Github: GPG key with no passphrase fails with git integration

Hi!

Based the script and your error message:

line 22: exec: gpg: not found

Where line 22 is:

exec ${GPG_PROGRAM} --batch --no-tty --yes ${PASSPHRASE_ARG} "$@" 3<<EOM
${PASSPHRASE}
EOM

It looks like the gpg-no-tty.sh script can't find the gpg binary on your ${PATH}. You can get a little more information by:

1. Running which gpg in a terminal and nothing the path that it reports;
2. Running echo ${PATH} in a terminal to see what your system path is; and
3. Opening Atom's dev tools (window:toggle-dev-tools in the command palette) and executing process.env.PATH to see what path Atom is passing to the git processes it spawns.

If the path reported by (1) is included in (2) but not in (3), it means that Atom isn't picking up your system path correctly. If it's included in both (2) and (3), then it's an issue with the way we're passing the path to the git subprocesses.

Regardless, since gpg is being found from the terminal, you should be able to work around this by running:

git config --global gpg.program $(which gpg)

Looks like it's a Windows system, in which case change the commands to:

1. where gpg (cmd) or (get-command gpg).definition (Powershell)
2. echo %PATH% (cmd) or echo $env:PATH (Powershell)

Oh, the path separator... good catch, @50Wliu 🙇

Running which gpg

git bash shell

/usr/bin/gpg

powershell

The term 'which' is not recognized as the name of a cmdlet...

and if I try (get-command gpg).definition instead:

The term 'gpg' is not recognized as the name of a cmdlet...

Running echo $env:PATH / echo $env:PATH

powershell

C:\Program Files (x86)\Python36-32\Scripts\;
C:\Program Files (x86)\Python36-32\;
C:\WINDOWS\system32;
C:\WINDOWS;
C:\WINDOWS\System32\Wbem;
C:\WINDOWS\System32\WindowsPowerShell\v1.0\;
C:\texlive\2016\bin\win32;
C:\Program Files (x86)\PuTTY\;
C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;
C:\Program Files (x86)\Git\cmd;
C:\Program Files\nodejs\;
C:\Users\patri\AppData\Local\Microsoft\WindowsApps;
C:\Users\patri\AppData\Local\atom\bin;
C:\platform-tools;
C:\Users\patri\AppData\Local\Microsoft\WindowsApps;
C:\Users\patri\AppData\Roaming\npm

git bash shell

/c/Users/patri/bin:
/mingw32/bin:
/usr/local/bin:
/usr/bin:
/bin:
/mingw32/bin:
/usr/bin:
/c/Users/patri/bin:
/c/Program Files (x86)/Python36-32/Scripts:
/c/Program Files (x86)/Python36-32:
/c/WINDOWS/system32:
/c/WINDOWS:
/c/WINDOWS/System32/Wbem:
/c/WINDOWS/System32/WindowsPowerShell/v1.0:
/c/texlive/2016/bin/win32:
/c/Program Files (x86)/PuTTY:
/c/Program Files (x86)/Windows Kits/8.1/Windows Performance Toolkit:
/cmd:
/c/Program Files/nodejs:
/c/Users/patri/AppData/Local/Microsoft/WindowsApps:
/c/Users/patri/AppData/Local/atom/bin:
/c/platform-tools:
/c/Users/patri/AppData/Local/Microsoft/WindowsApps:
/c/Users/patri/AppData/Roaming/npm:
/usr/bin/vendor_perl:
/usr/bin/core_perl

Atom's dev tools and execute process.env.PATH

C:\Program Files (x86)\Python36-32\Scripts\;
C:\Program Files (x86)\Python36-32\;
C:\WINDOWS\system32;
C:\WINDOWS;
C:\WINDOWS\System32\Wbem;
C:\WINDOWS\System32\WindowsPowerShell\v1.0\;
C:\texlive\2016\bin\win32;
C:\Program Files (x86)\PuTTY\;
C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;
C:\Program Files (x86)\Git\cmd;
C:\Program Files\nodejs\;
C:\Users\patri\AppData\Local\Microsoft\WindowsApps;
C:\Users\patri\AppData\Local\atom\bin;
C:\platform-tools;
C:\Users\patri\AppData\Local\Microsoft\WindowsApps;
C:\Users\patri\AppData\Roaming\npm

git config --global gpg.program $(which gpg)

git config --global gpg.program $(which gpg) didn't fix the problem. But based on the discrepancies with path, it got me thinking. C:\Program Files (x86)\Git\cmd is in the powershell path, but C:\Program Files (x86)\Git\usr\bin is not (where gpg.exe is located). So, I added C:\Program Files (x86)\Git\usr\bin to my path under Environmental Variables. Now (get-command gpg).definition returns C:\Program Files (x86)\Git\usr\bin\gpg.exe. Additionally, C:\Program Files (x86)\Git\usr\bin now shows within the path in the Atom console as well.

Conclusion

Add... still getting the same error. I'm going to reboot my computer but I want to save this comment before I lose everything. So, in summary, gpg is now appearing in path for git bash shell and powershell and atom console but when I try to commit I'm still getting the same line 22: exec: gpg: not found error.

Update after reboot

cmd: where gpg

C:\Program Files (x86)\Git\usr\bin\gpg.exe

powershell: `(get-command gpg).definition

C:\Program Files (x86)\Git\usr\bin\gpg.exe

Atom console

C:\Program Files (x86)\Python36-32\Scripts\;
C:\Program Files (x86)\Python36-32\;
C:\WINDOWS\system32;
C:\WINDOWS;
C:\WINDOWS\System32\Wbem;
C:\WINDOWS\System32\WindowsPowerShell\v1.0\;
C:\texlive\2016\bin\win32;
C:\Program Files (x86)\PuTTY\;
C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;
C:\Program Files (x86)\Git\cmd;
C:\Program Files (x86)\Git\usr\bin;
C:\Program Files\nodejs\;
C:\Users\patri\AppData\Local\Microsoft\WindowsApps;
C:\Users\patri\AppData\Local\atom\bin;
C:\platform-tools;
C:\Users\patri\AppData\Local\Microsoft\WindowsApps;
C:\Users\patri\AppData\Roaming\npm

Updated Conclusion

Even after a reboot and with gpg now showing in all paths, I'm still getting the same error.

BUT

I then noticed that exec is not a valid powershell command. So exec ${GPG_PROGRAM} ... was throwing an error not because of gpg but because of exec.

I then changed

exec ${GPG_PROGRAM} --batch --no-tty --yes ${PASSPHRASE_ARG} "$@" 3<<EOM

to

'C:/Program Files (x86)/Git/usr/bin/gpg' --batch --no-tty --yes ${PASSPHRASE_ARG} "$@" 3<<EOM

and it now works correctly.

Summary

1. Added C:\Program Files (x86)\Git\usr\bin to path
2. $ git config --global gpg.program $(which gpg)
3. Change gpg-no-tty.sh line 22 to 'C:/Program Files (x86)/Git/usr/bin/gpg' --batch --no-tty --yes ${PASSPHRASE_ARG} "$@" 3<<EOM

So, obviously that's not a usable solution because it's not portable at all. The proper(?) solution might be to use the git bash shell instead of using powershell / system path on windows systems but I don't know enough to know if or how that would be possible.

Ah ha, I think we have enough information to get this working for you, now. There _is_ a bug in gpg-no-tty.sh - the variable ${GPG_PROGRAM} isn't quoted, so it won't work properly if the path to your gpg program has a space in it. I've made the fix in 163f2c3568f861c, but you could also edit it yourself:

exec "${GPG_PROGRAM}" --batch --no-tty --yes ${PASSPHRASE_ARG} "$@" 3<<EOM

Then change gpg.program to the path to your GPG program:

git config --global gpg.program 'C:/Program Files (x86)/Git/usr/bin/gpg'

Give that a shot and see if it works for you.

The proper(?) solution might be to use the git bash shell instead of using powershell / system path on windows systems but I don't know enough to know if or how that would be possible.

When git calls another executable on Windows, it actually uses a bundled, stripped-down sh binary to run shell scripts, not powershell! (Things get more awkward for us when _gpg_ wants to execute a binary, because it doesn't do so...) Git actually goes so far as to look for a Unix-y "shebang" line to run scripts with the appropriate binaries.

Perfect! ~~ I was able to leave line 7 as ~~

~~ GPG_PROGRAM=$(git config gpg.program || echo 'gpg')~~

Sorry, two thoughts at once. What I meant to say was I was able to leave git config --global gpg.program $(which gpg) as is. I did not need to use git config --global gpg.program 'C:/Program Files (x86)/Git/usr/bin/gpg'

and changed line 22 to

exec "${GPG_PROGRAM}" --batch --no-tty --yes ${PASSPHRASE_ARG} "$@" 3<<EOM

Note the quotes around "${GPG_PROGRAM}" as you instructed. It works perfectly for me now!

Thanks so much!

Hi @smashwilson
I am receiving a similar error msg, only with _"gpg2 and a set passphrase"_

\AppData\Local\atom\app-1.18.0\resources\app\node_modules\github\bin\gpg-no-tty.sh: line 22: exec: gpg2: not found
error: gpg failed to sign the data
fatal: failed to write commit object

** I am however able to create cryptographically signed tags and commits through the terminal with Gpg2

Versions:
OS: [win 10 64bit]
cygwin: [v2.881 64bit]
git: [v2.13.2]
gnupg2: [v2.1.21-1]
pinentry: [v1.0.0-2]
atom: [v1.18.0 x64]
terminal: [Hyper 1.3.3]
shell: [Zsh, oh-my-zsh]
gitflow: [AVH Edition]

gpg2 set as the default in global config
git config --global gpg.program $(which gpg2)

Every commit signed by default set to true
git config --global commit.gpgsign true

The signingkey set with:
git config --global user.signingkey <key-id>

Path to gpg2 in cygwin:
C:\cygwin64\bin\gpg2.exe

Running: git config --list --show-origin produces:

...
...
file:/cygdrive/c/Users/$USER/.gitconfig  gpg.program=gpg2
file:/cygdrive/c/Users/$USER/.gitconfig  commit.gpgsign=true
...
file:.git/config        gpg.program=gpg2

Running which gpg2 Produces:
/usr/bin/gpg2

Running process.env.PATH from atom chrome dev-tools along with echo ${PATH} in terminal both produce:
... C:\cygwin64\bin\gpg2 ...

In gpg-no-tty.sh I tried setting the echo to 'gpg2'
GPG_PROGRAM=$(git config gpg.program || echo 'gpg2')

Along with quotes for "${GPG_PROGRAM}":
exec "${GPG_PROGRAM}" --batch --no-tty --yes ${PASSPHRASE_ARG} "$@" 3<<EOM

However, the error persists...
Any help would be much appreciated!

The quotes probably aren't the cause of the issue as there doesn't appear to be any spaces in your path. Try changing

exec ${GPG_PROGRAM} --batch --no-tty --yes ${PASSPHRASE_ARG} "$@" 3<<EOM

to

'C:\cygwin64\bin\gpg2' --batch --no-tty --yes ${PASSPHRASE_ARG} "$@" 3<<EOM

and see what happens.

Just out of curiosity, why use gpg2? And does gpg2 take the same command line arguments as gpg?

I'm going to close this issue as the original issue reported by @pconwell has been solved. @meta-state it would be best if you could open a new issue, though it shouldn't hurt too much if the conversation is continued here for a while :).

Hi @pconwell, thanks for your suggestion!
Based on it I tried:

'C:\cygwin64\bin\gpg2' --batch --no-tty --yes ${PASSPHRASE_ARG} "$@" 3<<EOM

which ended up producing this new cygheap base mismatch error msg:

1 [main] gpg2 (5684) C:\cygwin64\bin\gpg2.exe: *** fatal error - cygheap base mismatch detected - 0x1802FF408/0x180304408.
This problem is probably due to using incompatible versions of the cygwin DLL.
Search for cygwin1.dll using the Windows Start->Find/Search facility
and delete all but the most recent version.  The most recent version *should*
reside in x:\cygwin\bin, where 'x' is the drive on which you have
installed the cygwin distribution.  Rebooting is also suggested if you
are unable to find another cygwin DLL.
error: gpg failed to sign the data
fatal: failed to write commit object

Reverting back to exec ${GPG_PROGRAM} and instead adding C:\cygwin64\bin\ to my windows Path produced the same cygheap base mismatch error msg..
Also, after conducting a system wide search it seems that there is only one cygwin1.dll file and rebooting did not resolve anything either.

Regarding why use gpg2:
From what I gather, most of the command line arguments are similar, though not all.
ref: gpg command line arguments
ref: gpg2 command line arguments

I initially decided to use gpg2 [specifically the 2.1 branch] because it seems that that's where their current and future development focus is primarily centered on.
On gnupg.org's they write:

GnuPG 1.4.22 released (2017-07-19)
Although GnuPG 1.4 is of limited use today we did a maintenance release to address the recently published local side channel attack CVE-2017-7526.

They also mention that GnuPG 1.4 lacks many features and will receive only important updates.
However for git signing, I think either version will probably suffice,

I tried the entire setup again only with gpg1.4 this time, where I:

• unistalled gpg2 & pinnentry
• installed gpg 1.4,
• re-generated keys,
• set paths,
• rebooted,

Which now enables me to sign cryptographically through the command line with gpg1.4 similarly to my earlier gpg2 setup, however I am still receiving the same cygheap base mismatch error msg as above when I try to run a commit through Atom.

@pconwell Your question made me reconsider sticking with gpg1.4 going forward, since it seems simpler, has a longer track record, and is receiving security updates.

Per @50Wliu request, I will open a new issue and update this comment thread with the link referencing the new cygheap base mismatch /gpg-no-tty.sh: line 22: exec: gpg: not found error msg.

Update:

• added new issue link #1066.
• added original error msg gpg-no-tty.sh: line 22: exec: gpg: not found error msg.
• corrected miscellaneous spelling / grammar oversights.