search

gitbutlerapp / gitbutler

The GitButler version control client, backed by Git, powered by Tauri/Rust/Svelte
https://gitbutler.com
Other
13.15k stars 521 forks source link

Failed to sign commits using gpg #4750

Open inflation opened 2 months ago

inflation commented 2 months ago

Version

0.12.20

Operating System

Mac OS X

Distribution Method

dmg (Apple Silicon)

Describe the issue

Test signing with gpg failed with:

Signing is not working correctly No such file or directory (os error 2)

The command in the log runs fine in the shell:

❯ "gpg" "--status-fd=2" "-bsau" "04278459" "-"                                                              at 14:58:33
[GNUPG:] KEY_CONSIDERED 91E148533A8CA28D4FB5054313D6365B04278459 2
[GNUPG:] BEGIN_SIGNING H10
hi there
[GNUPG:] PINENTRY_LAUNCHED 50639 mac 1.1.1 /dev/ttys000 xterm-256color - 20620/501/4 501/20 0
[GNUPG:] SIG_CREATED D 22 10 00 1724482720 91E148533A8CA28D4FB5054313D6365B04278459
-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQSR4UhTOoyijU+1BUMT1jZbBCeEWQUCZsmEoAAKCRAT1jZbBCeE
WSA5AP9VG1LWpZpgxa8XfD6KUC1jf5ssKH3bvR6zX4o74+u+IwEAjWLzqgP6Fe44
CmJyQk0HUol2i+vAtP8pLc3+/N0w7QM=
=aZUC
-----END PGP SIGNATURE-----

I'm using fish and homebrew-installed gpg if that helps. Thank you.

How to reproduce

No response

Expected behavior

No response

Relevant log output

2024-08-24T06:42:08.568557Z ERROR check_signing_settings: crates/gitbutler-tauri/src/repo.rs:37: error=Error(failed to spawn "gpg" "--status-fd=2" "-bsau" "04278459" "-"

Caused by:
    No such file or directory (os error 2)) id=66ca6d82-42cd-4de4-9e12-6151f68415b0
Byron commented 2 months ago

Thanks for reporting!

I wonder if it has anything to do with GitButler not having a login shell to spawn programs in, maybe this affects this particular GPG setup.

In theory, you could put this to the test by launching GitButler from a terminal window, like so:

/Applications/GitButler.app/Contents/MacOS/GitButler
inflation commented 2 months ago

It's probably the case. Running from terminal, or manually specify the program path works. Homebrew seems to only add its path to zsh, and not sh or bash.

Byron commented 2 months ago

I see, so the program not found is actually that gpg can't be found in the PATH.

[..] or manually specify the program path works.

Do you mean setting gpg.program to the full path also worked for you? GitButler does respect it.

Assuming that this is what you did, I submitted a PR which will catch this particular situation and emit a clearer error message, one that should show up in the UI as well. It will suggest to set the gpg.program explicitly.

inflation commented 2 months ago

Yeah. I manually set the path to gpg.

I also noticed that if left blank in GitButler, it'll write a section like this in .git/config:

[gpg]
program=""

which leaves a similar error message when invoking git commit -S or git log --show-signature command.

And that's pretty frustrating if one doesn't know that GitButler will overwrite your global settings, since I scratched my head for several hours to figure that out.

Byron commented 2 months ago

Thank you very much for sharing, and I am sorry to hear that :/.

It's very odd that GitButler managed to set gpg.program empty as I couldn't find the code for that anywhere - scratch that, here is the spot in the repo-local signing preferences where it tends to rewrite the value with an empty string. This might also be the reason for it to internally ignore empty strings and default them as gpg even though Git uses them verbatim and fails ungracefully.

CC @PavelLaptev as I think there might be a UX issue around properties that are bound to git-configuration. These can be surprising especially in cases where invalid values might be written that Git itself can't deal with, even though GitButler learned to circle around them. Maybe there is a way to make this clear in the UI?

CC @ndom91 as I think this could be fixed by not writing empty strings for GPG/SSH programs, which generally don't seem to be handled gracefully in Git.