Getting Cola to gpg-sign commits by default.

454 views
Skip to first unread message

Andrew

unread,
Sep 29, 2015, 1:56:26 PM9/29/15
to git-cola

I have configured git to always sign commits with my gpg key. In ~/.gitconfig I added my user.signingkey and set commit.gpgsign to true. From the command line, everything works fine.


I'd like Cola to do the same. Right now, I can't get it to sign commits at all. In fact, it won't even commit. Here's what I'm doing:


After making some edits, I stage the changes, write up my nice commit message, and click the Commit button. This returns an error:


Commit failed:

gpg: cannot open tty `/dev/tty': No such device or address

error: gpg failed to sign the data

fatal: failed to write commit object


exit code 128


I try to click the menu to Create Signed Commit. for the regular Commit, and nothing happens.


I'm running Git Cola v2.3 on Fedora 22 (64-bit). I've read the Cola docs about setting up gpg and I'm still having trouble. Here's the git cola options in ~/.gitconfig


[cola]
textwidth = 72
fontdiff = Source Code Pro,12,-1,5,50,0,0,0,0,0
tabwidth = 4
signcommits = true


In ~/.gnupg/gpg.conf I set use-agent.


And in ~/.gnupg/gpg-agent.conf I added the following lines, as suggested in the Cola documentation.


pinentry-program /usr/bin/pinentry-gtk
default-cache-ttl 3600
enable-ssh-support
use-standard-socket


Any ideas? Thanks for taking a look at this with me.

David Aguilar

unread,
Sep 29, 2015, 2:00:43 PM9/29/15
to Andrew, git-cola
This is one of those things that requires you to drop to the shell.

Did you run the eval step at the end?


eval $(gpg-agent --daemon)


You have to run that in your shell before launching cola.
Unfortunately, you must launch it from that same shell.

The way gpg stuff works is that it looks for environment variables
that tell it how to find your agent. When you run `gpg-agent
--daemon`, it prints commands to stdout that set and export those
variables. Alternatively, you can run it directly and paste its
output into your shell.

I'm sure there are better ways (e.g. you can probably get the agent to
start when you login) but hopefully that helps enough show how the
setup can work.

cheers,
--
David

Andrew

unread,
Sep 29, 2015, 3:41:27 PM9/29/15
to git-cola, summerf...@gmail.com
Oh, yes, I forgot to mention that I'd also run  eval $(gpg-agent --daemon)  before opening Cola.

Actually, I prefer fish over bash, so I'd run   gpg-agent --daemon fish   instead, but doing it with fish or bash, both versions of the gpg-agent command have the same result: Commit exits with status code 128, and Create Signed Commmit does nothing.

What's weird to me about this setup is that when automatically signing commits with git from the commandline, I'm never prompted for my gpg key's passphrase yet git seems to sign my commits correctly anyway.

Andrew

unread,
Oct 13, 2015, 8:23:08 PM10/13/15
to git-cola, summerf...@gmail.com
I'm bumping this thread. Anyone have any other ideas? Or questions that might help determine what's wrong?

I really like Git Cola, but at this point, for me, it's unusable.

David Aguilar

unread,
Oct 26, 2015, 3:32:38 AM10/26/15
to Andrew, git-cola
On Tue, Oct 13, 2015 at 5:23 PM, Andrew <summerf...@gmail.com> wrote:
> I'm bumping this thread. Anyone have any other ideas? Or questions that
> might help determine what's wrong?
>
> I really like Git Cola, but at this point, for me, it's unusable.


I just pushed an update to the gpg instructions (it's at the bottom of
docs/git-cola.rst)

I use debian/sid and I found that I needed to apt-get install gnupg2
and set the gpg.program to gpg2. e.g.

$ git config --global gpg.program gpg2

Once I did that, and re-logged in (so that debian's xsession.d scripts
can take care of starting gpg-agent) then it started working.

Also, on debian, I did not need to start the daemon manually. I
updated the instructions to mention that one should check for an
existing agent before attempting to launch a new one.

Can you please try installing gnupg2, set your gpg.program to gpg2,
and see if it's better behaved?

https://github.com/git-cola/git-cola/blob/master/share/doc/git-cola/git-cola.rst#setting-up-gpg-for-signed-commits
--
David

Andrew

unread,
Oct 27, 2015, 1:57:52 AM10/27/15
to git-cola, summerf...@gmail.com
Thanks, David! Still doesn't work, but it shows somewhat different error messages, which I guess may be a sign of progress? haha

The configurations I mentioned earlier for git, Cola, and gpg have stayed the same while we've been discussing this.

Today, I followed your latest suggestions:
  • I already happened to have gpg2 installed.
  • I ran   git config --global gpg.program gpg2
  • I tried committing to a test repo on my local system.
"Create Signed Commit" still doesn't seem to do anything.

But the regular Commit button returns a different error this time:

Commit failed:

gpg: skipped "m...@example.mail": No secret key

gpg: signing failed: No secret key

error: gpg failed to sign the data

fatal: failed to write commit object


exit code 128


...Which is weird, because there definitely is a secret key, and I still don't have any trouble signing commits from the commandline.

Thanks,
~Andrew

Andrew

unread,
Oct 27, 2015, 2:03:39 AM10/27/15
to git-cola, summerf...@gmail.com
Sorry, let me clarify: I didn't have any trouble signing commits from the commandline before setting git's gpg.program to gpg2 and then logging out and logging back in. After setting the git gpg2 configuration, though, I can't commit from the commandline or from Cola. It's the same error message either way.

~Andrew

Andrew

unread,
Nov 17, 2015, 6:35:26 PM11/17/15
to git-cola, summerf...@gmail.com
After upgrading to Fedora 23, I had some issues trying to get Seahorse to cache my gpg passphrase. Once I got that working again, Git Cola now signs git commits without issue. I think the problem may have had something to do with git to use gpg2, and reimporting me keys for gpg2. Either way, Git Cola works now.

~Andrew
Reply all
Reply to author
Forward
0 new messages