Hello *,

Sorry for a very naive question.

In the past, I used
repoman commit
to commit a new ebuild. I got a text screen in my terminal where I typed my passphraise (if I then committed something else within the timeout, I didn't have to re-type it).

Now we are recommended to use
pkgdev commit
instead. But it does not ask for my passphraise, just writes an error message that it cannot sign my commit.

If I commit something with repoman and then (within the timeout) commit something else with pkgdev, it works.

My .gnupg/gpg-agent.conf is

pinentry-program /usr/bin/pinentry-curses
write-env-file
default-cache-ttl 1000000

My .gnupg/gpg.conf includes the line

use-agent

I can, of course, continue to use repoman for committing. But now it does not add the Signed-off-by: automatically. I have to add it by hand, in nano. This is
definitely the most convenient way.

Thanks in advance,
Andrey

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Aug 1, 2022 at 8:49 AM Andrey Grozin
<grozin@woodpecker.gentoo.org> wrote:

Hello *,

Hi!

Sorry for a very naive question.

In the past, I used
repoman commit
to commit a new ebuild. I got a text screen in my terminal where I typed my passphraise (if I then committed something else within the timeout, I didn't have to re-type it).

Now we are recommended to use
pkgdev commit
instead. But it does not ask for my passphraise, just writes an error message that it cannot sign my commit.

Can you please provide the error message? The rest is us guessing.

For example, with gpg I have problems unless I set GPG_TTY=$(tty) in
my .bashrc; if you run man gpg-agent you see a blurb about this being 'required' but it worked fine for years until it did not...I suspect
it is quite environment dependent.

-A

If I commit something with repoman and then (within the timeout) commit something else with pkgdev, it works.

My .gnupg/gpg-agent.conf is

pinentry-program /usr/bin/pinentry-curses
write-env-file
default-cache-ttl 1000000

My .gnupg/gpg.conf includes the line

use-agent

I can, of course, continue to use repoman for committing. But now it does not add the Signed-off-by: automatically. I have to add it by hand, in nano. This is
definitely the most convenient way.

Thanks in advance,
Andrey

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 1 Aug 2022 15:49:18 +0000 (UTC) Andrey Grozin wrote:

Hello *,

Sorry for a very naive question.

In the past, I used
repoman commit
to commit a new ebuild. I got a text screen in my terminal where I typed my passphraise (if I then committed something else within the timeout, I didn't have to re-type it).

Now we are recommended to use
pkgdev commit
instead. But it does not ask for my passphraise, just writes an error message that it cannot sign my commit.

If I commit something with repoman and then (within the timeout) commit something else with pkgdev, it works.

My .gnupg/gpg-agent.conf is

pinentry-program /usr/bin/pinentry-curses
write-env-file
default-cache-ttl 1000000

My .gnupg/gpg.conf includes the line

use-agent

I can, of course, continue to use repoman for committing. But now it does not add the Signed-off-by: automatically. I have to add it by hand, in nano. This is
definitely the most convenient way.

I have the same problem with pkgdev. It fails to run at
least CLI/TUI pinentry when password is needed. To workaround
I sign some dummy file with `gpg -s file`, then within cache period
I can use it for commits using pkgdev.

Cache timeout can be set in gpg-agent.conf, e.g. in seconds:
default-cache-ttl 7200

Furthermore I can't use `pkgdev push` to push my commits, because
it fails to sign the push and the server rejects my push. I have no
idea why, because `git push --signed' works perfectly fine.
Regarding pushing to git (I mean git push process, not various
checks), pkgdev should do the same as `git push --signed`, but it
apparently does not.

And last but not the least pkgdev have some problem I could not
precisely identify that makes gpg socket forwarding unusable, so I
can't forward nitrokey from another host. Plain gpg usually works.

Best regards,
Andrew Savchenko

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE63ZIHsdeM+1XgNer9lNaM7oe5I0FAmLn+/kACgkQ9lNaM7oe 5I2dJg/+PAAdWf6y6Pzz6jkJ8up+UwaAhHsjiVZ5vF1dtDxAHI/vEuCDPuC2+pzd 8ETWkD1aGGJUSgXD3W72y3DtmXiTbP27CqI6lJ59mhhPNKCbgecbATpXCNZEgeK2 CtfcfV37AsUGIbsrB1h0uH39LaFI+fcP71lr3Lt/b2xju2MJk00/KPgujOiMXuIT X4maeHME0ElZwwEdfs8r3uqFgRqK5NBtbP7fGbxgGOoI6W8hTMxwEBPQWj8aUub1 N4k+SLUmw29havbdIVREVCFLb9XPcgqe1AfreF8BR4maq7zEVEtNFty4hQCXcYpl ArbqERM5FganL5xGVXdeTtNSr6zQB6dw3pybteU8PYMJh8s45CRWn634Bv6Vu2Jl 4YrXT1X+z0gQGE3oUXyg772jdxlmMLNL2QolZlQN7fqcc3N7gU05ZbMMQGP80sfe WPMKF5daYynn6ZfJ9hKHkryfg8mwALYyqZYsmZho1VV/jXHBY96SIw1gEExMYS2B m9jlt0/+u/D0pPmhUoKRf23qZhS4lgzgEWO+zALYxzrd5hPISZPulkrpZsj3ombW RAB8ozRSjLuWssW6BgyoDPHoVoJZTPmHuae3PIrxkjUl847MjW9LtGhag43mSfYj bG++2oWBfDKRDNuSV1/TvkgDShDdLGl6y2gPlTmlpjYhMzbME3s=
=4Xvh
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 1 Aug 2022, at 16:49, Andrey Grozin <grozin@woodpecker.gentoo.org> wrote:

Hello *,

Sorry for a very naive question.

In the past, I used
repoman commit
to commit a new ebuild. I got a text screen in my terminal where I typed my passphraise (if I then committed something else within the timeout, I didn't have to re-type it).

Now we are recommended to use
pkgdev commit
instead. But it does not ask for my passphraise, just writes an error message that it cannot sign my commit.

If I commit something with repoman and then (within the timeout) commit something else with pkgdev, it works.

See https://wiki.gentoo.org/wiki/Pkgdev#git_signing_errors.

My guess is that repoman is picking up the right key but pkgdev, because
It just asks git, isn't.

repoman would use a configuration option in make.conf while pkgdev does not.

Thanks in advance,
Andrey

Best,
sam

-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQlpruI3Zt2TGtVQcJzhAn1IN+RkAUCYuhv018UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MjVB NkJCODhERDlCNzY0QzZCNTU0MUMyNzM4NDA5RjUyMERGOTE5MAAKCRBzhAn1IN+R kEKpAPwO+MaHraunsFvUoDiyjKusa2jEmCh5UZuh9ZE1O/neuAEAob1GQkTbONUu u/x7w+YvtR1DSwqcJSvGiSHeTQry7gk=
=lbCg
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 1 Aug 2022, at 17:14, Andrew Savchenko <bircoph@gentoo.org> wrote:

On Mon, 1 Aug 2022 15:49:18 +0000 (UTC) Andrey Grozin wrote:

Hello *,

Sorry for a very naive question.

In the past, I used
repoman commit
to commit a new ebuild. I got a text screen in my terminal where I typed my >> passphraise (if I then committed something else within the timeout, I didn't >> have to re-type it).

Now we are recommended to use
pkgdev commit
instead. But it does not ask for my passphraise, just writes an error message
that it cannot sign my commit.

If I commit something with repoman and then (within the timeout) commit
something else with pkgdev, it works.

My .gnupg/gpg-agent.conf is

pinentry-program /usr/bin/pinentry-curses
write-env-file
default-cache-ttl 1000000

My .gnupg/gpg.conf includes the line

use-agent

I can, of course, continue to use repoman for committing. But now it does not
add the Signed-off-by: automatically. I have to add it by hand, in nano. This is
definitely the most convenient way.

I have the same problem with pkgdev. It fails to run at
least CLI/TUI pinentry when password is needed. To workaround
I sign some dummy file with `gpg -s file`, then within cache period
I can use it for commits using pkgdev.

Cache timeout can be set in gpg-agent.conf, e.g. in seconds: default-cache-ttl 7200

Furthermore I can't use `pkgdev push` to push my commits, because
it fails to sign the push and the server rejects my push. I have no
idea why, because `git push --signed' works perfectly fine.
Regarding pushing to git (I mean git push process, not various
checks), pkgdev should do the same as `git push --signed`, but it
apparently does not.

git push --signed is of course going to work because you're explicitly
telling git to.

I suspect you need to run:
git config --local push.gpgsign 1

You can probably set it per-remote if desired.

And last but not the least pkgdev have some problem I could not
precisely identify that makes gpg socket forwarding unusable, so I
can't forward nitrokey from another host. Plain gpg usually works.

You can do:
GIT_TRACE=1 pkgdev commit ...
to see exactly which gpg command is being run, then run that
manually and debug it.

Best regards,
Andrew Savchenko

-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQlpruI3Zt2TGtVQcJzhAn1IN+RkAUCYuhwGl8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MjVB NkJCODhERDlCNzY0QzZCNTU0MUMyNzM4NDA5RjUyMERGOTE5MAAKCRBzhAn1IN+R kHbhAP446dqeHd0Gu7ab1ehMpvjdGqu8jR/rIZiY8eXnrXURxgEAgtOptYJn9RwQ gdfvyhnZFiQTzejqgE+Ozzj67RPF+gM=
=QPWr
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 1 Aug 2022, Andrew Savchenko wrote:

I have the same problem with pkgdev. It fails to run at
least CLI/TUI pinentry when password is needed. To workaround
I sign some dummy file with `gpg -s file`, then within cache period
I can use it for commits using pkgdev.

Thank you, this workaround works.

Andrey

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)