Hi! I have created a container for development purposes with bubblewrap[1] and unshare, so far it has been working great the only thing that isn't working is gpg signed commits with git I have bind mounted the $GNUPGHOME into the container and gpg can see it with gpg --list-keys. Now when I sign commits with it I gett: ``` gpg: signing failed: Inappropriate ioctl for device ```
This was fixed by adding `export GPG_TTY=$(tty)` to ~/.bash_profile ($(tty) points to /dev/console).But now I get: ``` localhost # git commit -s -S -a -m "test" error: gpg failed to sign the data: gpg: WARNING: unsafe ownership on homedir '/root/.gnupg' [GNUPG:] KEY_CONSIDERED 64DA0EF748DCFAB0D2661171005C84091F5630E0 2 [GNUPG:] BEGIN_SIGNING H8 [GNUPG:] PINENTRY_LAUNCHED 59 curses 1.3.1-unknown /dev/console xterm-256color :0 20620/1000/65534 0/0 0 gpg: signing failed: Permission denied [GNUPG:] FAILURE sign 83918849 gpg: signing failed: Permission denied fatal: failed to write commit object ``` I don't know what its trying to access anyone with the experties know what going wrong? I have also tried with bind mounting /dev/console but when I do that the tty command becomes: ``` localhost # tty not a tty ``` And get: ``` localhost # git commit -s -S -a -m "test" error: gpg failed to sign the data: gpg: WARNING: unsafe ownership on homedir '/root/.gnupg' [GNUPG:] KEY_CONSIDERED 64DA0EF748DCFAB0D2661171005C84091F5630E0 2 [GNUPG:] BEGIN_SIGNING H8 [GNUPG:] PINENTRY_LAUNCHED 60 curses 1.3.1-unknown not a tty xterm-256color :0 ? 0/0 0 gpg: signing failed: No such file or directory [GNUPG:] FAILURE sign 83918929 gpg: signing failed: No such file or directory fatal: failed to write commit object ``` I can see that the :0 is the $DISPLAY variable and after that its showing the UIDs? So TLDR: I can't get pinentry to work. More info: If I use the tty pinenctry regardless of /dev/console being bind mounted or not I get: ``` localhost # git commit -s -S -a -m "test" error: gpg failed to sign the data: gpg: WARNING: unsafe ownership on homedir '/root/.gnupg' [GNUPG:] KEY_CONSIDERED 64DA0EF748DCFAB0D2661171005C84091F5630E0 2 [GNUPG:] BEGIN_SIGNING H8 [GNUPG:] PINENTRY_LAUNCHED 58 tty 1.3.1-unknown - xterm-256color :0 - 0/0 0 gpg: signing failed: Operation cancelled [GNUPG:] FAILURE sign 83886179 gpg: signing failed: Operation cancelled fatal: failed to write commit object ``` The host's UID is 1000 and inside the container I'm 100000(root) surely thats messing with it but I don't know how ncurses works. Permissions on /dev/console (that bubblwrap creates): ``` localhost # ll /dev/console crw--w---- 1 1000 nobody 136, 1 Aug 30 20:37 /dev/console ``` Permissions of bind mounted /dev/console: ``` localhost # ll /dev/console crw--w---- 1 nobody nobody 5, 1 Aug 29 21:45 /dev/console ```
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
