Bug 1309175 - git tag signing doesn't use gpg-agent
git tag signing doesn't use gpg-agent
Status: CLOSED DUPLICATE of bug 568406
Product: Fedora
Classification: Fedora
Component: git (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Chris Wright
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2016-02-16 23:53 EST by Christopher Tubbs
Modified: 2016-09-13 13:02 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-02-17 04:55:59 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Christopher Tubbs 2016-02-16 23:53:39 EST
Description of problem:

When using git to create a GPG-signed tag, git does not use gpg-agent running with the standard socket (--use-standard-socket) which is now the default instead of setting GPG_AGENT_INFO from the environment.

Alternate description:
git should use /usr/bin/gpg2 instead of /usr/bin/gpg by default

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. git tag -s -m example mytag HEAD # from any git repo

Actual results:
The following message appears, followed by a prompt to 
  gpg: gpg-agent is not available in this session
  Enter passphrase: 

Expected results:
git should use the key in the gpg-agent (triggering Gnome's pinentry program, if not already cached or if passphrase isn't already stored in gnome-keyring)

Additional info:
Since gpg2 now uses the standard socket by default, the agent no longer sets the GPG_AGENT_INFO environment variable. However, that is still required by gpg 1.4.20 and git appears to use /usr/bin/gpg explicitly, rather than /usr/bin/gpg2
Comment 1 Christopher Tubbs 2016-02-16 23:55:02 EST
One workaround is to do something like this in your .bashrc (tested and works):

gpid="$(pgrep -U "$USER" gpg-agent | head -1 && return "${PIPESTATUS[0]}")" && export GPG_AGENT_INFO=$HOME/.gnupg/S.gpg-agent:$gpid:1

Another workaround might be for the user to specify the gpg.program in their ~/.gitconfig (haven't tested this)
Comment 2 Christopher Tubbs 2016-02-16 23:58:26 EST
Just tested
  gpg config --global gpg.program gpg2
  gpg config --global gpg.program /usr/bin/gpg2
and both work.
Comment 3 pstodulk 2016-02-17 04:55:59 EST
Yes, this workround is recommended.

*** This bug has been marked as a duplicate of bug 568406 ***
Comment 4 Milan Bouchet-Valat 2016-09-13 12:10:49 EDT
Confirmed this works. Though not the above command should be 'git config' instead of 'gpg config'.
Comment 5 Christopher Tubbs 2016-09-13 12:52:30 EDT
(In reply to Milan Bouchet-Valat from comment #4)
> Confirmed this works. Though not the above command should be 'git config'
> instead of 'gpg config'.

Oh geez, you're right. That's a typo.
Comment 6 pstodulk 2016-09-13 13:02:32 EDT
A nice typo :-) I haven't seen it till now :-)

Note You need to log in before you can comment on or make changes to this bug.