bug: fugit2 does not respect commit signing configuration when --gpg-sign

[seanaye]

Did you check docs and existing issues?

• [X] I have read all the plugin docs
• [X] I have searched the existing issues
• [X] I have searched the existing issues of plugins related to this issue

Neovim version (nvim -v)

NVIM v0.9.5 Build type: Release LuaJIT 2.1.1703358377

Operating system/version

MacOS 14.4

Describe the bug

Fugit2 does not respect the git configuration for signing commits.

Steps To Reproduce

1. Set your git config to sign commits with GPG key
2. Make commit using Fugit2
3. The commit is not signed

Expected Behavior

The commit should be signed as defined in the git configuration

[seanaye]

PS awesome work on this plugin it looks amazing

[SuperBo]

@seanaye, Omg, I haven't test libgit2 with GPG key. I will try to look at libgit2 docs for this.

This should be classified as feature 👍

[seanaye]

I don't think I have the permission to change the label, I don't see the button for it.

Thanks for looking!

[SuperBo]

Hi @seanaye, this feature is partially support after this https://github.com/SuperBo/fugit2.nvim/pull/31.

[

](url)

To use it you should do following setup:

• install gpgme lib. brew install gpgme or similar
• configure pinentry to some GUI pinentry, that way pinentry will not clear neovim terminal UI.

NOTE: only support for create commit now. I will find a way to make it work for commit amend, extend later.

Please help me test it, thank you!

[seanaye]

I'm not sure how to configure pinentry in the way that you described. I have installed the branch in the PR and also gpgme, but when I go to commit I get Failed to get gpg key ssh-rsa ....my key..., code: 16383

[disusered]

I get the same error; pressing Enter a second time will successfully commit without verification.

I am using https://github.com/chrisgrieser/nvim-tinygit alongside fugit2.nvim, it has a commit/amend/edit command that signs commits without external dependencies. Is it viable to port their implementation to this plugin?

[SuperBo]

Hi @seanaye , sorry for late reply

For pin-entry thing

brew install gpgme pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf

Your error happens because gpgme can't get the default gpg key. Do you have multiple keys in your gpg config?

[SuperBo]

@disusered, did you set password for your gnupg key?

To answer your question, nvim-tinygit use git command to do git functionalities. However, my plugin try to use libgit2 do to git tasks.

I've just finished Diffview implementation, I will try implement these features now. Hope you guys can help me testing these features.

[SuperBo]

hi @disusered, now you can extend, amend commit with gpg-signing after this PR https://github.com/SuperBo/fugit2.nvim/pull/54.

Can you help me test it?

[disusered]

@disusered, did you set password for your gnupg key?

To answer your question, nvim-tinygit use git command to do git functionalities. However, my plugin try to use libgit2 do to git tasks.

I've just finished Diffview implementation, I will try implement these features now. Hope you guys can help me testing these features.

I will try setting it, thank you!

hi @disusered, now you can extend, amend commit with gpg-signing after this PR https://github.com/SuperBo/fugit2.nvim/pull/54.

Sure, I will give it a go this evening, thank you!

[disusered]

I figured out my mistake, last month I upgraded my desktop and changed my commit signing to SSH. I looked through libgit2's repo to find out if there was support and only found https://github.com/libgit2/libgit2/issues/6397

If I have time this week I will try setting up GPG! Thanks again.

[SuperBo]

@disusered, the way libgit2 support commit signing is via this method https://libgit2.org/libgit2/#HEAD/group/commit/git_commit_create_with_signature. So I have to use GPGme to sign commit before creating it :D.

Edit: it is possible to use ssh to sign commit. Can you help me create a dedicated issue for ssh signing.

[SuperBo]

@disusered, I implemented ssh signing in latest commit, you can test it now

[disusered]

@disusered, I implemented ssh signing in latest commit, you can test it now

I tried it out and got the following output:

2024-05-17T11:26:03  ERROR [Fugit2] Failed to sign commit with ssh, Couldn't load public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN0ymLThQeG/B8GhYqrOUdjr2yydERDzP94yU9LT9o+N: No such file or directory, error code: 255
2024-05-17T11:26:17  INFO [Fugit2] New commit 7829abb8

❯ git log --show-signature
commit 7829abb8b2d22b692c24125866e3ebc26e183aa0 (HEAD -> main)
Author: Carlos Rosquillas <crosquillas@gmail.com>
Date:   Fri May 17 11:25:38 2024 -0700

    Use fugit2 now that diff signing works

commit 1303791a27b7417ff10ae773b1592f0da4e590e3
Good "git" signature for crosquillas@gmail.com with ED25519 key SHA256:e9yaSCbUZB8cnCtRGTCnao36FdGSKt/uqXgZDYPLpM8
Author: Carlos Rosquillas <crosquillas@gmail.com>
Date:   Fri Apr 26 18:11:22 2024 -0700

    Set up LaTeX with spellcheck

I checked my allowed_signers and it matches the one in the log, so it seems correct. I think it may be because I use 1Password with this Git config:

[user]
    name = Carlos Rosquillas
    email = crosquillas@gmail.com
    signingkey = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN0ymLThQeG/B8GhYqrOUdjr2yydERDzP94yU9LT9o+N
[gpg]
    format = ssh
[gpg "ssh"]
    program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"
    allowedSignersFile = /Users/carlos/.ssh/allowed_signers
[commit]
    gpgsign = true
...

I will try to have a look at the source code tonight, if you have any tips for debugging this I'm all ears! Thanks again!

[SuperBo]

@disusered, new PR https://github.com/SuperBo/fugit2.nvim/pull/57 and https://github.com/SuperBo/fugit2.nvim/commit/4a373ddaeb73ab6c66197a7afb276d7f96de6817 should solve your issue.

In my previous implementation, I assumed user.signingkey should point to a file path. After taking a look at git source code, I adjusted fugit2 behavior to the same way.

[disusered]

@disusered, new PR #57 and 4a373dd should solve your issue.

In my previous implementation, I assumed user.signingkey should point to a file path. After taking a look at git source code, I adjusted fugit2 behavior to the same way.

I was out of town this weekend, gave it a shot, seems there is an issue with temporary file permissions on MacOS:

2024-05-20T13:05:38  ERROR [Fugit2] Failed to sign commit with ssh, Can't create temp file EROFS
2024-05-20T13:05:40  INFO [Fugit2] New commit ea402bab

From https://github.com/SuperBo/fugit2.nvim/pull/57/files#diff-dbe2c578d6fb75f9fd36204660d951bc2cd85d48fc0cc7de0fafbaae3f7782cdR23 I did some digging:

If I print my os.getenv("TMPDIR") I get /tmp, seems it's the trailing slash. I added this to my local installation:

-- temp dir
M.TMPDIR = os.getenv "TMPDIR" or "/tmp/"

-- ensure the directory ends with a slash
if not M.TMPDIR:match("/$") then
    M.TMPDIR = M.TMPDIR .. "/"
end

And success!

commit abdbb117a23f30b44206f2beb3eb85a3d3baf2b6 (HEAD -> main)
Good "git" signature for crosquillas@gmail.com with ED25519 key SHA256:e9yaSCbUZB8cnCtRGTCnao36FdGSKt/uqXgZDYPLpM8
Author: Carlos Rosquillas <crosquillas@gmail.com>
Date:   Mon May 20 13:24:09 2024 -0700

    Update LazyVim

If you want me to open a PR I'd be happy to later this evening, if you want to push it yourself I would be happy with that as well! My approach assumes that os.getenv("TMPDIR") might sometimes return a trailing slash depending on the source OS.

Thank you so much for your efforts, I enjoy your plugin and still delighted to have found a workflow that can substitute Fugitive.

[SuperBo]

Thank you @disusered for discovered the bug, that trailing slash can be "\" on Windows. So I switch to use plenary.Path for TMPDIR (https://github.com/SuperBo/fugit2.nvim/commit/b7d6728250b1052ca8e6c11e7cc63a2065e01977).

It should solve your problem :D. I think I can finally close this ticket 👍

[SuperBo]

Close this issue, detail instructions are in the wiki https://github.com/SuperBo/fugit2.nvim/wiki/GPG-Singing-and-SSH-Signing