1 |
> On 1 Aug 2022, at 17:14, Andrew Savchenko <bircoph@g.o> wrote: |
2 |
> |
3 |
> On Mon, 1 Aug 2022 15:49:18 +0000 (UTC) Andrey Grozin wrote: |
4 |
>> Hello *, |
5 |
>> |
6 |
>> Sorry for a very naive question. |
7 |
>> |
8 |
>> In the past, I used |
9 |
>> repoman commit |
10 |
>> to commit a new ebuild. I got a text screen in my terminal where I typed my |
11 |
>> passphraise (if I then committed something else within the timeout, I didn't |
12 |
>> have to re-type it). |
13 |
>> |
14 |
>> Now we are recommended to use |
15 |
>> pkgdev commit |
16 |
>> instead. But it does not ask for my passphraise, just writes an error message |
17 |
>> that it cannot sign my commit. |
18 |
>> |
19 |
>> If I commit something with repoman and then (within the timeout) commit |
20 |
>> something else with pkgdev, it works. |
21 |
>> |
22 |
>> My .gnupg/gpg-agent.conf is |
23 |
>> |
24 |
>> pinentry-program /usr/bin/pinentry-curses |
25 |
>> write-env-file |
26 |
>> default-cache-ttl 1000000 |
27 |
>> |
28 |
>> My .gnupg/gpg.conf includes the line |
29 |
>> |
30 |
>> use-agent |
31 |
>> |
32 |
>> I can, of course, continue to use repoman for committing. But now it does not |
33 |
>> add the Signed-off-by: automatically. I have to add it by hand, in nano. This is |
34 |
>> definitely the most convenient way. |
35 |
> |
36 |
> I have the same problem with pkgdev. It fails to run at |
37 |
> least CLI/TUI pinentry when password is needed. To workaround |
38 |
> I sign some dummy file with `gpg -s file`, then within cache period |
39 |
> I can use it for commits using pkgdev. |
40 |
> |
41 |
> Cache timeout can be set in gpg-agent.conf, e.g. in seconds: |
42 |
> default-cache-ttl 7200 |
43 |
> |
44 |
> Furthermore I can't use `pkgdev push` to push my commits, because |
45 |
> it fails to sign the push and the server rejects my push. I have no |
46 |
> idea why, because `git push --signed' works perfectly fine. |
47 |
> Regarding pushing to git (I mean git push process, not various |
48 |
> checks), pkgdev should do the same as `git push --signed`, but it |
49 |
> apparently does not. |
50 |
|
51 |
git push --signed is of course going to work because you're explicitly |
52 |
telling git to. |
53 |
|
54 |
I suspect you need to run: |
55 |
git config --local push.gpgsign 1 |
56 |
|
57 |
You can probably set it per-remote if desired. |
58 |
|
59 |
> |
60 |
> And last but not the least pkgdev have some problem I could not |
61 |
> precisely identify that makes gpg socket forwarding unusable, so I |
62 |
> can't forward nitrokey from another host. Plain gpg usually works. |
63 |
|
64 |
You can do: |
65 |
GIT_TRACE=1 pkgdev commit ... |
66 |
to see exactly which gpg command is being run, then run that |
67 |
manually and debug it. |
68 |
|
69 |
> |
70 |
> Best regards, |
71 |
> Andrew Savchenko |