I am unable to use signed commits within Visual Studio Code when committing code in WSL2 from Windows 10.
THE ISSUE
No passphrase prompt is shown within Windows 10 resulting in git failing with error: gpg failed to sign the data
SETUP
Windows Setup
Latest version of Windows 10 with WSL2 and Windows Terminal.
Visual Studio Code is installed within Windows 10 and is the latest version (1.48.0) and includes the latest Remote WSL Extension (v0.44.4).
My code is within WSL2 running Ubuntu 20.04 with all packages updated.
Visual Studio Code is opened via the command line using the code .
command from within WSL2.
Git Setup
Git (2.25.1) is installed within WSL2 with the following global config:
[user]
name = My Name
email = [email protected]
signingkey = A1B2C3D4E5F67890
[commit]
gpgsign = true
The git repository is initiated using the command line within WSL2.
GPG Setup
gnupg (2.2.19) is installed within WSL2.
I have ~/.gnupg/gpg.conf
settings
use-agent
default-key A1B2C3D4E5F67890
And ~/.gnupg/gpg-agent.conf
default-cache-ttl 34560000
max-cache-ttl 34560000
pinentry-program /usr/bin/pinentry-curses
And my ~/.zprofile
export GPG_TTY=$(tty)
export GPG_AGENT_INFO=${HOME}/.gnupg/S.gpg-agent:0:1
WHAT WORKS
If I run a git commit
from within WSL2 in Windows Terminal it prompts me for my passphrase.
┌────────────────────────────────────────────────────────────────┐
│ Please enter the passphrase to unlock the OpenPGP secret key: │
│ "My Name <[email protected]>" │
│ 4096-bit RSA key, ID A1B2C3D4E5F67890, │
│ created 2020-08-10. │
│ │
│ │
│ Passphrase: __________________________________________________ │
│ │
│ <OK> <Cancel> │
└────────────────────────────────────────────────────────────────┘
This passphrase is then cached for the rest of my Windows session until I restart my laptop. Any commit after this no longer prompts for the passphrase.
I am now able to use the Visual Studio Code git UI and VSCode's built-in terminal to commit changes.
The Question
If I restart my laptop then commits from Visual Studio Code do not work until I first cache the GPG passphrase within WSL2.
Maybe worth noting, but if I haven't cached the passphrase and open the code within Visual Studio Code and try to do a commit from the built-in VSCode terminal it also fails. It only works if the passphrase is first entered within WSL2 via Windows Terminal.
I appreciate that Windows 10 and WSL2 are really two different systems but is there any way to get Windows to display a prompt for the GPG passphrase for git running in WSL2?
Or do I need to set things up completely differently? I've used MacOS for development for a long time now so not sure what the best route may be on Windows 10.
Edit: 2020-08-17 I found https://github.com/diablodale/pinentry-wsl-ps1 and used the script as the pinentry. This works and shows a GUI in Windows 10 when the passphrase isn't cached. But I'd like to find a solution that doesn't rely on a script that may stop functioning.
I found a solution...but it has caveats at the time of writing.
Since Visual Studio Code is running in Windows 10 and git & gpg are within WSL2 I thought of trying a visual pinentry on the Windows 10 side.
This didn't work until I subscribed to the Windows Insider's track and updated to the latest Dev Build (2004 Build 20190.1000).
Steps required:
Join the Windows Insider program and update Windows 10 to the 2004 Build 20190.1000 (might work on earlier builds but that's the one I received first). This will come with some interesting extras for WSL2 with increased interoperability - you'll also notice a Linux option in Windows Explorer now.
Install GPG4Win from https://www.gpg4win.org. Nothing other than the default gnupg is required, but I installed Kleopatra too in case it came in handy elsewhere.
Edit ~/.gnupg/gpg-agent.conf
and change the pinentry
pinentry-program "/mnt/c/Program Files (x86)/GnuPG/bin/pinentry-basic.exe"
Now when you are asked for your passphrase the GPG GUI shows up.
I have tested this restarting the machine to ensure the passphrase isn't cached and it works for:
This meets my requirements but happy to hear if there are any bits I may have not considered.
Big thanks to @39digits for his useful answer!
Some updates as of August 2021:
with the latest version of gpg4win, you need to set the folloing config in you ~/.gnupg/gpg-agent.conf
file in WSL2 ubuntu:
pinentry-program "/mnt/c/Program Files (x86)/Gpg4win/bin/pinentry.exe"
Afterwards, you may need to restart the GPG agent by running:
gpg-connect-agent reloadagent /bye
Also, you no longer need to subscribe to the windows insiders track.
Just to add to this a little bit, It seems like now a simple
git config --local gpg.program /usr/bin/gpg
is enough (in your git repository) for VS Code to be able to sign commits with your local gpg installation properly
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With