> On 1 Aug 2022, at 17:14, Andrew Savchenko <birc...@gentoo.org> wrote: > > On Mon, 1 Aug 2022 15:49:18 +0000 (UTC) Andrey Grozin wrote: >> Hello *, >> >> Sorry for a very naive question. >> >> In the past, I used >> repoman commit >> to commit a new ebuild. I got a text screen in my terminal where I typed my >> passphraise (if I then committed something else within the timeout, I didn't >> have to re-type it). >> >> Now we are recommended to use >> pkgdev commit >> instead. But it does not ask for my passphraise, just writes an error message >> that it cannot sign my commit. >> >> If I commit something with repoman and then (within the timeout) commit >> something else with pkgdev, it works. >> >> My .gnupg/gpg-agent.conf is >> >> pinentry-program /usr/bin/pinentry-curses >> write-env-file >> default-cache-ttl 1000000 >> >> My .gnupg/gpg.conf includes the line >> >> use-agent >> >> I can, of course, continue to use repoman for committing. But now it does not >> add the Signed-off-by: automatically. I have to add it by hand, in nano. >> This is >> definitely the most convenient way. > > I have the same problem with pkgdev. It fails to run at > least CLI/TUI pinentry when password is needed. To workaround > I sign some dummy file with `gpg -s file`, then within cache period > I can use it for commits using pkgdev. > > Cache timeout can be set in gpg-agent.conf, e.g. in seconds: > default-cache-ttl 7200 > > Furthermore I can't use `pkgdev push` to push my commits, because > it fails to sign the push and the server rejects my push. I have no > idea why, because `git push --signed' works perfectly fine. > Regarding pushing to git (I mean git push process, not various > checks), pkgdev should do the same as `git push --signed`, but it > apparently does not.
git push --signed is of course going to work because you're explicitly telling git to. I suspect you need to run: git config --local push.gpgsign 1 You can probably set it per-remote if desired. > > And last but not the least pkgdev have some problem I could not > precisely identify that makes gpg socket forwarding unusable, so I > can't forward nitrokey from another host. Plain gpg usually works. You can do: GIT_TRACE=1 pkgdev commit ... to see exactly which gpg command is being run, then run that manually and debug it. > > Best regards, > Andrew Savchenko
signature.asc
Description: Message signed with OpenPGP