webi-installers icon indicating copy to clipboard operation
webi-installers copied to clipboard
verified publisher icon webinstall

GnuPG has changed its package contents for macOS

Open coolaj86 opened this issue 1 year ago • 2 comments

GnuPG v2.2.x and v2.3.x contained ~/.local/opt/gnupg-2.2.33/bin/pinentry-mac.app/Contents/MacOS/pinentry-mac.

This was set in ~/.gnupg/gpg-agent.conf:

pinentry-program /Users/aj/.local/opt/gnupg/bin/pinentry-mac.app/Contents/MacOS/pinentry-mac

GnuPG 2.4.x no longer contains that file, but instead has ~/.local/opt/gnupg-2.4.7/bin/pinentry-curses.

However, setting pinentry-program /Users/aj/.local/opt/gnupg/bin/pinentry-curses (and restarting with launchctl) does not yield a working sign via echo "test" | gpg --clearsign.

Not sure what to do to fix it yet.

coolaj86 avatar Dec 15 '24 09:12 coolaj86

The fix:

  1. Make sure you have keys: 
    gpg --list-secret-keys --keyid-format LONG
  2. Make sure you're using the right pinentry. Comment out the old one, if needed. 
    echo "pinentry-program ${HOME}/.local/opt/gnupg/bin/pinentry-curses" >> ~/.gnupg/gpg-agent.conf
  3. Make sure gpg can find the tty 
    echo 'export GPG_TTY="$(tty)"' >> ~/.config/envman/ENV.env
export GPG_TTY="$(tty)"
  4. Reload the agent and test the signing. 
    gpg-connect-agent /bye
gpg-connect-agent reloadagent /bye

echo "test" | gpg --clearsign

coolaj86 avatar Jun 20 '25 22:06 coolaj86

Better yet:

git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_ed25519.pub

Then add to https://github.com/settings/keys

coolaj86 avatar Jun 20 '25 22:06 coolaj86