1 |
On Mon, 1 Aug 2022 15:49:18 +0000 (UTC) Andrey Grozin wrote: |
2 |
> Hello *, |
3 |
> |
4 |
> Sorry for a very naive question. |
5 |
> |
6 |
> In the past, I used |
7 |
> repoman commit |
8 |
> to commit a new ebuild. I got a text screen in my terminal where I typed my |
9 |
> passphraise (if I then committed something else within the timeout, I didn't |
10 |
> have to re-type it). |
11 |
> |
12 |
> Now we are recommended to use |
13 |
> pkgdev commit |
14 |
> instead. But it does not ask for my passphraise, just writes an error message |
15 |
> that it cannot sign my commit. |
16 |
> |
17 |
> If I commit something with repoman and then (within the timeout) commit |
18 |
> something else with pkgdev, it works. |
19 |
> |
20 |
> My .gnupg/gpg-agent.conf is |
21 |
> |
22 |
> pinentry-program /usr/bin/pinentry-curses |
23 |
> write-env-file |
24 |
> default-cache-ttl 1000000 |
25 |
> |
26 |
> My .gnupg/gpg.conf includes the line |
27 |
> |
28 |
> use-agent |
29 |
> |
30 |
> I can, of course, continue to use repoman for committing. But now it does not |
31 |
> add the Signed-off-by: automatically. I have to add it by hand, in nano. This is |
32 |
> definitely the most convenient way. |
33 |
|
34 |
I have the same problem with pkgdev. It fails to run at |
35 |
least CLI/TUI pinentry when password is needed. To workaround |
36 |
I sign some dummy file with `gpg -s file`, then within cache period |
37 |
I can use it for commits using pkgdev. |
38 |
|
39 |
Cache timeout can be set in gpg-agent.conf, e.g. in seconds: |
40 |
default-cache-ttl 7200 |
41 |
|
42 |
Furthermore I can't use `pkgdev push` to push my commits, because |
43 |
it fails to sign the push and the server rejects my push. I have no |
44 |
idea why, because `git push --signed' works perfectly fine. |
45 |
Regarding pushing to git (I mean git push process, not various |
46 |
checks), pkgdev should do the same as `git push --signed`, but it |
47 |
apparently does not. |
48 |
|
49 |
And last but not the least pkgdev have some problem I could not |
50 |
precisely identify that makes gpg socket forwarding unusable, so I |
51 |
can't forward nitrokey from another host. Plain gpg usually works. |
52 |
|
53 |
Best regards, |
54 |
Andrew Savchenko |