Open Toby222 opened 1 month ago
Hi @Toby222,
Thanks for reaching out!
When you hover over the Validation Failed
text in Sublime Merge, what does the tooltip say?
Kind regards, - Dylan from Sublime HQ
Oof, completely forgot about this :')
It says "Timed out"
It appears to have fixed itself for now If it keeps not-being-broken for a few reboots, I'll close the issue
In which case, I'd like to add my bug report because my symptoms might be the same as yours.
Version info
Description
Probably the same behavior as @Toby222 — gpg.exe
is in System PATH, installed via GnuPG for Windows. The below happens for all repos I have.
There are two kinds of behaviour:
Signature validation fails after a few seconds. Tooltip says Unable to verify; timed out.
Signing a commit works, but the passphrase is not cached. I'm asked to input the passphrase every commit, even if just seconds apart.
(%HOMEPATH%\.gnupg\gpg-agent.conf
contains these 2 lines only: default-cache-ttl 7200
and max-cache-ttl 86400
)
Signature validation works.
Signing a commit works and the passphrase is cached correctly according to%HOMEPATH%\.gnupg\gpg-agent.conf
.
These persist past max-cache-ttl
seconds, persist past restarting gpg-agent with gpgconf --kill gpg-agent
in Git Bash, and persist past exiting and reopening Sublime Merge.
These do not persist past Windows restart.
Steps to reproduce
default-cache-ttl
seconds.Expected behavior
Sublime Merge signature verification / passphrase caching should work without needing to have unlocked the keyring by using a different program.
=== App Version Information ===
Build: 2096
=== Git Version Information ===
Using Git: C:\Program Files\Git\cmd\git.exe (system)
git version 2.45.1.windows.1
PATH: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel Management Engine Components\DAL;C:\Program Files\Intel\Intel Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\me\AppData\Local\Microsoft\WindowsApps;C:\adb;C:\Program Files (x86)\PDFtk Server\bin\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\;C:\Program Files (x86)\gnupg\bin;C:\Program Files\GitHub CLI\;D:\windows_program_files\Calibre2\;D:\windows_program_files\Streamlink\bin;D:\windows_programs-portable;C:\Program Files\Git\cmd;C:\Users\me\AppData\Local\Microsoft\WindowsApps;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Users\me\AppData\Local\Programs\Hyper\resources\bin;C:\Program Files\Git\cmd;C:\Program Files\Git\usr\bin;C:\Program Files\Sublime Text;C:\Program Files\VideoLAN\VLC;C:\Program Files (x86)\gnupg\bin;D:\windows_programs-portable;D:\windows_program_files-user\MiKTeX\miktex\bin\x64\;D:\windows_program_files\nodejs;D:\windows_program_files-user\miniconda3;D:\windows_program_files\MKVToolNix
=== Browse Page Information ===
HEAD: [REDACTED]
Is in merge: 0
Is in cherry_pick: 0
Is in rebase: 0
Is in revert: 0
=== Git Status Information ===
=== Our Status Information ===
=== Git Config Information ===
branch.main.merge=refs/heads/main
branch.main.remote=origin
commit.gpgsign=true
core.attributesfile=C:/Users/me/.gitattributes
core.autocrlf=input
core.bare=false
core.editor="C:\\Program Files\\Sublime Text\\subl.exe" -w
core.excludesfile=C:/Users/me/.gitignore
core.filemode=false
core.fscache=true
core.fsmonitor=true
core.ignorecase=true
core.logallrefupdates=true
core.repositoryformatversion=0
core.symlinks=false
credential.helper=manager
credential.https://dev.azure.com.usehttppath=true
credential.https://gist.github.com.helper=!'C:\Program Files (x86)\GitHub CLI\gh.exe' auth git-credential
credential.https://github.com.helper=!'C:\Program Files (x86)\GitHub CLI\gh.exe' auth git-credential
diff.astextplain.textconv=astextplain
diff.jupyternotebook.command=git-nbdiffdriver diff
diff.xl.command='C:\Program Files\Git XL\git-xl-diff.exe'
difftool.nbdime.cmd=git-nbdifftool diff "$LOCAL" "$REMOTE" "$BASE"
difftool.prompt=false
filter.lfs.clean=git-lfs clean -- %f
filter.lfs.process=git-lfs filter-process
filter.lfs.required=true
filter.lfs.smudge=git-lfs smudge -- %f
gpg.program=C:\Program Files\Git\usr\bin\gpg.exe
http.sslbackend=openssl
http.sslcainfo=C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt
init.defaultbranch=main
merge.jupyternotebook.driver=git-nbmergedriver merge %O %A %B %L %P
merge.jupyternotebook.name=jupyter notebook merge driver
mergetool.nbdime.cmd=git-nbmergetool merge "$BASE" "$LOCAL" "$REMOTE" "$MERGED"
mergetool.prompt=false
pull.rebase=false
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
remote.origin.url=[REDACTED]
safe.directory=[REDACTED]
user.email=[REDACTED]
user.name=puffymist
user.signingkey=[REDACTED]
=== Our Config Information ===
Git Config Path Information
Using config path: /C/ProgramData/Git/config
Using config path: /C/Program Files/Git/etc/gitconfig
Using config path: /C/Users/me/.config/git/config
Using config path: /C/Users/me/.gitconfig
Using config path: /path/to/repo/.git/config
Our config output is different to the Git config output
branch.main.merge=refs/heads/main
branch.main.remote=origin
color.branch=auto
color.diff=auto
color.interactive=true
color.status=auto
commit.gpgsign=true
core.attributesfile=C:/Users/me/.gitattributes
core.autocrlf=input
core.bare=false
core.editor="C:\\Program Files\\Sublime Text\\subl.exe" -w
core.excludesfile=C:/Users/me/.gitignore
core.filemode=false
core.fscache=true
core.fsmonitor=true
core.ignorecase=true
core.logallrefupdates=true
core.repositoryformatversion=0
core.symlinks=false
credential.helper=manager
credential.https://dev.azure.com.usehttppath=true
credential.https://gist.github.com.helper=!'C:\Program Files (x86)\GitHub CLI\gh.exe' auth git-credential
credential.https://github.com.helper=!'C:\Program Files (x86)\GitHub CLI\gh.exe' auth git-credential
diff.astextplain.textconv=astextplain
diff.jupyternotebook.command=git-nbdiffdriver diff
diff.xl.command='C:\Program Files\Git XL\git-xl-diff.exe'
difftool.nbdime.cmd=git-nbdifftool diff "$LOCAL" "$REMOTE" "$BASE"
difftool.prompt=false
filter.lfs.clean=git-lfs clean -- %f
filter.lfs.process=git-lfs filter-process
filter.lfs.required=true
filter.lfs.smudge=git-lfs smudge -- %f
gpg.program=C:\Program Files\Git\usr\bin\gpg.exe
help.format=html
http.sslbackend=openssl
http.sslcainfo=C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt
init.defaultbranch=main
merge.jupyternotebook.driver=git-nbmergedriver merge %O %A %B %L %P
merge.jupyternotebook.name=jupyter notebook merge driver
mergetool.nbdime.cmd=git-nbmergetool merge "$BASE" "$LOCAL" "$REMOTE" "$MERGED"
mergetool.prompt=false
pull.rebase=false
rebase.autosquash=true
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
remote.origin.url=[REDACTED]
safe.directory=[REDACTED]
user.email=[REDACTED]
user.name=puffymist
user.signingkey=[REDACTED]
=== Git Attributes Information ===
git check_attr --all output
=== Our Modified Files Newline Normalisation and EOL Information ===
=== Our Modified Files Flag Information ===
Ignoring symlinks: 1
It has indeed un-fixed itself for me after another few days without changing anything. Running gpgconf --kill gpg-agent
and then trying again let me sign one commit, but I still get timeouts
Hi @Toby222,
Thanks for reaching out again!
To help debug this further, could you go through the following steps when you have a chance:
git verify-commit --raw COMMIT_ID
(replacing COMMIT_ID
with the commit ID copied earlier)Thanks, - Dylan
time git verify-commit --raw COMMIT_ID
Before unlocking keyring
real 0m6.394s
user 0m0.000s
sys 0m0.015s
After unlocking keyring by signing a commit in Git Bash
real 0m0.193s
user 0m0.000s
sys 0m0.015s
[GNUPG:] NEWSIG
[GNUPG:] KEY_CONSIDERED 1620BB10EB3BE996248CF30085CA069C15580E54 0
[GNUPG:] SIG_ID 1j/xwBQ6BUcfgDwv6cOVpvOM+gE 2024-05-22 1716370713
[GNUPG:] KEY_CONSIDERED 1620BB10EB3BE996248CF30085CA069C15580E54 0
[GNUPG:] GOODSIG 85CA069C15580E54 puffymist <EMAIL REDACTED>
[GNUPG:] VALIDSIG 1620BB10EB3BE996248CF30085CA069C15580E54 2024-05-22 1716370713
0 4 0 22 10 00 1620BB10EB3BE996248CF30085CA069C15580E54
[GNUPG:] TRUST_ULTIMATE 0 pgp
(Output is identical in the two cases)
Similar to comment above. A few seconds the first time, then more or less instantaneously afterwards. (notably I just ran the same command twice, not signing anything inbetween) Signature validation also works immediately in Merge after the first run.
I'm almost sure something is wrong with GPG4Win at this rate, but I couldn't even begin to comprehend what it is :^)
(notably I just ran the same command twice, not signing anything inbetween)
Then our 2 bugs are different.
(For me, I could repeatedly run time git verify-commit --raw COMMIT_ID
many times before unlocking the keyring, and each time will take \~6.4 s.)
Apologies for having jumped into this issue.
(My bug is likely different from @Toby222's)
I've found another way to make signature verification not timeout: gpg --verify SIGNED_MESSAGE
:
$ time git verify-commit --raw COMMIT_ID
...
real 0m7.130s
user 0m0.000s
sys 0m0.015s
$ time git verify-commit --raw COMMIT_ID
...
real 0m6.500s
user 0m0.000s
sys 0m0.015s
$ time git verify-commit --raw COMMIT_ID
...
real 0m6.485s
user 0m0.000s
sys 0m0.015s
$ time gpg --verify test_clearsign.txt
gpg: Signature made Wed May 29 10:46:01 2024 GMTST
gpg: using EDDSA key 1620BB10EB3BE996248CF30085CA069C15580E54
gpg: Good signature from "puffymist <EMAIL REDACTED>" [ultimate]
real 0m6.382s
user 0m0.015s
sys 0m0.015s
$ time gpg --verify test_clearsign.txt
gpg: Signature made Wed May 29 10:46:01 2024 GMTST
gpg: using EDDSA key 1620BB10EB3BE996248CF30085CA069C15580E54
gpg: Good signature from "puffymist <EMAIL REDACTED>" [ultimate]
real 0m0.063s
user 0m0.000s
sys 0m0.015s
$ time git verify-commit --raw COMMIT_ID
...
real 0m0.188s
user 0m0.000s
sys 0m0.015s
And Sublime Merge also successfully validates commit signatures within the time limit.
But when signing commits, the passphrase is still not cached. I'm still asked to input the passphrase every commit, even if just seconds apart.
(notably I just ran the same command twice, not signing anything inbetween)
Then our 2 bugs are different.
(For me, I could repeatedly run
time git verify-commit --raw COMMIT_ID
many times before unlocking the keyring, and each time will take \~6.4 s.)Apologies for having jumped into this issue.
I also see you using the time
command, so I'd think you're on Linux, in which case there might just be slightly different behaviors between platforms.
The underlying issue for both of us seems to be that gpg isn't ready immediately after login
I also see you using the
time
command, so I'd think you're on Linux
I'm on Windows 10. Git Bash in Git for Windows provides some Unix utilities, including time
, but not perf
.
The underlying issue for both of us seems to be that gpg isn't ready immediately after login
Yes, and in my case, different gpg
commands are not equal.
gpg --verify
makes signature verification with git verify-commit
/ in Sublime Merge fast, but doesn't help with passphrase caching when signing commits in Sublime Merge.
gpg --sign
(and input passphrase) makes both signature verification and passphrase caching when signing commits in Sublime Merge work as expected.
Oh, I've also not been using git bash, but cmd/powershell
Hi all,
Thanks for the information.
This error is likely caused by an overly aggressive timeout on the signature verification. Sublime Merge will abort the verification operation if it takes more than five seconds.
I've fixed this and it will be resolved in the next build. Thank you for your help and patience with this!
Kind regards, - Dylan from Sublime HQ
Thanks for fixing the signature verification timeout!
For the passphrase not caching problem, should I open a new issue?
But note that I'm Using Git: C:\Program Files\Git\cmd\git.exe (system)
, which is from Git for Windows, and thus that problem might not be within Sublime Merge.
(For now I use a workaround: use the following alias to initialise gpg
)
alias gpgunlock='echo "" | gpg --clearsign > /dev/null'
I fixed it by uninstalling GPG4Win and using the gpg that apparently comes with git that I forgot about :⁾ I suppose GPG4Win is just kinda broken?
Good for you! Sadly, uninstalling GPG4Win didn't fix it for me on Windows 10.
Version info
Description
Signature validation fails. Signing a commit still works as expected.
Same behavior as in #1007, but
gpg.exe
is in PATH, installed via Gpg4win, and signing with Merge also works.Steps to reproduce
Expected behavior
Signature should be valid
Debug Information