0

I'm trying to use a lambda function to decrypt files coming to S3, I download the files without issues, but when I try to decrypt them the gpg can not be found. I;ve tried using both python-gnupg and gnupg but both failed mentioning that gnupg is not available on the OS. Below my code for isntantiating GPG in python It works well with python 3.7, but if I upgrade to 3.8, Lambda uses AMazon Linux 2, which doesn't come with gpg. How can I make it work with python 3.8 in Lambda?

gpg = gnupg.GPG(gnupghome='/tmp')

Error:

OSError: Unable to run gpg (gnupg) - it may not be available

All the examples I've found don't seem to do anything extra. I'm packaging the python-gnugp package and all other python packages for my function

is the gpg binary available in Lambda? how can I make this work?

Improve this question

2 Answers 2

Reset to default
1

You have to bundle the gpg binary and its dependencies and deliver them in your package. In my package i bundle them into a folder named 'gpg', then when I use gpg in my Lambda function, I do this:

def lambda_handler(event, context): old = os.environ.get("LD_LIBRARY_PATH") if old: os.environ["LD_LIBRARY_PATH"] = "./gpg" + ":" + old else: os.environ["LD_LIBRARY_PATH"] = "./gpg" gpg = gnupg.GPG(gnupghome='/tmp', gpgbinary='./gpg/gpg2', verbose=False)
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I ended up packaging the gog binaries with the Lambda, can you add an explanation on how to get the binaries? To get the binaries I launched an EC2 instance and got them form: 1. gpg file from '/usr/bin/gpg' 2. lib files from '/usr/lib64/'
Would it possible to share the binaries and its dependencies? I also have a similar usecase
Finally manage to bundle the executable to make it work for Python 3.10. The file I had to bundle includes: gpg, libassuan.so.0, libgcrypt.so.11 and libgpg-error.so.0. These files could easily found on any linux machine.
Hi there, It seems gnupg is broken. Where do we find those dependencies & bundle all in one dir or where to bundle these files. Appreciate a quick help. Thanks.
0

It appears that 3.7 lambda python environment includes the GPG, while the later versions don't. I think it's better to use a Python implementation of the PGP protocol rather than relying on GPG that you would have to bundle with the lambda (and bundling it is a pain).

See this answer for example (it suggests using pgpy library)

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.