GPG Signing Issue with Intellij Idea

tunix · March 21, 2023, 7:24pm

Hi,

I’m trying to create a consistent setup for GPG signing on CLI and IDE (Intellij Idea Community Edition). So far, I’m able to sign my commits with CLI on host, toolbox containers and the terminal inside the IDE but not the IDE itself. I mean, if I use the built-in git capabilities of the IDE, it will simply fail with the following error:

error: gpg failed to sign the data
fatal: failed to write commit object

I have Fedora Silverblue 37 on my laptop and here are my configs:

.gitconfig

[user]
    signingkey = 476B3D9B8D36FDE6!
[commit]
    gpgsign = true

gpg.conf

use-agent
keyserver hkps://keys.openpgp.org
pinentry-mode loopback

gpg-agent.conf

default-cache-ttl 600
max-cache-ttl 7200
pinentry-program /usr/bin/pinentry

The flatpak Intellij Idea Community includes pinentry-gnome3 bundled and when I type gpgconf in its terminal, I get the following output:

$ gpgconf
gpg:OpenPGP:/usr/bin/gpg
gpgsm:S/MIME:/usr/bin/gpgsm
gpg-agent:Private Keys:/usr/bin/gpg-agent
scdaemon:Smartcards:/usr/libexec/scdaemon
dirmngr:Network:/usr/bin/dirmngr
pinentry:Passphrase Entry:/usr/bin/pinentry

I’m able to use pinentry inside the terminal of the IDE:

$ echo getpin|pinentry
OK Pleased to meet you
D asd
OK

gpg-agent is running on the host and if I let it cache the password of my GPG key, I’m able to sign commits both on the host and inside the IDE without any issues. So the problem seems to be that the IDE is not able to ask for the GPG password.

I tried various configurations like setting pinentry-mode ask, adding no-tty option etc but none of those actually worked. I also gave gpg-agent socket permission to the IDE but that didn’t work as well.

What am I missing? Does anyone have an idea about this?

More Information about my system:

gpg inside container

$ gpg --version
gpg (GnuPG) 2.2.39
libgcrypt 1.10.1
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /var/home/tunix/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

jayc · January 21, 2024, 10:17am

Did you end up finding a solution for this? I am running Fedora 39 Silverblue and using flatpack of WebStorm and unfortunately am also running into this dreaded error!