2

I am using Windows10 WSL2(running with Ubuntu v20) with VSCode.

I want to send GPG-signed Git Commit to GitHub in VSCode Dev Container.

I try with the setup like below:

  1. Install Gpg4win in Windows

  2. install packages in WSL2

sudo apt-get install gpg gnupg gpg-agent socat
  1. Edit ~/.gnupg/gpg-agent.conf in WSL2 as below:
default-cache-ttl 34560000
max-cache-ttl 34560000

pinentry-program /mnt/c/Program Files (x86)/Gpg4win/bin/pinentry.exe
  1. kill the agent
gpgconf --kill gpg-agent
  1. generate keys in WSL2
gpg --full-generate-key
  1. list the keys in WSL2
gpg --list-secret-keys --keyid-format=long

example output

-----------------------------------
sec   rsa4096/00EF4D3F22885E4B 2021-11-20 [SC]
      1234567890ABCDEF1234567890ABCDEF12345678
uid                 [ultimate] peter <peter@example.com>
ssb   rsa4096/ABC123D7FAA52318 2021-11-20 [E]
  1. set git config in WSL2, email is matched with the GPG key.
git config --global user.email "peter@example.com"

git config --global user.name "peter"

git config --global user.signingkey 00EF4D3F22885E4B

git config --global commit.gpgsign true
  1. export the keys and import in Github.
gpg --armor --export 00EF4D3F22885E4B
  1. When I commit the codes with CLI below in WSL2, there is a pop up for me enter the passphrase and I can commit the codes successfully.
git commit -S -m "test"

However, I cannot commit the codes in the Dev Container instance with the error below:

error: gpg failed to sign the data
fatal: failed to write commit object

How can I commit the codes in Dev Container instance? Thanks

ikhvjs
  • 5,316
  • 2
  • 13
  • 36
  • Side notes: those terms of `gpg`, `gnupg`, `gnupg2` is confusing. Basically, `gpg` would be same as `gnupg2` and install only `gpg` should be enough in both WSL2 and container instance. – ikhvjs Nov 14 '22 at 12:32

2 Answers2

1

Your changes may have worked out because you rebuilt the container. For some reason restarting processes doesn't apply some changes, but rebuilding the container does. VSCode docs say to install gnugp2, I have it installed and did these steps:

https://code.visualstudio.com/docs/devcontainers/containers#_sharing-gpg-keys

e.g. apt-get update && apt-get install gnupg2 -y

Then -

git config --global gpg.program "c:/Program Files (x86)/GnuPG/bin/gpg.exe"

Some other responses I have seen elsewhere set GPG program in Windows like so:

git config --global gpg.program gpg

Create Windows system env variable: gpg = "c:/Program Files (x86)/GnuPG/bin/gpg.exe"

Then -

Enable Commit Signing In VSCode Settings Either through GUI or in settings.json: "git.enableCommitSigning": true

Stephen Andary
  • 113
  • 1
  • 10
  • Thanks for the updates. I will try later and reply you about the result. The link you shared should be https://code.visualstudio.com/docs/devcontainers/containers#_sharing-gpg-keys to be more specific. I remove my acceptance answer at this moment. – ikhvjs Nov 12 '22 at 22:33
  • I tested without gpupg2, and it seems to work without the package if you enable the setting in VSCode `git.enableCommitSigning`, If you turn that on and rebuild the container without gpugp2 and it works for you too, then can know it is a useless step in this case. – Stephen Andary Nov 12 '22 at 23:32
  • Which image are you using for testing? I think you still need `gpg` pacakge in your container. I think when you rebuild container using VScode, it will copy `pubring.kbx` and `trustdb.gpg` to your container in `~/.gnupg` and forwarding the agent socket to the container such as volume mount `~/.gnupg/S.gpg-agent`. You can find the info from [this github issue](https://github.com/microsoft/vscode-remote-release/issues/72#issuecomment-630409756) – ikhvjs Nov 14 '22 at 12:27
  • 1
    Side notes: those terms of `gpg`, `gnupg`, `gnupg2` is confusing. Basically, `gpg` would be same as `gnupg2` and install only `gpg` should be enough in both WSL2 and container instance. – ikhvjs Nov 14 '22 at 12:33
  • I am using a debian-based container. Maybe that VSCode setting makes it unnecessary, but I may have to rebuild my container for it to fail. I don't think installing gnupg2 in the container hurts, but I don't have it right now and am signing commits. – Stephen Andary Nov 14 '22 at 14:49
  • 1
    That make sense then. GnuPG is preinstalled on Debian. So if you have `gpg` installed in your container, you don't need to install any thing more. – ikhvjs Nov 14 '22 at 16:11
0

It turns out I should not install gnupg2 in my Dev Container instance.

ikhvjs
  • 5,316
  • 2
  • 13
  • 36