These are the ramblings of Matthijs Kooijman, concerning the software he hacks on, hobbies he has and occasionally his personal life.
Most content on this site is licensed under the WTFPL, version 2 (details).
Questions? Praise? Blame? Feel free to contact me.
My old blog (pre-2006) is also still available.
See also my Mastodon page.
Sun | Mon | Tue | Wed | Thu | Fri | Sat |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 |
28 |
(...), Arduino, AVR, BaRef, Blosxom, Book, Busy, C++, Charity, Debian, Electronics, Examination, Firefox, Flash, Framework, FreeBSD, Gnome, Hardware, Inter-Actief, IRC, JTAG, LARP, Layout, Linux, Madness, Mail, Math, MS-1013, Mutt, Nerd, Notebook, Optimization, Personal, Plugins, Protocol, QEMU, Random, Rant, Repair, S270, Sailing, Samba, Sanquin, Script, Sleep, Software, SSH, Study, Supermicro, Symbols, Tika, Travel, Trivia, USB, Windows, Work, X201, Xanthe, XBee
Since a while, I've been using git-buildpackage to manage the Debian packaging for OpenTTD. This offers the option to sign the tags created by git-buildpackage, which is of course cool. However, I've found that I always need to load my GPG key into my gpg-agent first to make that work. If I didn't, I'd see the following:
You need a passphrase to unlock the secret key for
user: "Matthijs Kooijman <matthijs@stdin.nl>"
1024-bit DSA key, ID 8A2FAFBC, created 2005-05-27
gpg: cancelled by user
gpg: skipped "Matthijs Kooijman <matthijs@stdin.nl>": bad passphrase
gpg: signing failed: bad passphrase
error: gpg failed to sign the tag
error: unable to sign the tag
This also occurs when calling git tag
directly, but not when calling gpg
--sign
.
I've finally done some research to this, and found that this can be solved by
setting the GPG_TTY
variable in every shell. According to the gpg-agent
manual, you should add the following to your ~/.bashrc
:
GPG_TTY=$(tty)
export GPG_TTY
And whaddayaknow, it works! Sounded pretty silly to me (why not just use
$tty
directly?), but it actually makes some sense. First of all, $(tty)
is
not an evironment variable, but an invocation of the tty
command.
Secondly, it seems of course silly to put this in the environment when the
passphrase-asking code could just find out the current tty by itself. However,
it seems that it is actually gpg-agent itself that initiates the passphrase
dialog. When I unset $GPG_AGENT_INFO
in my terminal, git tag
asks for a
passhprase normally (but just with an "Enter passphrase:
" prompt, instead
of the full-screen curses-based prompt I get normally).
This probably means that whatever code is calling gpg-agent from within
git tag
, is sending along the value of the GPG_TTY
variable (or perhaps
simple all of the environment?). I guess the gpg
command automatically sets
the GPG_TTY
variable internally, which is why using gpg
directly just
worked.
This also explains why, after entering my passphrase, my key was added to the agent as well.
Comments are closed for this story.