git commit message fails

[jungle-boogie]

Hi,

I would like to try gopass for saving passwords; however, it seems there's some problem with the git report that gopass creates. I'm using gopass from master.

Here's the error when attempting to add a password:

Error: failed to write secret 'golang.org/gopher': failed to commit changes to git: failed to run command /usr/local/bin/git [git commit -m Save secret to golang.org/gopher: Inserted user supplied password]: exit status 128

Here's the full transaction of creating the gopass repo:

$ ./gopass
It seems you are new to gopass. Do you want to run the onboarding wizard? [Y/n]: y
[init] No useable GPG keys. Generating new key pair
[init] [gpg] Key generation may take up to a few minutes
[init] [gpg] Creating key pair ...
gpg (GnuPG) 2.1.23; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Note: Use "gpg2 --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: jungle
Email address: jungle@example.com
You selected this USER-ID:
    "jungle <jungle@example.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 681EF754FB775C98 marked as ultimately trusted
gpg: directory '/home/jungle/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/jungle/.gnupg/openpgp-revocs.d/5215049B6AE94836F3C8631A681EF754FB775C98.rev'
public and secret key created and signed.

pub   rsa2048 2017-11-07 [SC] [expires: 2019-11-07]
      5215049B6AE94836F3C8631A681EF754FB775C98
uid                      junglef <jungle@example.com>
sub   rsa2048 2017-11-07 [E] [expires: 2019-11-07]

 -> OK
[init] [gpg] Public key exported to '0x681EF754FB775C98.pub.key'
[init] [gpg] Done
[init] [local] Initializing your local store ...
Please select a private key for encrypting secrets:
[0] 0x681EF754FB775C98 - junglef <jungle@example.com>
Please enter the number of a key (0-0) [0]: 0
Use junglef (jungle@example.com) for password store git config? [Y/n]: y
[init] [local]  -> OK
[init] [local] Configuring your local store ...
Do you want to automatically push any changes to the git remote (if any)? [Y/n]: n
Do you want to always confirm recipients when encrypting? [y/N]: y
[init] [local]  -> OK
gopass

jungle@puffer:~$ ./gopass insert golang.org/gopher
Enter password for golang.org/gopher:
Retype password for golang.org/gopher:
Warning: Password is too short
gopass: Encrypting golang.org/gopher for these recipients:
 - 0x681EF754FB775C98 - junglef <jungle@example.com>

Do you want to continue? [Y/n]: y

Error: failed to write secret 'golang.org/gopher': failed to commit changes to git: failed to run command /usr/local/bin/git [git commit -m Save secret to golang.org/gopher: Inserted user supplied password]: exit status 128

[dominikschulz]

Actually I've encountered the same bug already. It probably an communication issue with the GPG agent needed to sign the git commit.

We need to look into GPG agent initialization. A first hunch would be to set GPG_TTY=$(tty) but we'll need to find a portable way to do this. And still I'm not sure if we need to setup/start the GPG Agent after GPG key generation.

[dominikschulz]

In my tests on linux setting GPG_TTY worked.

[jungle-boogie]

Hi @dominikschulz,

I see your commit and thank you for efforts to correct this. Are you saying I need to add something like the following in my shell's profile or export on the cli for this to work?

GPG_TTY=$(tty)
export GPG_TTY

If so, doing that with the latest build of gopass still results in a failure on both Linux and openbsd.

[dominikschulz]

Hmm, my commit fixed the init behavior for me. I'm sorry to hear that it doesn't work for you.

You should definitely set GPG_TTY in your profile, see: https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html

But if that doesn't fix the issue for you, I don't know how to debug this from my side.

If you can provide any more information we can try to narrow it down.

[jungle-boogie]

Setting GPG_TTY in my profile still results in the same behavior:

Error: failed to write secret 'golang.org/gophero': failed to commit changes to git: failed to run command /usr/local/bin/git [git commit -m Save secret to golang.org/gophero: Inserted user supplied password]: exit status 128

Does gopass have some debug logging that can be enabled to see where this is failing?

[dominikschulz]

You can set GOPASS_DEBUG=true to see what it's doing, but this error strongly hints at an communication issue between git and gpg. Gopass is setting git up to create signed commits and if gpg can't talk to the agent then these commits will fail.

[jungle-boogie]

Hi @dominikschulz,

I think I've got it solved!!

commit 49ada6e5cc908df13ce493bc7480df2faafcdf55 (HEAD -> master)
Author: jungle <jungle@example.com>
Date:   Fri Nov 10 11:45:22 2017 -0800

    Save secret to example.com/jungle: Inserted user supplied password

And once you tipped me off on git+gpg failure, I knew the problem and how to solve it:
lrwxr-xr-x 1 root wheel 19 Nov 10 11:41 /usr/local/bin/gpg -> /usr/local/bin/gpg2

I just need a symbolic link from gpg2 to gpg on openBSD.

[dominikschulz]

Thanks for reporting back on this. I think this is a case we might be able to fix when we setup the per-store git repo. We detect the path to the gpg binary anyway so we should check if we can properly configure the git repo as well.

[trallnag]

In my case the issue was something else. I had to globally configure the key to use for signing with git.

git config --global commit.gpgSign "true"
git config --global user.signingKey "ACCB8F306184BEEE49E7370E5DBF2C327E72AA3F"