From 0642ec022b4054b3abac46f626ccdb107209369a Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Tue, 14 May 2024 15:28:09 +0200 Subject: [PATCH 1/3] docs(config): add note about GnuPG v2.4 usage --- docs/usage/self-hosted-configuration.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index b96039d95cb794..db3ccbc9a7e6b9 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -929,6 +929,31 @@ uid Renovate Bot sub rsa4096 2021-09-10 [E] ``` + +!!! note + If you use gnupg v2.4 or newer to generate the key, then you need to disable `AEAD` preferences. + Otherwise Renovate can't decrypt the encrypted values. + +``` +❯ gpg --edit-key renovate@whitesourcesoftware.com +gpg> showpref +[ultimate] (1). Renovate Bot + Cipher: AES256, AES192, AES, 3DES + AEAD: OCB, EAX + Digest: SHA512, SHA384, SHA256, SHA224, SHA1 + Compression: ZLIB, BZIP2, ZIP, Uncompressed + Features: MDC, AEAD, Keyserver no-modify + +gpg> setpref AES256 AES192 AES 3DES SHA512 SHA384 SHA256 SHA224 SHA1 ZLIB BZIP2 ZIP +Set preference list to: + Cipher: AES256, AES192, AES, 3DES + AEAD: + Digest: SHA512, SHA384, SHA256, SHA224, SHA1 + Compression: ZLIB, BZIP2, ZIP, Uncompressed + Features: MDC, Keyserver no-modify +Really update the preferences? (y/N) y +``` + - Copy the key ID from the output (`794B820F34B34A8DF32AADB20649CEXAMPLEONLY` in the above example) or run `gpg --list-secret-keys` if you forgot to take a copy From 4690b162ab6ff496b7fffaf59582ce010cc99217 Mon Sep 17 00:00:00 2001 From: Michael Kriese Date: Tue, 14 May 2024 15:36:51 +0200 Subject: [PATCH 2/3] Update docs/usage/self-hosted-configuration.md --- docs/usage/self-hosted-configuration.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index db3ccbc9a7e6b9..5c983da8254722 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -952,6 +952,7 @@ Set preference list to: Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify Really update the preferences? (y/N) y +gpg> save ``` From 3906b6b978f9a1ec9c7f956efd9fd3ce262f1e07 Mon Sep 17 00:00:00 2001 From: Rhys Arkins Date: Tue, 14 May 2024 15:56:04 +0200 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com> --- docs/usage/self-hosted-configuration.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md index 5c983da8254722..297be8da6eb406 100644 --- a/docs/usage/self-hosted-configuration.md +++ b/docs/usage/self-hosted-configuration.md @@ -931,10 +931,10 @@ sub rsa4096 2021-09-10 [E] !!! note - If you use gnupg v2.4 or newer to generate the key, then you need to disable `AEAD` preferences. - Otherwise Renovate can't decrypt the encrypted values. + If you use GnuPG `v2.4` (or newer) to generate the key, then you must disable `AEAD` preferences. + This is needed to allow Renovate to decrypt the encrypted values. -``` +```bash ❯ gpg --edit-key renovate@whitesourcesoftware.com gpg> showpref [ultimate] (1). Renovate Bot