0

I am creating a AWS lambda to encrypt / decrypt files in s3 using python-gnupg, but when running serverless lambda this error (unsafe permissions on homedir `/tmp/sls-py-req/gnupg') is displayed when running the command gpg.gnupg.GPG(gnupghome=homedir)

        homedir='/tmp'
        try:
            gpg = gnupg.GPG(gnupghome=homedir) 
        except TypeError:
            gpg = gnupg.GPG(homedir=homedir)

Running lambda locally on my machine, the error does not occur.

Flávio Costa
  • 1
  • 1
  • Did you make lambda work with python-gnugp? I'm having this issue: https://stackoverflow.com/questions/66770313/lamnda-python-3-8-gpg-decryption-can-not-find-gpg-binary – Franklin Rivero Mar 23 '21 at 19:51

1 Answers1

1

in Lambda execution, the only directory you've got access to is /tmp. The problem here is the permissions on your directory aren't sufficiently locked down for gnupg (see https://superuser.com/a/954536).

What you could try prior to your call to gpg.gnupg.GPG(gnupghome=homedir) would be to use the os modules to a) create a new directory in /tmp, b) change the ownderships and permissions of that directory as needed, then use that as your homedir with gpp.gnupg.GPG.

Richard
  • 3,024
  • 2
  • 17
  • 40