I’m trying to create a consistent setup for GPG signing on CLI and IDE (Intellij Idea Community Edition). So far, I’m able to sign my commits with CLI on host, toolbox containers and the terminal inside the IDE but not the IDE itself. I mean, if I use the built-in git capabilities of the IDE, it will simply fail with the following error:
error: gpg failed to sign the data fatal: failed to write commit object
I have Fedora Silverblue 37 on my laptop and here are my configs:
[user] signingkey = 476B3D9B8D36FDE6! [commit] gpgsign = true
use-agent keyserver hkps://keys.openpgp.org pinentry-mode loopback
default-cache-ttl 600 max-cache-ttl 7200 pinentry-program /usr/bin/pinentry
The flatpak Intellij Idea Community includes pinentry-gnome3 bundled and when I type
gpgconf in its terminal, I get the following output:
$ gpgconf gpg:OpenPGP:/usr/bin/gpg gpgsm:S/MIME:/usr/bin/gpgsm gpg-agent:Private Keys:/usr/bin/gpg-agent scdaemon:Smartcards:/usr/libexec/scdaemon dirmngr:Network:/usr/bin/dirmngr pinentry:Passphrase Entry:/usr/bin/pinentry
I’m able to use pinentry inside the terminal of the IDE:
$ echo getpin|pinentry OK Pleased to meet you D asd OK
gpg-agent is running on the host and if I let it cache the password of my GPG key, I’m able to sign commits both on the host and inside the IDE without any issues. So the problem seems to be that the IDE is not able to ask for the GPG password.
I tried various configurations like setting
pinentry-mode ask, adding
no-tty option etc but none of those actually worked. I also gave
gpg-agent socket permission to the IDE but that didn’t work as well.
What am I missing? Does anyone have an idea about this?
More Information about my system:
gpg inside container
$ gpg --version gpg (GnuPG) 2.2.39 libgcrypt 1.10.1 Copyright (C) 2022 g10 Code GmbH License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /var/home/tunix/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2