search

kemayo / sublime-text-git

Plugin for some git integration into sublime text
MIT License
2.83k stars 391 forks source link

Support GPG signing of Commits #475

Open Bialogs opened 8 years ago

Bialogs commented 8 years ago

I am GPG signing my commits automatically and when I close the Sublime tab after writing my commit message the follow error pops up in the console

gpg: cannot open tty/dev/tty': Device not configured error: gpg failed to sign the data fatal: failed to write commit object`

It would be nice if the plugin could support GPG signing of commits commits.

trinitronx commented 8 years ago

I'm running into this problem also. The issue seems to be the particular shell & runtime environment of the git and subsequently the spawned gpg or gpg2 (the exact program git runs is set via the config option: gpg.program. Check yours with git config --global --get gpg.program). It does appear that Sublime Text spawns git in a way which respects the commit.gpgsign option (git config --global --get commit.gpgsign should return true).

Workaround

In a normal terminal, GPG_TTY is supposed to be set to the output of tty (e.g.: export GPG_TTY=$(tty)).

For setting this in my ~/.bashrc file, I've got:

  ## Set up GPG Agent for SSH keys & git commit signing
  export GPG_TTY=$(tty)
  if [ -f "${HOME}/.gnupg/gpg-agent-info" ]; then
    . "${HOME}/.gnupg/gpg-agent-info"
    export GPG_AGENT_INFO
    export SSH_AUTH_SOCK
    export SSH_AGENT_PID
  fi

After installing the Sublime Fix Mac Path plugin, and adding the path for gpg2 provided by GPGTools, it does spawn the gpg2 process correctly. To do this, I added the following under Preferences => Settings - User:

    "additional_path_items":
    [
        "/usr/local/MacGPG2/bin",
        "~/bin"
    ]

However, when committing through the plugin, the GPG_TTY is set to what appears to be the default: /dev/tty. Really, we want to run gpg2 with --no-tty instead, and have pinentry-mac run to ask for GPG key passwords when needed. This can be accomplished globally by doing the following:

Set pinentry-program in ~/.gnupg/gpg-agent.conf:

use-standard-socket
enable-ssh-support
pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
default-cache-ttl 600
max-cache-ttl 7200
log-file /var/log/gpg-agent.log
write-env-file /Users/<YOUR_USER_HERE>/.gnupg/gpg-agent-info

Set no-tty in ~/.gnupg/gpg.conf:

# Passphrase agent
#
# We support the old experimental passphrase agent protocol as well as
# the new Assuan based one (currently available in the "newpg" package
# at ftp.gnupg.org/gcrypt/alpha/aegypten/).  To make use of the agent,
# you have to run an agent as daemon and use the option
#
# For Ubuntu we now use-agent by default to support more automatic
# use of GPG and S/MIME encryption by GUI programs.  Depending on the
# program, users may still have to manually decide to install gnupg-agent.

use-agent

# This disables ALL tty input / output globally!
no-tty

This works, but _you won't see any confirmation or output AT ALL whether your commits were signed (or if they failed to sign due to some error!)._

Real Solution ??

The real solution is to set the GPG_TTY correctly for Sublime Text, or have the Sublime Text Git plugin either pass --no-tty to gpg2 or take over the I/O through popen or pty somehow.

utkonos commented 7 years ago

This is still a problem. Is there a way to pass --no-tty to gpg2 yet?

mojoaxel commented 6 years ago

Another workaround would be to disable PGP signing altogether but this is not recommended:

git config commit.gpgsign false