New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Git: Support prompting for GPG password #43809
Comments
It doesn't work if you use in gits default gpg feature, however, if you install Gpg4win and tell git to use that instead then it works. git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe" |
@stevenhay Yes, but it's nice if visual studio code supports it from his self (without any other applications) |
Oh yeah I agree, definitely. Just thought I'd give a workaround for now though, I could have been more clear. |
Solutions proposed here did not solve my problem. Error : gpg: cannot open tty `/dev/tty': No such device or address
error: gpg failed to sign the data
fatal: failed to write commit object Configuration : git config --global commit.gpgsign
true
cat ~/.gnupg/gpg-agent.conf
default-cache-ttl 46000
pinentry-program /usr/bin/pinentry-gtk-2
allow-preset-passphrase If someone could shed some light on VSCode-Insiders : {
"git.enableCommitSigning": true,
} OS : neofetch --backend off
OS: Ubuntu 16.04.4 LTS x86_64
Kernel: 4.13.0-39-generic
Uptime: 17 hours, 15 mins
Packages: 2984
Shell: bash 4.3.48
Resolution: 1024x768, 1920x1080
DE: GNOME 3.18.5
WM: GNOME Shell
WM Theme: Adwaita
Theme: Adwaita [GTK2/3]
Icons: Elementary-xfce-dark [GTK2/3]
CPU: Intel i5 660 (4) @ 2.895GHz
GPU: NVIDIA GeForce 8400 GS Rev. 2
Memory: 2452MiB / 7840MiB So... How do we GPG-sign our commits with VSCode? |
@NahomAgidew For Ubuntu 18.04, it should be pinentry-program /usr/bin/pinentry-gnome3 As can be seen with ls -l /usr/bin/ | grep pinentry But that does not seem to be enough. P.S. This issue is a dupe of #5065. |
Thanks to @DrSensor, run this: git config --global gpg.program $(which gpg) |
Glad it helps Seems it needs to be added in VSCode documentation. Just like this error, it should pop up a notification when the error |
It would be nice if Visual Studio Code itself provided interactive passphrase prompts via the gpg-agent protocol. It's not an issue for a non-sandboxed installation, but it would help in Flatpak and Snap. |
I've handled this already. You need to set git to call GPG auth from UI.
And then it will work for you.
…On Wed, 31 Oct 2018, 5:04 pm Mikhail Zabaluev ***@***.*** wrote:
It would be nice if Visual Studio Code itself provided interactive
passphrase prompts via the gpg-agent protocol. It's not an issue for a
non-containerized installation, but it would help in Flatpak and Snap.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#43809 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AARJfolAXDzQYhYx_KYLMk2vaMZYBX63ks5uqbwLgaJpZM4SH_zk>
.
|
It does not when the gpg-agent socket is not forwarded into the app container. |
.Try this config:
That's when I've got GUI auth window once committing to git from vscode. By default you've got cli auth, and then vscode doesn't nothing, once I've switch to pinentry-gtk-2 it started to work. Don't forget to install pinentry :) |
Hi @joaomoreno, any updates regarding this issue? I can't find a conculsive solution anywhere on GitHub or the internet :/ |
@plibither8 you need to gnome for this work or setup pinentry from my comment above |
@holms, tried that, I'm still getting the following error: |
Update: Solved this issue on my machine by configuring git to use Reference: https://askubuntu.com/a/805550 |
This doesn't work on MacOS Catalina, the UI doesn't prompt for passphrase. |
@rugglcon, the following fixed it for me:
Now upon your first commit with VS Code, you should be prompted. Granted it's not a native VS Code prompt, but it makes everything work. |
@bendwyer what I ended up doing (should have came back and updated my comment) was installing the GPG Keychain application for Mac, and they cache your password until your next reboot. So I commit once outside of VSCode to enter my pass phrase, then the rest of my commits I can do from Code. |
There's a huge gap on functionality that, from my perspective, could be fixed by Code supporting passphrase entry on consoles (and redirecting it to/from a modal in its own UI) for GPG. Windows GPG has a default pinentry GUI that works just fine with VS Code today, but using that on SSH sessions is impossible on Windows, hanging because summoning a window through SSH is impossible. I could just switch to |
My workaround is to add a shell wrapper for the gpg executable to front of PATH on wsl2 #!/bin/sh
exec /mnt/c/Users/kriese/scoop/apps/gpg/current/bin/gpg.exe "$@" |
Works perfectly, thanks 👌🏽 |
Thanks, this solution worked. To streamline it a bit and to avoid some copy paste errors you can also do:
|
Unfortunately, we only find workarounds. And I think you can see that enough people find this issue quite important. Pushing this issue into the backlog is not good imo. GPG Signing is an essential feature of Git. Even if I am a CLI user, I think this would be especially important for repositories that require GPG signed commits. Even if it might be cool to let this issue get 10 years old, I hope not. Maybe someone might look into this and create a pull request that solves this problem (Shouldn't be witchcraft imo - other editors and IDEs get this right). @joaomoreno I guess this is not realistic with the February 2022 Milestone, but would it be possible to push this issue into the March 2022 Milestone? |
@deeprobin True. My comment was meant as a tongue-in-cheek. As you mentioned, it is pretty essential as a feature to get this working and sort of ridiculous that it hasn't been implemented yet. I don't know how busy the project is, but I'm guessing that it is very busy; especially in regards to it being the most used editor. |
@telometto At the company I work for, for example, I've noticed that many people don't have a GitHub account because they don't do much programming in their private lives. |
Now I think https://marketplace.visualstudio.com/items?itemName=wdhongtw.gpg-indicator Like, is it possible to do something like if git config says sign commit |
Yes I think there is the magic: @wdhongtw Since you created the extension, maybe you feel like creating a pull request? Maybe using the GPGME Library via FFI interop would be more performant (and generally better) instead of invoking the binary directly 1. Footnotes |
@deeprobin , would you like to review the PR for my extension wdhongtw/vscode-gpg-indicator#27 ? Althought beening the author of the extension, I thought there are some other possibilities to this issue: Solution 1: Handle the GPG agnet forwarding for some environmentI create the extension since I found no way to forward GPG agent from Windows to Remove Linux environment (AFAIK). But if the agent-forwarding did work at first place, there is no need for the VS Code to handle the passphrase stuffs by itself. Solution 2: Inject another pinentry program for the VS Code.For other usecases that the signing key does exist at the remote machine, the only problem is that there is no way (except If the VS Code can inject a special pinentry program for GPG agent, then when the signing process is triggered, the GPG agent can then require VS Code to prompt user for the passphrase. And provides better UX for the commit signing process. (Comparing to my extension, which requres the user to unlock the key before the commit action.) |
|
I've added a few comments to your PR. But I must say that I am not an experienced extension developer. I deal more with the underground of Node: V8, ... |
It magically works now. IDK what has changed. Now when I try to commit, I get a popup (Its a kde pop-up thing) that asks my password. Note that I am on i3 window manager, and I am not sure which change I made to the system in past month did this. |
The GPG Indicator Extensio sure is nice but having to unlock the key rather than being prompted the password at each commit kinda defeats the purpose of having it encrypted in the first place. VSCode already injects an "askpass.sh" program for git password prompting (it's a wrapper for a node.js script). I guess it could be used as a starting point for a pinentry-vscode that would work out-of-the-box for both local and remote gpg signing. A nice improvement would be a GPG wrapper to get signing to be handled through vscode (be it local or remote) rather than gpg being called directly by git. This would avoid reconfiguring git everywhere or copying sensitive keys to a bunch of locations. |
Complete steps which I think might solve this issue:
I had to do this to get it working. If I comment, it fails.
The /usr/bin path thingy is the one from ur previous step. |
Almost perfect for me. I have a recent mac, and so pinentry-mac's path was incorrect and there is a better way to restart gpg-agent:
Source: https://superuser.com/questions/1628782/gpg-signing-failed-no-pinentry |
I recently came across this issue myself, and while the pinentry-mac solution works for me, I was wondering if it is safe to rely on pinentry-mac considering that the GitHub repository has been archived and the last commit was nine years ago. I do not know how to evaluate such a security risk myself, so I was hoping someone else might be able to chime in. |
Hello, The pinentry-mac project has been deprecated because macOS interface has been integrated into the main pinentry project. As you can see in the pinentry-mac formula (line 7), the GitHub used is the one of GPGTools/pinentry. I guess we can use it safely. |
For anyone using WSL Ubuntu the following worked for me: Install pinentry gtk2:
This will result in a graphical pinentry prompt from both vscode and terminal. The downside here is that unfortunately terminal also follows the same pattern. If anyone knows whether its possible to override the |
Hey, Git don't work in Visual Studio Code, when i have gpg signing activated.
Steps to reproduce: https://help.github.com/articles/signing-commits-with-gpg/
Does this issue occur when all extensions are disabled?: Yes
The text was updated successfully, but these errors were encountered: