GPG and core18

Hi all,

I am working with core18 and am attempting to use GPG inside of my snap. At the end of the day, I would like to be able to use the python-gnupg pip package which is essentially a wrapper around the GPG executable for python scripts. In order to do this, I need the GPG executable to be available inside of the snap.

Other posts on this forum suggest that the gpg executable is available with the core18 snap:
Signing files with GPG from within a snap mentions “/usr/bin/gpg is in the core snap, … If running on, say, a bionic host, /usr/bin/gpg is version 2…”
GPG in a confined environemt mentions that which gpg returns $SNAP/usr/bin/gpg

But I have been unable to find the gpg executable inside of my snap built on core18. “which gpg” run inside the snap returns nothing and there is no gpg executable in either $SNAP/usr/bin or /usr/bin (I have been using bash to test inside of the snap, see gnu-bash part in snapcraft.yaml below). “which gpg” run on the host machine returns /usr/bin/gpg. I tried to install the gnupg2 package using build-packages on an otherwise empty part, hoping that the gpg executable might persist inside the snap after the build process, but this was unsuccessful.

The snapcraft.yaml file I am using is:

name: broker
base: core18
version: '0.1'
summary: broker
description: |
  broker

grade: devel 
confinement: devmode 

parts:
  # python set up
  internal-python:
    plugin: python
    python-version: python3
    source: .
    python-packages:
      - protobuf
      - pycryptodome
      - python-gnupg
      - pyyaml
      - python-dateutil

  # configuration hook
  configure-hook:
    plugin: dump
    source: hooks
    organize:
      configure: snap/hooks/configure

  # bash for testing
  gnu-bash:
    source: http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
    plugin: autotools

  # gnupg2 install test
  foo:
    source: .
    plugin: nil
    build-packages:
      - gnupg2

apps:
  run:
    command: "python3 broker/bridge_main.py"

  python3:
    command: python3

  bash:     # allows testing inside the snap
    command: bash

I am hoping someone could point out what I am doing wrong with the core18 snap that makes the gpg executable unavailable or how to run the equivalent of “apt-get install gnupg2” inside of the snap so that the gpg executable is available after the build process. I am at a bit of a loss what to try next since it seems that other posters on the forum assume the presence of gpg inside of the core snaps so any help would be much appreciated. Thanks!

while in core (16) we still shipped some superfluous binaries that were not actually required, in core18 (and 20) this got cleaned up, you will only find the gpgv binary since this is used to verify signatures, but not the gpg binary anymore …

you will have to ship gpg yourself and adjust the snap environment enough so you can use it in this context (via layouts etc) …

For help adding gpg to your snap, look at the stage-packages information at https://snapcraft.io/docs/build-and-staging-dependencies

2 Likes

Thanks for the response and the link.

In my snapcraft.yaml I ended up including a part:

binary-install:
source: .
plugin: nil
stage-packages:
- gnupg2

This produces in a symlink “gpg2” in $SNAP/usr/bin which directs to “$SNAP/usr/bin/gpg” which does not exist.


I know this is a bit of a separate issue, but any thoughts on what could be causing this would be appreciated.

The package you want is gpg, not gnupg2. The latter is a “transitional” package that forwards you onto gnupg which does not include any executables (although the gnupg package is supposed to pull the exes from the gpg package so I’m not sure why it didn’t for you).

1 Like

That fixed it. Thank you for the help!