Neogit breaks on GPG commit signing password prompt

[Strongleong]

Description

When I have enabled GPG signing and I try to commit this happens: https://github.com/NeogitOrg/neogit/assets/17177071/6a8bbd8b-b9a7-446e-9a67-e4d9cef47b7b

No matter what I type, GPG rejects it, neovim behaves unpredictable and only <Ctrl+c> helps. But console now in broken state (typing reset helps)

Neovim version

NVIM v0.9.5 Build type: Release LuaJIT 2.1.0-beta3 Compilation: /usr/lib/ccache/bin/x86_64-pc-linux-gnu-gcc -Wall -Wextra -pedantic -Wno-unused-parameter -Wstrict-prototypes -std=gnu99 -Wshadow -Wconversion -Wvla -Wdouble-promotion -Wmissing-noreturn -Wmissing-format-attribute -Wmissing-prototypes -fno-common -Wno-unused-result -Wimplicit-fallthrough -fdiagnostics-color=always -fstack-protector-strong -DUNIT_TESTING -DINCLUDE_GENERATED_DECLARATIONS -D_GNU_SOURCE -I/usr/include/luajit-2.1 -I/usr/include -I/usr/include -I/var/tmp/portage/app-editors/neovim-0.9.5/work/neovim-0.9.5_build/src/nvim/auto -I/var/tmp/portage/app-editors/neovim-0.9.5/work/neovim-0.9.5_build/include -I/var/tmp/portage/app-editors/neovim-0.9.5/work/neovim-0.9.5_build/cmake.config -I/var/tmp/portage/app-editors/neovim-0.9.5/work/neovim-0.9.5/src -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include -I/usr/include

system vimrc file: "/etc/vim/sysinit.vim" fall-back for $VIM: "/usr/share/nvim"

Operating system and version

Gentoo (kernel version 6.1.69)

Steps to reproduce

1. Make sure you have GPG signing enabled with password protected key
2. Create git repository
3. nvim -nu minima.lua
4. Create file
5. :Neogit
6. Stash file
7. Commit

Expected behavior

Neogit prompts for GPG password and creates signed commit. Nothing is broken

Actual behavior

GPG password prompt pops up, Neogit tries to "fight" it. Broken console. Commit is not created

Minimal config

-- NOTE: See the end of this file if you are reporting an issue, etc. Ignore all the "scary" functions up top, those are
-- used for setup and other operations.
local M = {}

local base_root_path = vim.fn.fnamemodify(debug.getinfo(1, "S").source:sub(2), ":p:h") .. "/.min"
function M.root(path)
  return base_root_path .. "/" .. (path or "")
end

function M.load_plugin(plugin_name, plugin_url)
  local package_root = M.root("plugins/")
  local install_destination = package_root .. plugin_name
  vim.opt.runtimepath:append(install_destination)

  if not vim.loop.fs_stat(package_root) then
    vim.fn.mkdir(package_root, "p")
  end

  if not vim.loop.fs_stat(install_destination) then
    print(string.format("> Downloading plugin '%s' to '%s'", plugin_name, install_destination))
    vim.fn.system({
      "git",
      "clone",
      "--depth=1",
      plugin_url,
      install_destination,
    })
    if vim.v.shell_error > 0 then
      error(string.format("> Failed to clone plugin: '%s' in '%s'!", plugin_name, install_destination),
        vim.log.levels.ERROR)
    end
  end
end

---@alias PluginName string The plugin name, will be used as part of the git clone destination
---@alias PluginUrl string The git url at which a plugin is located, can be a path. See https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols for details
---@alias MinPlugins table<PluginName, PluginUrl>

---Do the initial setup. Downloads plugins, ensures the minimal init does not pollute the filesystem by keeping
---everything self contained to the CWD of the minimal init file. Run prior to running tests, reproducing issues, etc.
---@param plugins? table<PluginName, PluginUrl>
function M.setup(plugins)
  vim.opt.packpath = {}                      -- Empty the package path so we use only the plugins specified
  vim.opt.runtimepath:append(M.root(".min")) -- Ensure the runtime detects the root min dir

  -- Install required plugins
  if plugins ~= nil then
    for plugin_name, plugin_url in pairs(plugins) do
      M.load_plugin(plugin_name, plugin_url)
    end
  end

  vim.env.XDG_CONFIG_HOME = M.root("xdg/config")
  vim.env.XDG_DATA_HOME = M.root("xdg/data")
  vim.env.XDG_STATE_HOME = M.root("xdg/state")
  vim.env.XDG_CACHE_HOME = M.root("xdg/cache")

  -- NOTE: Cleanup the xdg cache on exit so new runs of the minimal init doesn't share any previous state, e.g. shada
  vim.api.nvim_create_autocmd("VimLeave", {
    callback = function()
      vim.fn.system({
        "rm",
        "-r",
        "-f",
        M.root("xdg")
      })
    end
  })
end

-- NOTE: If you have additional plugins you need to install to reproduce your issue, include them in the plugins
-- table within the setup call below.
M.setup({
  plenary = "https://github.com/nvim-lua/plenary.nvim.git",
  telescope = "https://github.com/nvim-telescope/telescope.nvim",
  diffview = "https://github.com/sindrets/diffview.nvim",
  neogit = "https://github.com/NeogitOrg/neogit"
})
-- WARN: Do all plugin setup, test runs, reproductions, etc. AFTER calling setup with a list of plugins!
-- Basically, do all that stuff AFTER this line.
require("neogit").setup({}) -- For instance, setup Neogit

[CKolkey]

Thanks - managed to reproduce this.

[CKolkey]

Am I correct that you have GPG_TTY set in your shell?

[CKolkey]

Ok, spent the last hour doing some reading: Using the pinentry-curses program will not work with neovim. https://github.com/tpope/vim-fugitive/issues/1836#issuecomment-918677504 Fugative has the exact same issue - it's not something I can do anything about.

However, there is a way to set up gpg to work with neovim/neogit. Make sure these conf files contain these lines:

# ~/.gnupg/gpg-agent.conf

pinentry-program /opt/homebrew/bin/pinentry-tty
allow-loopback-pinentry

# ~/.gnupg/gpg.conf

pinentry-mode loopback

With that set up, neogit will catch when you are prompted for a password, and you will be able to input it.

[Strongleong]

Thank you very much! Your solution did work really nice!

I think this should be documented somewhere

And yes, I do in fact have $GPG_TTY set

[CKolkey]

Yeah, I'll add documentation, good call :)

[dandyrow]

I'm having this issue on Debian however I've tried using the solution above and it hasn't worked. I'm still getting the gpg password entry that's drawing over Neovim causing issues and the commit to fail

[Strongleong]

Maybe on debian older version of gpg that searching different folders/files for configs?

[dandyrow]

It does actually change the password prompt on the terminal to a cli based one instead of the ncurses one however when I try use it with neogit I get the same problem where I can't enter my password

That blue block of text is being drawn over neovim which is preventing me from entering my password to it. Without me interacting with it, it then changes to the following:

At this point neovim is entirely frozen and no matter what keybinds I use, including -c it stays on the screen. Eventually it will show the following and I can use neovim again.

[CKolkey]

seems like either an ENV related thing, or a git config issue. Neogit is spawning a sub-process PTY to do the commit - it looks like the ncurses UI is still in effect there.

[dandyrow]

Ah so do you think that it could be because I have git set to sign every commit in my git config?

In my terminal this is what I see when doing a git commit

[CKolkey]

Not exactly - It shouldn't really matter how frequently it asks. Though... the screenshot you posted is using OpenPGP, which I haven't tried. I'm using gnupg. That might be the issue, maybe. Perhaps you could try this branch and see if it resolves anything: https://github.com/NeogitOrg/neogit/pull/1374

However, I suspect that however you're telling OpenPGP to not use ncurses isn't being read or exported properly. But lets see.

[dandyrow]

Unfortunately that's still not working. Still seeing neovim freezing and the ncurses thing drawing over. I'll see if there's a way to tell OpenPGP not to do that.

Also thank you very much for your replies and help with this!

[dandyrow]

Just checked and it seems I only have gpg installed. It must only be saying openPGP in that prompt because it is an implementation of openPGP

[dandyrow]

I've worked it out. My gpg config files were in the wrong place. GPG was expecting them to be in $XDG_DATA_HOME/gnupg rather than ~/.gnupg. Thanks for your help!

[CKolkey]

Great :) Seemed like that was the issue.