[pkg-gnupg-maint] Bug#568375: gnupg-agent: does not work with `git tag -s`

Luca Capello luca at pca.it
Sun Feb 12 21:52:29 UTC 2017 

found 568375 2.1.11-7
thanks

Hi there,

On Thu, 12 Jan 2017 11:59:34 +0100, Michal Hocko wrote:
> On Sun, Mar 20, 2016 at 12:12:00AM -0400, Peter Colberg wrote:
> > On Thu, Feb 04, 2010 at 12:32:21PM +0100, Luca Capello wrote:
> > > It seems that `git tag -s` and gpg-agent fails to cooperate and do not
> > > show the pinentry dialog (in my case the -curses variant inside screen):
[...]
> > While this comes too late for signing the tag of your submitted thesis
> > (congratulations!), this is likely caused by a missing GPG_TTY variable.
> > 
> > https://www.gnupg.org/documentation/manuals/gnupg/Common-Problems.html
> > 
> > The gpg-agent man page nowadays includes the following hint:
> > 
> >   It is important to set the GPG_TTY environment variable in your login
> >   shell, for example in the ‘~/.bashrc’ init script:
> > 
> >   export GPG_TTY=$(tty)
>
> So I've tried this and it didn't help.
> $ export GPG_TTY=$(tty)

Actually, even worse, commit does not work with gnupg2_2.1.11-7:

  <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822974#35>

=====
$ mkdir test.git
$ cd test.git/
$ git init
Initialized empty Git repository in $HOME/test.git/.git/
$ echo 'test file' >file.txt
$ git add file.txt
$ export GPG_TTY=$(tty)
$ git commit -m 'file.txt: new file'
gpg: signing failed: Card error
gpg: signing failed: Card error
error: gpg failed to sign the data
fatal: failed to write commit object
$ gpg --version | head -n 1
gpg (GnuPG) 2.1.11
$ gpg --sign file.txt
gpg: using "139121880F512EC2E6A464D3D91D57A03BE9F36D!" as default secret key for signing
$
=====

What is funny is that if I plug my YubiKey 4 (basically an OpenPGP
smartcard) everything (commit + tag) is fine (tested on 2 different
jessie).

BTW, the above gpg message about default secret key is actually useless
     and it is a result of having to specifying the default-key:
     
       <https://bugs.debian.org/829246>

> $ git tag -s -u $ID ...
> 
> I get the password dialog but nothing really happens after then.
> 
> 16699 pts/1    S+     0:00         git tag -s -u B310E347
> 16700 pts/1    SL+    0:00           gpg --status-fd=2 -bsau B310E347
> 
> gpg is stuck waiting for an input

Is that GnuPG 1 or GnuPG 2?

> nothing really more, so it seems that the process is looping in the userspace.
> Is there any way to disable gpg-agent altogether?

Not with GnuPG 2+.

Thx, bye,
Gismo / Luca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170212/2ef5b370/attachment.sig>

More information about the pkg-gnupg-maint mailing list