Bug 1309175 - git tag signing doesn't use gpg-agent
Summary: git tag signing doesn't use gpg-agent
Keywords:
Status: CLOSED DUPLICATE of bug 568406
Alias: None
Product: Fedora
Classification: Fedora
Component: git
Version: 23
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Chris Wright
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-17 04:53 UTC by Christopher Tubbs
Modified: 2016-09-13 17:02 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-02-17 09:55:59 UTC


Attachments (Terms of Use)

Description Christopher Tubbs 2016-02-17 04:53:39 UTC
Description of problem:

When using git to create a GPG-signed tag, git does not use gpg-agent running with the standard socket (--use-standard-socket) which is now the default instead of setting GPG_AGENT_INFO from the environment.

Alternate description:
git should use /usr/bin/gpg2 instead of /usr/bin/gpg by default

Version-Release number of selected component (if applicable):
git-2.5.0-4.fc23.x86_64
gnupg-1.4.20-1.fc23.x86_64
gnupg2-2.1.9-1.fc23.x86_64

How reproducible:
100%

Steps to Reproduce:
1. git tag -s -m example mytag HEAD # from any git repo

Actual results:
The following message appears, followed by a prompt to 
  gpg: gpg-agent is not available in this session
  Enter passphrase: 

Expected results:
git should use the key in the gpg-agent (triggering Gnome's pinentry program, if not already cached or if passphrase isn't already stored in gnome-keyring)

Additional info:
Since gpg2 now uses the standard socket by default, the agent no longer sets the GPG_AGENT_INFO environment variable. However, that is still required by gpg 1.4.20 and git appears to use /usr/bin/gpg explicitly, rather than /usr/bin/gpg2

Comment 1 Christopher Tubbs 2016-02-17 04:55:02 UTC
One workaround is to do something like this in your .bashrc (tested and works):

gpid="$(pgrep -U "$USER" gpg-agent | head -1 && return "${PIPESTATUS[0]}")" && export GPG_AGENT_INFO=$HOME/.gnupg/S.gpg-agent:$gpid:1

Another workaround might be for the user to specify the gpg.program in their ~/.gitconfig (haven't tested this)

Comment 2 Christopher Tubbs 2016-02-17 04:58:26 UTC
Just tested
  gpg config --global gpg.program gpg2
and
  gpg config --global gpg.program /usr/bin/gpg2
and both work.

Comment 3 Petr Stodulka 2016-02-17 09:55:59 UTC
Yes, this workround is recommended.

*** This bug has been marked as a duplicate of bug 568406 ***

Comment 4 Milan Bouchet-Valat 2016-09-13 16:10:49 UTC
Confirmed this works. Though not the above command should be 'git config' instead of 'gpg config'.

Comment 5 Christopher Tubbs 2016-09-13 16:52:30 UTC
(In reply to Milan Bouchet-Valat from comment #4)
> Confirmed this works. Though not the above command should be 'git config'
> instead of 'gpg config'.

Oh geez, you're right. That's a typo.

Comment 6 Petr Stodulka 2016-09-13 17:02:32 UTC
A nice typo :-) I haven't seen it till now :-)


Note You need to log in before you can comment on or make changes to this bug.