You are not logged in.
- Topics: Active | Unanswered
#1 2025-03-20 22:38:00
- drankinatty
- Member
- From: Nacogdoches, Texas
- Registered: 2009-04-24
- Posts: 84
- Website
Where should GPG_TTY be set so git tag properly launches a pinentry?
This caught me by surprise. I needed to create/sign a git tag for a repository on Arch (accessed via ssh). Normally when I'm signing a source package for pacman, there is no problem and with the text pinentry being shown when I'm accessing the server over ssh. However, when working with git tag, no pinentry is shown resulting in the error, e.g.
git tag -m 'Gallery2 repo as of 3/19/25 for php8' -s -u 6FD7020F0887 v0.0.2
error: gpg failed to sign the data:
[GNUPG:] KEY_CONSIDERED 6FD7020F0887 2
[GNUPG:] BEGIN_SIGNING H8
[GNUPG:] PINENTRY_LAUNCHED 374002 gnome3:curses 1.3.1 - xterm localhost:10.0 - 1000/1060 0
gpg: signing failed: Inappropriate ioctl for device
[GNUPG:] FAILURE sign 83918950
gpg: signing failed: Inappropriate ioctl for device
error: unable to sign the tag
The tag message has been left in .git/TAG_EDITMSGSearching, I found a workaround to export GPG_TTY=$(tty) which did allow git tag to bring up the pinentry, but why was that required? Where should export GPG_TTY=$(tty) be placed so it is always available when accessing the box over ssh? Could adding to .bash_profile cause issues with how pacman provides pinentry?
Just looking for how to solve this properly without breaking something else.
David C. Rankin, J.D.,P.E.
Offline
#2 2025-03-21 20:50:07
- Halano
- Member
- From: Egypt
- Registered: 2023-02-07
- Posts: 62
- Website
Re: Where should GPG_TTY be set so git tag properly launches a pinentry?
in your .zprofile or .bash_profile
add
export GPG_TTY=$(tty)
#or GPG_TTY=/dev/pts/0then
echo "pinentry-program /usr/bin/pinentry-tty" > ~/.gnupg/gpg-agent.confand you good to go.
.:HalanoTheSmartMoth:.
Offline
#3 2025-03-21 21:54:11
- drankinatty
- Member
- From: Nacogdoches, Texas
- Registered: 2009-04-24
- Posts: 84
- Website
Re: Where should GPG_TTY be set so git tag properly launches a pinentry?
in your .zprofile or .bash_profile
addexport GPG_TTY=$(tty) #or GPG_TTY=/dev/pts/0then
echo "pinentry-program /usr/bin/pinentry-tty" > ~/.gnupg/gpg-agent.confand you good to go.
Thank you. That is along the lines of what I was thinking, though I didn't think to add to gpg-agent.conf. It would need to be export GPG_TTY=$(tty) as I currently have 8 terminals option to various locations and any one of them could be the terminal I use - all have different /dev/pts/x values.
Since they do have differing values how would that affect what is entered in ~/.gnupg/gpg-agent.conf? Would that also be done from .profile on a per login basis, or were you suggesting that as a one-shot from elsewhere?
David C. Rankin, J.D.,P.E.
Offline
#4 2025-03-22 12:37:49
- Halano
- Member
- From: Egypt
- Registered: 2023-02-07
- Posts: 62
- Website
Re: Where should GPG_TTY be set so git tag properly launches a pinentry?
in gpg-agent.conf
you have options like
pinentry-curses
pinentry-emacs
pinentry-gnome3
pinentry-gtk
pinentry-qt
pinentry-qt5
pinentry-tty
It's responsible for the dialog that appear when you authenticate only
not really needed you can delete it if you want,, gpg-agent will use the one that suit your environment automatically if not set
______________________
about GPG_TTY variable unfortunately it change automatically when you login your desktop environment
from /dev/tty to /dev/pts
It's very frustrated experience,with gnupg
.:HalanoTheSmartMoth:.
Offline