivIOSw7ykv55PRP3g3R+ERd1Ss5gd5KAxLc1tt6PHGSPTypUJjCng2plwD8Jy5A/cC6o2x8yubOslLax1EC9fpcxUYUNXZavtEr+ylOaTaRz6qwSabsAgkg2NZ0ey/QKmFOZvhL8NlK9lTIGgZPTiqPCsr7hiNg0WRbT5h8nTmfpl/DdTgwfPsDn5Hn0TEMa79WsrPnnq16jsq0Uusuw3tOmdSdYnT8j7m1cpgcSj0hRF1eh4GVE0o62GqeLTWW9mfpcuv7n6mWaCB8DCH6H238gwUriq/aboegcuBktlvSY21q/MIXABEBAAG0HUFsaWNlIERvZSA8YWxpY2VAZXhhbXBsZS5jb20+iQFOBBMBCgA4FiEEIlxzbg5wrCIsBytwu75lREDnIMEFAmJD+bwCGy8FCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQu75lREDnIMEN4Af+至此 alice@example.com 就有了一个新机密和私钥 , 将其导出到 secret.gpg 。.dev/gpg-keys/alice-public.gpg 。剩下的命令现在可以直接在application 容器外的主机上运行 。
git-secret 的初始设置现在来将 git-secret 引入一个新的代码库,然后运行以下命令 。
初始化 git-secret :
make secret-init$ make secret-init"C:/Program Files/Git/mingw64/bin/make" -s git-secret ARGS="init";git-secret: init created: '/var/www/app/.gitsecret/'应用 gpg 对共享目录进行修复:
$ make secret-init-gpg-socket-config$ make secret-init-gpg-socket-configecho "%Assuan%" > .gitsecret/keys/S.gpg-agentecho "socket=/tmp/S.gpg-agent" >> .gitsecret/keys/S.gpg-agentecho "%Assuan%" > .gitsecret/keys/S.gpg-agent.sshecho "socket=/tmp/S.gpg-agent.ssh" >> .gitsecret/keys/S.gpg-agent.sshecho "extra-socket /tmp/S.gpg-agent.extra" > .gitsecret/keys/gpg-agent.confecho "browser-socket /tmp/S.gpg-agent.browser" >> .gitsecret/keys/gpg-agent.conf容器启动后初始化 gpg重启容器后,需要初始化 gpg 也就是导入公钥 .dev/gpg-keys/* 和导入私钥 Secret.gpg , 不然就无法对文件进行加密和解密 。
make gpg-init$ make gpg-init"C:/Program Files/Git/mingw64/bin/make" -s gpg-import GPG_KEY_FILES="secret.gpg"gpg: directory '/home/application/.gnupg' createdgpg: keybox '/home/application/.gnupg/pubring.kbx' createdgpg: /home/application/.gnupg/trustdb.gpg: trustdb createdgpg: key BBBE654440E720C1: public key "Alice Doe <alice@example.com>" importedgpg: key BBBE654440E720C1: secret key importedgpg: Total number processed: 1gpg:imported: 1gpg:secret keys read: 1gpg:secret keys imported: 1"C:/Program Files/Git/mingw64/bin/make" -s gpg-import GPG_KEY_FILES=".dev/gpg-keys/*"gpg: key BBBE654440E720C1: "Alice Doe <alice@example.com>" not changedgpg: Total number processed: 1gpg:unchanged: 1
推荐阅读
- Vue中使用Switch开关用来控制商品的上架与下架情况、同时根据数据库商品的状态反应到前台、前台修改商品状态保存到数据库
- qq文件zip文件怎么打开(qq群文件zip下载不了)
- 赵云是死在什么地方的怎么死的(赵云晚年斩死4员大将)
- 5 10 15 20划拳怎么玩(划拳上下左右怎么玩)
- 原神圣金虫位置在哪些地方
- 原神赤念果在什么位置
- 荣耀平板v7pro和小米平板5哪个好_荣耀平板v7pro和小米平板5对比
- 桃花诺邓紫棋mp3下载 樱花诺邓紫棋含义
- zip文件在电脑上怎么打开(电脑下载zip怎么打开)
- 驱动开发:内核枚举LoadImage映像回调