Aptly publish asking for password although --passphrase flag is set

Question

I unsuccessfully try publishing an APTLY snapshot (about 80GB) using

aptly publish snapshot --batch=true --passphrase="SuperSecretPassWord" --distribution="mydistro" current-snapshot

After about 15 minutes I'm always being asked for my key's passphrase.

Publishing another (much smaller, about 3GB) snapshot using the same command and key succeed without entering the passphrase:

aptly publish snapshot --batch=true --passphrase="SuperSecretPassWord" --distribution="anotherdistro" another-snapshot

Might this be because the first command just takes too long?

I'm using Ubuntu 18.04, Aptly 2 and GPG 2.2.4

score 1 · Accepted Answer · answered Oct 05 '18 at 21:44

I think this is caused by the passphrase cache entry expiring in gpg-agent. You could try setting default-cache-ttl and max-cache-ttl settings in ~/.gnupg/gpg-agent.conf to a number of seconds you find appropriate. Example below.

# set default cache time-to-live to 15 minutes
default-cache-ttl 900
# set max cache time-to-live to 1 hour
max-cache-ttl 3600

The default-cache-ttl is how long it saves the passphrase each time after you enter it. The max-cache-ttl is the longest it will be cached even if you keep entering it.

Better solution: use the internal PGP provider that does not have this problem.

I had to update the modifications in `/etc/X11/Xsession.d/90gpg-agent` and enable `gpg-agent` by `echo "use-agent" >> ~/.gnupg/gpg.conf` — TheOneWithTheBraid, Oct 06 '18 at 16:45

Aptly publish asking for password although --passphrase flag is set

1 Answers1