On Sun, 2025-08-31 at 03:27 +0500, zyxhere💠via Gnupg-users wrote: > On Sun, 2025-08-31 at 01:41 +0500, zyxhere💠via Gnupg-users wrote: > > Hi! I have created a container for development purposes with > > bubblewrap[1] and unshare, so far it has been working great > > the only thing that isn't working is gpg signed commits with > > git I have bind mounted the $GNUPGHOME into the container > > and gpg can see it with gpg --list-keys. Now when I sign > > commits with it I gett: > > ``` > > gpg: signing failed: Inappropriate ioctl for device > > ``` > > > > This was fixed by adding `export GPG_TTY=$(tty)` to > > ~/.bash_profile ($(tty) points to /dev/console).But now > > I get: > > ``` > > localhost # git commit -s -S -a -m "test" > > error: gpg failed to sign the data: > > gpg: WARNING: unsafe ownership on homedir '/root/.gnupg' > > [GNUPG:] KEY_CONSIDERED 64DA0EF748DCFAB0D2661171005C84091F5630E0 2 > > [GNUPG:] BEGIN_SIGNING H8 > > [GNUPG:] PINENTRY_LAUNCHED 59 curses 1.3.1-unknown /dev/console > > xterm-256color :0 20620/1000/65534 0/0 0 > > gpg: signing failed: Permission denied > > [GNUPG:] FAILURE sign 83918849 > > gpg: signing failed: Permission denied > > > > fatal: failed to write commit object > > ``` > > > > I don't know what its trying to access anyone with the > > experties know what going wrong? I have also tried with bind > > mounting /dev/console but when I do that the tty command > > becomes: > > ``` > > localhost # tty > > not a tty > > ``` > > And get: > > ``` > > localhost # git commit -s -S -a -m "test" > > error: gpg failed to sign the data: > > gpg: WARNING: unsafe ownership on homedir '/root/.gnupg' > > [GNUPG:] KEY_CONSIDERED 64DA0EF748DCFAB0D2661171005C84091F5630E0 2 > > [GNUPG:] BEGIN_SIGNING H8 > > [GNUPG:] PINENTRY_LAUNCHED 60 curses 1.3.1-unknown not a tty xterm-256color > > :0 ? 0/0 0 > > gpg: signing failed: No such file or directory > > [GNUPG:] FAILURE sign 83918929 > > gpg: signing failed: No such file or directory > > > > fatal: failed to write commit object > > ``` > > I can see that the :0 is the $DISPLAY variable and after > > that its showing the UIDs? > > > > So TLDR: I can't get pinentry to work. > > > > More info: > > If I use the tty pinenctry regardless of /dev/console being > > bind mounted or not I get: > > ``` > > localhost # git commit -s -S -a -m "test" > > error: gpg failed to sign the data: > > gpg: WARNING: unsafe ownership on homedir '/root/.gnupg' > > [GNUPG:] KEY_CONSIDERED 64DA0EF748DCFAB0D2661171005C84091F5630E0 2 > > [GNUPG:] BEGIN_SIGNING H8 > > [GNUPG:] PINENTRY_LAUNCHED 58 tty 1.3.1-unknown - xterm-256color :0 - 0/0 0 > > gpg: signing failed: Operation cancelled > > [GNUPG:] FAILURE sign 83886179 > > gpg: signing failed: Operation cancelled > > > > fatal: failed to write commit object > > ``` > > > > The host's UID is 1000 and inside the container I'm > > 100000(root) surely thats messing with it but I don't know > > how ncurses works. > > > > Permissions on /dev/console (that bubblwrap creates): > > ``` > > localhost # ll /dev/console > > crw--w---- 1 1000 nobody 136, 1 Aug 30 20:37 /dev/console > > ``` > > Permissions of bind mounted /dev/console: > > ``` > > localhost # ll /dev/console > > crw--w---- 1 nobody nobody 5, 1 Aug 29 21:45 /dev/console > > ``` > Nevermind I was able to get it to work via > https://ao.bloat.cat/exchange/stackoverflow.com/questions/51504367/gpg-agent-forwarding-inappropriate-ioctl-for-device#59170001 > Need to add > ``` > use-agent > pinentry-mode loopback > ``` > to gpg.conf and > ``` > allow-loopback-pinentry > ``` > to gpg-agent.conf > > Sorry for the noise!
I hope there isn't anything wrong with using stdin for the password! (Not surer why its disabled by default). So if there is a way to keep using the ncurses prompt I would really appreciate it! _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
