Git tag with gpg-agent and pinentry-curses

gitgnupg

When using gpg-agent with git tag -u, I'm getting the following error immediately:

gpg: cancelled by user
gpg: skipped "my@email.com": bad passphrase
gpg: signing failed: bad passphrase
error: gpg failed to sign the data
error: unable to sign the tag

gpg-agent.conf:

pinentry-program /usr/bin/pinentry-curses

When I unlock the key first (via a gpg -e -s test.txt), then the git tag -u command picks up the key and signs the tag as expected.

This is on ubuntu 13.10, using i3 wm. I'd be suspicious that gnome-keyring is somehow hampering…something, but on an raspberry pi, running archlinux-arm, it works the same way, but with a slightly different issue — After running the git tag -u command, it asks for a password to unlock, but no pinentry or prompt appears. After a time (about 30 seconds), it fails with the following:

gpg: problem with the agent: Line passed to IPC too long
gpg: skipped "my@email.com": Operation cancelled
gpg: signing failed: Operation cancelled
error: gpg failed to sign the data
error: unable to sign the tag

Again, once I unlock the key with a straight gpg -s to an arbitrary file to cache the credentials in gpg-agent, the tag is signed without issue.

My assumption is that something is weird with my useage of pinentry-curses. I have already updated /usr/bin/pinentry to point to /usr/bin/pinentry-curses, but the problem persists.

What am I doing wrong, and how do I get git to play nice with gpg/pinentry?

  • ubuntu gpg version: 1.4.14
  • archlinux-arm gpg version: gnupg-2.0.22-1

EDIT: running zsh. Here is the relevant bit sourced for the gpg agent:

if [ $EUID -ne 0 ] ; then
    envfile="$HOME/.gnupg/gpg-agent.env"
    if [[ -e "$envfile" ]] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
        eval "$(cat "$envfile")"
    else
        eval "$(gpg-agent --daemon --write-env-file "$envfile")"
    fi
    export GPG_AGENT_INFO  # the env file does not contain the export statement
fi

when I follow $(tty) (eg: /dev/pts/16) the ownsership is already user:tty.

Best Answer

You will also need to export the GPG_TTY variable every time when you start a new TTY (could also be done from bash/zsh rc files):

export GPG_TTY=$(tty)
Related Question