Signing fails via GPG

[franciscolourenco]

Related to #581 but not on windows.

`/usr/bin/git commit -q -F -` failed with following output:

gpg: cannot open `/dev/tty': Device not configured
error: gpg failed to sign the data
fatal: failed to write commit object

On the terminal it works, and no password is asked. I guess it is cached or handled automatically with

[credential]
	helper = osxkeychain

Since no interactin is actually required, is there any configuration possible which allows this to work?

[franciscolourenco]

Any solutions for this? Right now is not possible to use Gitsavvy with signed commits at all.

[stoivo]

@aristidesfl, sorry for not commenting anything.
@asfaltboy @randy3k any experience here? I dont.

[divmain]

@aristidesfl have you seen the docs for signing commits with GPG? This method should work on Windows.

[franciscolourenco]

@divmain Hadn't seen them and I was missing

[core]
  askpass = git-gui--askpass

but the error persists, and in the command line it still works like usually.

[divmain]

Are you prompted for the password via gitgui when committing at the terminal? Or are you prompted for password in the terminal?

[franciscolourenco]

@divmain at the moment I'm not prompted at all, I believe because of gpg-agent.

[franciscolourenco]

Isn't gpg responsible for asking for the private key password? are you sure that git-gui--askpass is involved in asking in commit signing? - as opposed to ssh key and http auth passwords

[divmain]

Can you check to see if setting no-tty in ~/.gnupg/gpg-agent.conf helps? If it does, we should be able to set the appropriate environment config from Sublime so that you don't have to set this globally.

[franciscolourenco]

@divmain that solves the issue. that last comment makes a lot of sense. Possible to streamline with Gitsavvy?

[divmain]

Sweet! I'll leave this open until we push a fix into master. Thanks for confirming!

[stoivo]

@divmain, did you see anywhere if it is possible to override that with a environment variable?

[franciscolourenco]

@divmain did you edit your comment? setting no-tty in ~/.gnupg/gpg-agent.conf doesn't do anything, but in ~/.gnupg/gpg.conf is does.

[isnifer]

@aristidesfl I think I had a similar problem. And I've solved it like this:

git config --global gpg.program $(which gpg)

[franciscolourenco]

@isnifer thanks, unfortunately it doesn't change anything in this case. I think @divmain might have a plan already?

[franciscolourenco]

@divmain any progress on this?

[asfaltboy]

@aristidesfl have you tried last documentation solution ?

It was concieved by @rpbaptist in #36 and seems to work well on a variety of platforms (at least those that can run git-gui).

[franciscolourenco]

@asfaltboy git config --global core.askpass git-gui--askpass has no effect.
Maybe because gpg-agent is already configured, or maybe because git has nothing to due with the gpg password?

[asfaltboy]

@aristidesfl oops, I just noticed I only repeated what was already mentioned above :( of course no-tty is still the solution for running git -> gpg from Sublime. Not aware of any way to force "no-tty" argument. Nor would we would actually want to do that for users.

I think we can simply update docs with a reccomendation to run echo "no-tty" >> ~/.gnupg/gpg.conf?

[franciscolourenco]

@asfaltboy setting up no-tty only in GitSavvy is the way to go, since it is the only program which doesn't provide a tty. Either that or providing a valid tty. Setting no-tty globally doesn't seem like a good recommendation since eventually gpg will fail silently, even when evoked from the terminal.

[asfaltboy]

Since git remains a command line tool, we depend on the arguments it supports, and I don't believe it's core gpg implementation supports specifying parameters to the gpg command.

I wouldn't say it's the only program to require no-tty, any GUI git tool that wraps around command-line git app, will have the same issue. For example see isaacs/github#675, sourcetree or Tower.

Interesting... Looking at sourcetree solution, they pass a "custom" gpg.program configuration for the commit command, to a script that wraps around gpg:

git -c diff.mnemonicprefix=false -c core.quotepath=false -c credential.helper=sourcetree -c gpg.program=/Applications/SourceTree.app/Contents/Resources/bin/stgpg.sh commit -q --gpg-sign=FAE3579EEA1C6363 -F /var/folders/jw/5wfdcdr137q_hh1jw5nzcyvw0000gp/T/SourceTreeTemp.LiStAR

This is a pretty awesome workaround, at least for systems that have bash, and one that we can surely implement. For windows, the current solution should already work, since windows requires an installed GnuPG client which does not default to run in terminals (no-tty not required).
(NOTE: Windows needs confirmation).

[stoivo]

@asfaltboy, can you make a patch for this?

[BoGnY]

This is my gist that explain how to enable auto-signing of Git commits for EVERY programs that don't support it natively..
It's specifically for Windows systems!!

[asfaltboy]

I completely forgot about this issue, very sorry. Had a bit of time today to hack up a WIP solution in #1018 , with a few points remaining to be resolved.

I was able to sign the commit by just using the provided script and settings - maybe it's enough 🤔, please chime in and leave your comments there.

[kaste]

Closing bc an PR addressing or referencing this issue has been merged.