search

sublimehq / sublime_merge

Issue tracker for Sublime Merge
https://www.sublimemerge.com
272 stars 14 forks source link

Signature validation fails #1908

Open Toby222 opened 1 month ago

Toby222 commented 1 month ago

Version info

Description

Signature validation fails. Signing a commit still works as expected.

Same behavior as in #1007, but gpg.exe is in PATH, installed via Gpg4win, and signing with Merge also works.

Steps to reproduce

  1. Open signed commit
  2. Signature field says "Loading..." for a few seconds
  3. Signature field says "Validation Failed"

Expected behavior

Signature should be valid

Debug Information

=== App Version Information ===
Build: 2091

=== Git Version Information ===
Using Git: C:\Program Files\Sublime Merge\Git\cmd\git.exe (bundled)
git version 2.39.1.windows.1
PATH: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\Git\cmd;C:\Program Files\dotnet\;C:\Program Files (x86)\Microsoft SQL Server\160\Tools\Binn\;C:\Program Files\Microsoft SQL Server\160\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files\Microsoft SQL Server\160\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\160\DTS\Binn\;C:\Program Files (x86)\GnuPG\bin;C:\Users\Berger.ASGARD\AppData\Local\Microsoft\WindowsApps;

=== Browse Page Information ===
HEAD: faaddb0f1050fbc7f729c446ae81649a39d6aa3c
Is in merge: 0
Is in cherry_pick: 0
Is in rebase: 0
Is in revert: 0

=== Git Status Information ===

=== Our Status Information ===

=== Git Config Information ===
branch.develop.merge=refs/heads/develop
branch.develop.remote=origin
color.interactive=true
color.ui=auto
commit.gpgsign=true
core.autocrlf=false
core.bare=false
core.editor="C:\Program Files\Sublime Text\subl.exe" -w
core.filemode=false
core.fscache=true
core.fsmonitor=true
core.ignorecase=true
core.logallrefupdates=true
core.quotepath=false
core.repositoryformatversion=0
core.symlinks=false
core.whitespace=cr-at-eol
credential.helper=manager
credential.https://dev.azure.com.usehttppath=true
diff.algorithm=minimal
diff.astextplain.textconv=astextplain
fetch.prune=true
filter.lfs.clean=git-lfs clean -- %f
filter.lfs.process=git-lfs filter-process
filter.lfs.required=true
filter.lfs.smudge=git-lfs smudge -- %f
help.format=html
http.sslbackend=schannel
include.path=C:/Program Files/Git/etc/gitconfig
init.defaultbranch=main
pack.packsizelimit=2g
pull.rebase=true
rebase.autosquash=true
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
remote.origin.url=[REDACTED]
safe.directory=*
user.email=berger@edv-ermtraud.net
user.name=Tobias Berger
user.signingkey=FC3AA7B2D035CB8DF099D01930821E71BB1EEACE

=== Our Config Information ===
Git Config Path Information
Using config path: /C/ProgramData/Git/config
Using config path: /C/Program Files/Sublime Merge/Git/etc/gitconfig
Using config path: /C/Users/Berger.ASGARD/.config/git/config
Using config path: /C/Users/Berger.ASGARD/.gitconfig
Using config path: /C/_dev/TopCash2/.git/config

Our config output is identical to the Git config output

=== Git Attributes Information ===
git check_attr --all output

=== Our Modified Files Newline Normalisation and EOL Information ===

=== Our Modified Files Flag Information ===
Ignoring symlinks: 1
dpjohnst commented 1 month ago

Hi @Toby222,

Thanks for reaching out!

When you hover over the Validation Failed text in Sublime Merge, what does the tooltip say?

Kind regards, - Dylan from Sublime HQ

Toby222 commented 1 month ago

Oof, completely forgot about this :') It says "Timed out"

Toby222 commented 1 month ago

It appears to have fixed itself for now If it keeps not-being-broken for a few reboots, I'll close the issue

puffymist commented 1 month ago

In which case, I'd like to add my bug report because my symptoms might be the same as yours.

Version info

Description

Probably the same behavior as @Toby222 — gpg.exe is in System PATH, installed via GnuPG for Windows. The below happens for all repos I have.

There are two kinds of behaviour:

  1. Using Sublime Merge only:

Signature validation fails after a few seconds. Tooltip says Unable to verify; timed out.

Signing a commit works, but the passphrase is not cached. I'm asked to input the passphrase every commit, even if just seconds apart.

(%HOMEPATH%\.gnupg\gpg-agent.conf contains these 2 lines only: default-cache-ttl 7200 and max-cache-ttl 86400)

  1. First unlock GPG keyring by signing a commit in Git Bash (Git for Windows), then use Sublime Merge:

Signature validation works.

Signing a commit works and the passphrase is cached correctly according to%HOMEPATH%\.gnupg\gpg-agent.conf.

These persist past max-cache-ttl seconds, persist past restarting gpg-agent with gpgconf --kill gpg-agent in Git Bash, and persist past exiting and reopening Sublime Merge.

These do not persist past Windows restart.

Steps to reproduce

  1. Using Sublime Merge only: restart computer. Do not unlock GPG keyring elseswhere (eg. do not make signed commits in Git Bash). Open Sublime Merge. View signed commits, or sign multiple new commits within default-cache-ttl seconds.
  2. First unlock GPG keyring by signing a commit in Git Bash (Git for Windows), then use Sublime Merge to view signed commits or sign new commits.

Expected behavior

Sublime Merge signature verification / passphrase caching should work without needing to have unlocked the keyring by using a different program.

Debug Information

=== App Version Information === Build: 2096 === Git Version Information === Using Git: C:\Program Files\Git\cmd\git.exe (system) git version 2.45.1.windows.1 PATH: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel Management Engine Components\DAL;C:\Program Files\Intel\Intel Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\me\AppData\Local\Microsoft\WindowsApps;C:\adb;C:\Program Files (x86)\PDFtk Server\bin\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\;C:\Program Files (x86)\gnupg\bin;C:\Program Files\GitHub CLI\;D:\windows_program_files\Calibre2\;D:\windows_program_files\Streamlink\bin;D:\windows_programs-portable;C:\Program Files\Git\cmd;C:\Users\me\AppData\Local\Microsoft\WindowsApps;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\me\AppData\Local\Programs\Hyper\resources\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\usr\bin;C:\Program Files\Sublime Text;C:\Program Files\VideoLAN\VLC;C:\Program Files (x86)\gnupg\bin;D:\windows_programs-portable;D:\windows_program_files-user\MiKTeX\miktex\bin\x64\;D:\windows_program_files\nodejs;D:\windows_program_files-user\miniconda3;D:\windows_program_files\MKVToolNix === Browse Page Information === HEAD: [REDACTED] Is in merge: 0 Is in cherry_pick: 0 Is in rebase: 0 Is in revert: 0 === Git Status Information === === Our Status Information === === Git Config Information === branch.main.merge=refs/heads/main branch.main.remote=origin commit.gpgsign=true core.attributesfile=C:/Users/me/.gitattributes core.autocrlf=input core.bare=false core.editor="C:\\Program Files\\Sublime Text\\subl.exe" -w core.excludesfile=C:/Users/me/.gitignore core.filemode=false core.fscache=true core.fsmonitor=true core.ignorecase=true core.logallrefupdates=true core.repositoryformatversion=0 core.symlinks=false credential.helper=manager credential.https://dev.azure.com.usehttppath=true credential.https://gist.github.com.helper=!'C:\Program Files (x86)\GitHub CLI\gh.exe' auth git-credential credential.https://github.com.helper=!'C:\Program Files (x86)\GitHub CLI\gh.exe' auth git-credential diff.astextplain.textconv=astextplain diff.jupyternotebook.command=git-nbdiffdriver diff diff.xl.command='C:\Program Files\Git XL\git-xl-diff.exe' difftool.nbdime.cmd=git-nbdifftool diff "$LOCAL" "$REMOTE" "$BASE" difftool.prompt=false filter.lfs.clean=git-lfs clean -- %f filter.lfs.process=git-lfs filter-process filter.lfs.required=true filter.lfs.smudge=git-lfs smudge -- %f gpg.program=C:\Program Files\Git\usr\bin\gpg.exe http.sslbackend=openssl http.sslcainfo=C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt init.defaultbranch=main merge.jupyternotebook.driver=git-nbmergedriver merge %O %A %B %L %P merge.jupyternotebook.name=jupyter notebook merge driver mergetool.nbdime.cmd=git-nbmergetool merge "$BASE" "$LOCAL" "$REMOTE" "$MERGED" mergetool.prompt=false pull.rebase=false remote.origin.fetch=+refs/heads/*:refs/remotes/origin/* remote.origin.url=[REDACTED] safe.directory=[REDACTED] user.email=[REDACTED] user.name=puffymist user.signingkey=[REDACTED] === Our Config Information === Git Config Path Information Using config path: /C/ProgramData/Git/config Using config path: /C/Program Files/Git/etc/gitconfig Using config path: /C/Users/me/.config/git/config Using config path: /C/Users/me/.gitconfig Using config path: /path/to/repo/.git/config Our config output is different to the Git config output branch.main.merge=refs/heads/main branch.main.remote=origin color.branch=auto color.diff=auto color.interactive=true color.status=auto commit.gpgsign=true core.attributesfile=C:/Users/me/.gitattributes core.autocrlf=input core.bare=false core.editor="C:\\Program Files\\Sublime Text\\subl.exe" -w core.excludesfile=C:/Users/me/.gitignore core.filemode=false core.fscache=true core.fsmonitor=true core.ignorecase=true core.logallrefupdates=true core.repositoryformatversion=0 core.symlinks=false credential.helper=manager credential.https://dev.azure.com.usehttppath=true credential.https://gist.github.com.helper=!'C:\Program Files (x86)\GitHub CLI\gh.exe' auth git-credential credential.https://github.com.helper=!'C:\Program Files (x86)\GitHub CLI\gh.exe' auth git-credential diff.astextplain.textconv=astextplain diff.jupyternotebook.command=git-nbdiffdriver diff diff.xl.command='C:\Program Files\Git XL\git-xl-diff.exe' difftool.nbdime.cmd=git-nbdifftool diff "$LOCAL" "$REMOTE" "$BASE" difftool.prompt=false filter.lfs.clean=git-lfs clean -- %f filter.lfs.process=git-lfs filter-process filter.lfs.required=true filter.lfs.smudge=git-lfs smudge -- %f gpg.program=C:\Program Files\Git\usr\bin\gpg.exe help.format=html http.sslbackend=openssl http.sslcainfo=C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt init.defaultbranch=main merge.jupyternotebook.driver=git-nbmergedriver merge %O %A %B %L %P merge.jupyternotebook.name=jupyter notebook merge driver mergetool.nbdime.cmd=git-nbmergetool merge "$BASE" "$LOCAL" "$REMOTE" "$MERGED" mergetool.prompt=false pull.rebase=false rebase.autosquash=true remote.origin.fetch=+refs/heads/*:refs/remotes/origin/* remote.origin.url=[REDACTED] safe.directory=[REDACTED] user.email=[REDACTED] user.name=puffymist user.signingkey=[REDACTED] === Git Attributes Information === git check_attr --all output === Our Modified Files Newline Normalisation and EOL Information === === Our Modified Files Flag Information === Ignoring symlinks: 1

Toby222 commented 1 month ago

It has indeed un-fixed itself for me after another few days without changing anything. Running gpgconf --kill gpg-agent and then trying again let me sign one commit, but I still get timeouts

dpjohnst commented 1 month ago

Hi @Toby222,

Thanks for reaching out again!

To help debug this further, could you go through the following steps when you have a chance:

  1. Navigate to a commit where the signature fails to verify
  2. Copy the commit ID / hash
  3. Open up a command prompt / terminal instance, and navigate to the repository
  4. Run the following command git verify-commit --raw COMMIT_ID (replacing COMMIT_ID with the commit ID copied earlier)
  5. Share roughly how long it takes for the command to complete

Thanks, - Dylan

puffymist commented 1 month ago 
time git verify-commit --raw COMMIT_ID

  1. Before unlocking keyring

    real    0m6.394s
user    0m0.000s
sys     0m0.015s

  2. After unlocking keyring by signing a commit in Git Bash

    real    0m0.193s
user    0m0.000s
sys     0m0.015s
Output of `git verify-commit --raw COMMIT_ID`

[GNUPG:] NEWSIG [GNUPG:] KEY_CONSIDERED 1620BB10EB3BE996248CF30085CA069C15580E54 0 [GNUPG:] SIG_ID 1j/xwBQ6BUcfgDwv6cOVpvOM+gE 2024-05-22 1716370713 [GNUPG:] KEY_CONSIDERED 1620BB10EB3BE996248CF30085CA069C15580E54 0 [GNUPG:] GOODSIG 85CA069C15580E54 puffymist <EMAIL REDACTED> [GNUPG:] VALIDSIG 1620BB10EB3BE996248CF30085CA069C15580E54 2024-05-22 1716370713 0 4 0 22 10 00 1620BB10EB3BE996248CF30085CA069C15580E54 [GNUPG:] TRUST_ULTIMATE 0 pgp

(Output is identical in the two cases)

Toby222 commented 1 month ago

Similar to comment above. A few seconds the first time, then more or less instantaneously afterwards. (notably I just ran the same command twice, not signing anything inbetween) Signature validation also works immediately in Merge after the first run.

I'm almost sure something is wrong with GPG4Win at this rate, but I couldn't even begin to comprehend what it is :^)

puffymist commented 1 month ago

(notably I just ran the same command twice, not signing anything inbetween)

Then our 2 bugs are different.

(For me, I could repeatedly run time git verify-commit --raw COMMIT_ID many times before unlocking the keyring, and each time will take \~6.4 s.)

Apologies for having jumped into this issue.

puffymist commented 1 month ago

(My bug is likely different from @Toby222's)

I've found another way to make signature verification not timeout: gpg --verify SIGNED_MESSAGE:

1. From a cold start of Windows, `git verify-commit` takes about 6 s:

$ time git verify-commit --raw COMMIT_ID ... real 0m7.130s user 0m0.000s sys 0m0.015s $ time git verify-commit --raw COMMIT_ID ... real 0m6.500s user 0m0.000s sys 0m0.015s $ time git verify-commit --raw COMMIT_ID ... real 0m6.485s user 0m0.000s sys 0m0.015s

2. `gpg --verify SIGNED_MESSAGE` (which doesn't require unlocking keyring) takes about 6 s the first time, and then 0.06 s afterwards:

$ time gpg --verify test_clearsign.txt gpg: Signature made Wed May 29 10:46:01 2024 GMTST gpg: using EDDSA key 1620BB10EB3BE996248CF30085CA069C15580E54 gpg: Good signature from "puffymist <EMAIL REDACTED>" [ultimate] real 0m6.382s user 0m0.015s sys 0m0.015s $ time gpg --verify test_clearsign.txt gpg: Signature made Wed May 29 10:46:01 2024 GMTST gpg: using EDDSA key 1620BB10EB3BE996248CF30085CA069C15580E54 gpg: Good signature from "puffymist <EMAIL REDACTED>" [ultimate] real 0m0.063s user 0m0.000s sys 0m0.015s

3. Now `git verify-commit` takes only 0.2 s:

$ time git verify-commit --raw COMMIT_ID ... real 0m0.188s user 0m0.000s sys 0m0.015s

And Sublime Merge also successfully validates commit signatures within the time limit.

But when signing commits, the passphrase is still not cached. I'm still asked to input the passphrase every commit, even if just seconds apart.

Toby222 commented 1 month ago

(notably I just ran the same command twice, not signing anything inbetween)

Then our 2 bugs are different.

(For me, I could repeatedly run time git verify-commit --raw COMMIT_ID many times before unlocking the keyring, and each time will take \~6.4 s.)

Apologies for having jumped into this issue.

I also see you using the time command, so I'd think you're on Linux, in which case there might just be slightly different behaviors between platforms. The underlying issue for both of us seems to be that gpg isn't ready immediately after login

puffymist commented 1 month ago

I also see you using the time command, so I'd think you're on Linux

I'm on Windows 10. Git Bash in Git for Windows provides some Unix utilities, including time, but not perf.

The underlying issue for both of us seems to be that gpg isn't ready immediately after login

Yes, and in my case, different gpg commands are not equal.

gpg --verify makes signature verification with git verify-commit / in Sublime Merge fast, but doesn't help with passphrase caching when signing commits in Sublime Merge.

gpg --sign (and input passphrase) makes both signature verification and passphrase caching when signing commits in Sublime Merge work as expected.

Toby222 commented 1 month ago

Oh, I've also not been using git bash, but cmd/powershell

dpjohnst commented 1 month ago

Hi all,

Thanks for the information.

This error is likely caused by an overly aggressive timeout on the signature verification. Sublime Merge will abort the verification operation if it takes more than five seconds.

I've fixed this and it will be resolved in the next build. Thank you for your help and patience with this!

Kind regards, - Dylan from Sublime HQ

puffymist commented 1 month ago

Thanks for fixing the signature verification timeout!

For the passphrase not caching problem, should I open a new issue?
But note that I'm Using Git: C:\Program Files\Git\cmd\git.exe (system), which is from Git for Windows, and thus that problem might not be within Sublime Merge.

(For now I use a workaround: use the following alias to initialise gpg)

alias gpgunlock='echo "" | gpg --clearsign > /dev/null'
Toby222 commented 1 week ago

I fixed it by uninstalling GPG4Win and using the gpg that apparently comes with git that I forgot about :⁾ I suppose GPG4Win is just kinda broken?

puffymist commented 1 week ago

Good for you! Sadly, uninstalling GPG4Win didn't fix it for me on Windows 10.