SuperBo
bug: fugit2 does not respect commit signing configuration when --gpg-sign
Did you check docs and existing issues?
- [X] I have read all the plugin docs
- [X] I have searched the existing issues
- [X] I have searched the existing issues of plugins related to this issue
Neovim version (nvim -v)
NVIM v0.9.5 Build type: Release LuaJIT 2.1.1703358377
Operating system/version
MacOS 14.4
Describe the bug
Fugit2 does not respect the git configuration for signing commits.
Steps To Reproduce
- Set your git config to sign commits with GPG key
- Make commit using Fugit2
- The commit is not signed
Expected Behavior
The commit should be signed as defined in the git configuration
@seanaye, Omg, I haven't test libgit2 with GPG key. I will try to look at libgit2 docs for this.
This should be classified as feature 👍
I don't think I have the permission to change the label, I don't see the button for it.
Thanks for looking!
Hi @seanaye, this feature is partially support after this https://github.com/SuperBo/fugit2.nvim/pull/31.
To use it you should do following setup:
- install gpgme lib.
brew install gpgmeor similar - configure pinentry to some GUI pinentry, that way pinentry will not clear neovim terminal UI.
NOTE: only support for create commit now. I will find a way to make it work for commit amend, extend later.
Please help me test it, thank you!
I'm not sure how to configure pinentry in the way that you described. I have installed the branch in the PR and also gpgme, but when I go to commit I get Failed to get gpg key ssh-rsa ....my key..., code: 16383
I get the same error; pressing Enter a second time will successfully commit without verification.
I am using https://github.com/chrisgrieser/nvim-tinygit alongside fugit2.nvim, it has a commit/amend/edit command that signs commits without external dependencies. Is it viable to port their implementation to this plugin?
Hi @seanaye , sorry for late reply
For pin-entry thing
brew install gpgme pinentry-mac
echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
Your error happens because gpgme can't get the default gpg key. Do you have multiple keys in your gpg config?
@disusered, did you set password for your gnupg key?
To answer your question, nvim-tinygit use git command to do git functionalities. However, my plugin try to use libgit2 do to git tasks.
I've just finished Diffview implementation, I will try implement these features now. Hope you guys can help me testing these features.
hi @disusered, now you can extend, amend commit with gpg-signing after this PR https://github.com/SuperBo/fugit2.nvim/pull/54.
Can you help me test it?
@disusered, did you set password for your gnupg key?
To answer your question, nvim-tinygit use git command to do git functionalities. However, my plugin try to use libgit2 do to git tasks.
I've just finished Diffview implementation, I will try implement these features now. Hope you guys can help me testing these features.
I will try setting it, thank you!
hi @disusered, now you can extend, amend commit with gpg-signing after this PR https://github.com/SuperBo/fugit2.nvim/pull/54.
Sure, I will give it a go this evening, thank you!
I figured out my mistake, last month I upgraded my desktop and changed my commit signing to SSH. I looked through libgit2's repo to find out if there was support and only found https://github.com/libgit2/libgit2/issues/6397
If I have time this week I will try setting up GPG! Thanks again.
@disusered, the way libgit2 support commit signing is via this method https://libgit2.org/libgit2/#HEAD/group/commit/git_commit_create_with_signature. So I have to use GPGme to sign commit before creating it :D.
Edit: it is possible to use ssh to sign commit. ~~Can you help me create a dedicated issue for ssh signing~~.
@disusered, I implemented ssh signing in latest commit, you can test it now
@disusered, I implemented ssh signing in latest commit, you can test it now
I tried it out and got the following output:
2024-05-17T11:26:03 ERROR [Fugit2] Failed to sign commit with ssh, Couldn't load public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN0ymLThQeG/B8GhYqrOUdjr2yydERDzP94yU9LT9o+N: No such file or directory, error code: 255
2024-05-17T11:26:17 INFO [Fugit2] New commit 7829abb8
❯ git log --show-signature
commit 7829abb8b2d22b692c24125866e3ebc26e183aa0 (HEAD -> main)
Author: Carlos Rosquillas <[email protected]>
Date: Fri May 17 11:25:38 2024 -0700
Use fugit2 now that diff signing works
commit 1303791a27b7417ff10ae773b1592f0da4e590e3
Good "git" signature for [email protected] with ED25519 key SHA256:e9yaSCbUZB8cnCtRGTCnao36FdGSKt/uqXgZDYPLpM8
Author: Carlos Rosquillas <[email protected]>
Date: Fri Apr 26 18:11:22 2024 -0700
Set up LaTeX with spellcheck
I checked my allowed_signers and it matches the one in the log, so it seems correct. I think it may be because I use 1Password with this Git config:
[user]
name = Carlos Rosquillas
email = [email protected]
signingkey = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN0ymLThQeG/B8GhYqrOUdjr2yydERDzP94yU9LT9o+N
[gpg]
format = ssh
[gpg "ssh"]
program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"
allowedSignersFile = /Users/carlos/.ssh/allowed_signers
[commit]
gpgsign = true
...
I will try to have a look at the source code tonight, if you have any tips for debugging this I'm all ears! Thanks again!
@disusered, new PR https://github.com/SuperBo/fugit2.nvim/pull/57 and https://github.com/SuperBo/fugit2.nvim/commit/4a373ddaeb73ab6c66197a7afb276d7f96de6817 should solve your issue.
In my previous implementation, I assumed user.signingkey should point to a file path. After taking a look at git source code, I adjusted fugit2 behavior to the same way.
@disusered, new PR #57 and 4a373dd should solve your issue.
In my previous implementation, I assumed user.signingkey should point to a file path. After taking a look at git source code, I adjusted fugit2 behavior to the same way.
I was out of town this weekend, gave it a shot, seems there is an issue with temporary file permissions on MacOS:
2024-05-20T13:05:38 ERROR [Fugit2] Failed to sign commit with ssh, Can't create temp file EROFS
2024-05-20T13:05:40 INFO [Fugit2] New commit ea402bab
From https://github.com/SuperBo/fugit2.nvim/pull/57/files#diff-dbe2c578d6fb75f9fd36204660d951bc2cd85d48fc0cc7de0fafbaae3f7782cdR23 I did some digging:
If I print my os.getenv("TMPDIR") I get /tmp, seems it's the trailing slash. I added this to my local installation:
-- temp dir
M.TMPDIR = os.getenv "TMPDIR" or "/tmp/"
-- ensure the directory ends with a slash
if not M.TMPDIR:match("/$") then
M.TMPDIR = M.TMPDIR .. "/"
end
And success!
commit abdbb117a23f30b44206f2beb3eb85a3d3baf2b6 (HEAD -> main)
Good "git" signature for [email protected] with ED25519 key SHA256:e9yaSCbUZB8cnCtRGTCnao36FdGSKt/uqXgZDYPLpM8
Author: Carlos Rosquillas <[email protected]>
Date: Mon May 20 13:24:09 2024 -0700
Update LazyVim
If you want me to open a PR I'd be happy to later this evening, if you want to push it yourself I would be happy with that as well! My approach assumes that os.getenv("TMPDIR") might sometimes return a trailing slash depending on the source OS.
Thank you so much for your efforts, I enjoy your plugin and still delighted to have found a workflow that can substitute Fugitive.
Thank you @disusered for discovered the bug, that trailing slash can be "\" on Windows. So I switch to use plenary.Path for TMPDIR (https://github.com/SuperBo/fugit2.nvim/commit/b7d6728250b1052ca8e6c11e7cc63a2065e01977).
It should solve your problem :D. I think I can finally close this ticket 👍
Close this issue, detail instructions are in the wiki https://github.com/SuperBo/fugit2.nvim/wiki/GPG-Singing-and-SSH-Signing