lazygit icon indicating copy to clipboard operation
lazygit copied to clipboard
verified publisher icon jesseduffield

Regression in lazygit behavior for gpg/ssh prompts with pinentry

Open cavanaug opened this issue 6 months ago • 9 comments

Describe the bug This is really a reopening of a previously fixed bug #3308 and pr #3478

To Reproduce Steps to reproduce the behavior:

  1. Configure your environment for using gpg as an ssh-agent
  2. Reset the agent so it needs to prompt for the gpg password. "gpg-connect-agent reloadagent /bye"
  3. Run lazygit, watch the screen go crazy

Screenshots Same screen shots as in bug #3308

Version info: Lazygit 0.42 - First fixed with PR#3478 Lazygit 0.44.1 - Still working Lazygit 0.45.2 - Semi working, the initial prompt looks correct but upon return to the lazygit ui things are messed up Lazygit 0.46+ - Completely messed up from first launch of lazygit

Additional context It seems as though pinentry and lazygit are fighting over the screen and keyboard inputs. Like keystrokes are being sent to BOTH of them, as BOTH of them are attempting to draw on the screen simultaneously.

cavanaug avatar Jun 26 '25 19:06 cavanaug

You don't say which version you are using now. We had a regression like this briefly in 0.51.0, but it was fixed in 0.51.1 (see #4586). The current version is 0.52.

Please let me know if this explains it, or if the bug is still present in 0.52.

stefanhaller avatar Jun 27 '25 06:06 stefanhaller

Same problem exists on 0.52

cavanaug avatar Jun 27 '25 17:06 cavanaug

Hm. I'm not familiar with gpg at all. Are you using a curses-based pinentry program? In that case I wouldn't be surprised that it doesn't work in lazygit.

Could you post a screenshot of how the gpg prompt looks for you when you do a git fetch on the command line, outside of lazygit?

stefanhaller avatar Jun 29 '25 08:06 stefanhaller

I need to do some more testing. I just happened to run it on 0.53 inside of Zellij and it worked properly. Maybe its terminal dependent on the issue. I use Windows terminal, Ill try a couple different terminals and a native Linux box later this week to try to isolate.

cavanaug avatar Jul 07 '25 18:07 cavanaug

Same issue here. Thought I'd provide a screenshot (left: my gpg-cofnig - right: lazygit)

Image

This is how git fetch looks like "outside" in a normal shell:

Image

It is only an issue via ssh or in a tty. Otherwise the GTK pinentry opens which works.

The main issue is that lazygit also "catches" the keystrokes ment for pinentry, so you cant even really exit (Ctrl+C ony works sometimes)

noggynoggy avatar Jul 19 '25 23:07 noggynoggy

After installing gpg-agent in a linux dev container and configuring it to be used for ssh passphrase management, I can confirm the issue. However, I can't confirm the OP's claim that it's a regression; it doesn't work in 0.44.1 either.

And I can't imagine how this can ever have worked; you just can't use a curses-based pinentry program with a TUI application. Other TUI programs have the same issue (see e.g. here: https://github.com/tpope/vim-fugitive/issues/1836).

My advice would have been to configure your gpg-agent to use pinentry-tty instead; however, I couldn't get this to work at all when testing it (always got the error "agent refused operation" after waiting a long time).

After spending entirely too much time on messing around with this, I can't help agreeing with this guy: https://wozniak.ca/journal/2019/09-09.html. What a mess.

So, if anybody has ideas what we can do about it, I'm all ears. In the meantime, the only recommendation I can give is to use ssh keys rather than gpg keys (and ssh-agent for managing their passphrases), this works flawlessly.

stefanhaller avatar Jul 20 '25 12:07 stefanhaller

That’s interesting. I think that is a thread to pull on. It definitely worked for me on .44 I’ll write up my config to see if you can repro working. It will make bisecting easier. I definitely used the GPG_TTY hack as that is in my bashrc for every new interactive shell.

cavanaug avatar Jul 21 '25 01:07 cavanaug

As in https://github.com/jesseduffield/lazygit/issues/30#issuecomment-2263020003,

It seems that in older version pinentry-tty was the way for older version of lazygit to work with pinentry.

milanglacier avatar Jul 22 '25 23:07 milanglacier

For those who uses pass, a workaround is to invoke it right before opening lazygit.

pass git/[email protected] >/dev/null 2>&1
lazygit

extremelyonline avatar Dec 03 '25 12:12 extremelyonline

I'm experiencing this as well in 0.57.0. I use pinentry to unlock my card first to GPG sign the commit, then a second time to unlock the card for SSH. Generally, the pinentry for signing the commit works fine, but exhibits the behavior described above when I attempt a push. If I unlock my card for SSH outside of lazygit by just running ssh [email protected] or something (or even just running git push manually), I'm able to use lazygit without issue until my Yubikey is removed again.

klercke avatar Dec 17 '25 00:12 klercke