Hello since sometime on my computer gpgv1 -> gpgv2 transition on Debian
I get this error message. (I need to say that I am using a NitroKey Pro for my gpg keys)
Propellor build ... done
error: gpg n'a pas pu signer les données
fatal: échec de l'écriture de l'objet commit
Git commit ... failed
reading this bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568375
Ifound that I need to define
https://www.gnupg.org/documentation/manuals/gnupg/Common-Problems.html
The gpg-agent man page nowadays includes the following hint:
It is important to set the GPG_TTY environment variable in your login
shell, for example in the ‘~/.bashrc’ init script:
export GPG_TTY=$(tty)
don't you think that propellor should define GPG_TTY in order to avoid this problem ?
thanks
Frederic
I guess the problem involves running propellor at a unix tty, not in a GUI's virtual terminal?
My limited understanding of
GPG_TTY, refreshed by re-reading this ooold thread https://bugs.debian.org/316388 is that gpg is normally able to detect if it's in a GUI or at a tty, and will prompt in the tty if necessary. Where that may fall down is when gpg is run with its stdio connected to pipes, since then probably isatty fails. Although in at least some cases, gpg apparently then falls back to /dev/tty.Propellor runs gpg with stdin and stdout piped to it when eg, decrypting the privdata file. I tried
propellor --list-fieldsat the linux console and it fails there.But, when I tried
propellor --spin hostat the linux console, that worked ok, including making the gpg signed git commit. Of course git is running gpg in this case, and perhaps my version of git has its own way to avoid this problem.This does seems like something propellor could work around fairly inexpensively.
(See also propellor and gpg2.)
It seems that setting
GPG_TTYdoes not force gpg to prompt at a tty when in a GUI. At least in X with gpg 2.1, I still get a GUI prompt from gpg. Good.I've made propellor set
GPG_TTYand verified that this lets gpg prompt for the password at the linux console.Since I was not able to reproduce git commit signing not working, I don't know for sure that this fixed that, but imagine it probably would.