gitui icon indicating copy to clipboard operation
gitui copied to clipboard
verified publisher icon extrawurst

Support ssh-agent and external sign binaries for commit signing with ssh

Open chirpcel opened this issue 1 year ago • 15 comments

This Pull Request fixes/closes #2188.

It changes the following:

  • Respect configuration for alternative signing binary (for example 1Password ssh agent)
  • Using ssh-keygen for ssh signing operation to support ssh-agent
    • additional: sharing same implementation for default & configured binary

I followed the checklist:

  • [x] I added unittests
  • [x] I ran make check without errors
  • [x] I tested the overall application
  • [x] I added an appropriate item to the changelog

chirpcel avatar Jan 04 '25 00:01 chirpcel

There's one drawback. Like before, we don't support encrypted private keys which are not loaded to agent. The error message isn't as clear as before, but from a functionality point of view it isn't different. I would make a new issue for this behavior and take a look into supporting encrypted private keys.

chirpcel avatar Jan 04 '25 22:01 chirpcel

The error message isn't as clear as before

cant we make it as clear as before and then followup

supporting encrypted private keys.

extrawurst avatar Jan 05 '25 21:01 extrawurst

Actually I didn't figured out how to capture the passphrase prompt, as it's spawned directly on the tty. But I just have an Idea, maybe we could provide an empty passphrase as arg to skip the password prompt and map the "wrong passphrase" error to the previous error message. I'll take a look at it today.

chirpcel avatar Jan 06 '25 07:01 chirpcel

@extrawurst Worked, we now have a meaningful error message. I tested with 1Password SSH-Agent, Default SSH-Agent, non encrypted keys on disk and encrypted keys on disk.

chirpcel avatar Jan 06 '25 15:01 chirpcel

Any movement on this?

This would allow me to use gitui without needing to fallback to shell to actually commit.

DaRacci avatar Feb 22 '25 03:02 DaRacci

@DaRacci Think maintainer is currently busy as asking for co-maintainers and migrating his repo to an org for better support by more people. For now you can compile yourself with applied pr as I do or wait.

chirpcel avatar Feb 22 '25 19:02 chirpcel

Thanks @naseschwarz for your cr! I commited your suggestions and commented on questions. I'll take a look at the remaining annotations of edge cases/optimizations. I'll update the pr soon.

I've tested the implementation on linux and macOS. Windows currently missing, maybe I can test it in a VM. Currently don't know about license/activation. Keep you updated.

chirpcel avatar Mar 29 '25 23:03 chirpcel

Would simply like to add that I've been been running a compiled version of gitui with this pull request since August. So far I've had no issues on my Linux setup.

For me, ssh-agent support was critical, so I'd also like to say thank you for this work. I hope we see this merged one day.

hazzuk avatar Nov 18 '25 00:11 hazzuk

@hazzuk Me too and I totally forgot that I have this PR open :face_in_clouds:
You just bring back my attention to it. I'll sort out the last open notes and the we should get it merged.

chirpcel avatar Nov 19 '25 18:11 chirpcel

Open notes should now been solved. I'll test tomorrow on some machines with different configs and then request an follow-up review.

chirpcel avatar Nov 19 '25 20:11 chirpcel

I didn't encounter problems on my machines. Tested on linux with openssh agent and pgp based ssh agent.

chirpcel avatar Nov 20 '25 20:11 chirpcel

Tested on MacOS using 1Password signing, worked perfectly!

asgeirn avatar Nov 21 '25 07:11 asgeirn

@extrawurst As this initial PR is some months old and it happened much since them, who is currently able to do a review on changes?

chirpcel avatar Nov 21 '25 18:11 chirpcel

I’ll have a look!

cruessler avatar Nov 22 '25 18:11 cruessler

(Just wanted to let you know that I haven’t forgotten this PR. I hope to be getting to it over the weekend.)

cruessler avatar Nov 28 '25 07:11 cruessler