34

I like to sign my git commits with my PGP key, so I was quite alarmed when I went to git commit -S but instead of prompting for my PGP key passphrase, git just started hanging. I haven't made a change to my GPG setup in several months and have made many commits since then with no problem. Additionally, when I attempt to view my private keys with gpg -K, gpg hangs. However, when I run gpg -k to view my public keys, it returns the list like normal. Hopefully someone will have some idea of what is causing this problem and how to fix it.

John Leuenhagen
  • 1,147
  • 1
  • 7
  • 16
  • 1
    are you doing this over ssh? if so, do you have `gpg-agent` or similar setup in the .bashrc (etc) of the remote system, and configured to prompt on the remote's X display or similar? i've had similar problems in the past (e.g. ssh-ing from a terminal on my mythtv box to my desktop machine to run something requiring gpg. also had similar issues with `ssh-agent`), and i brute-force "fixed" it with `export GPG_TTY=$(tty)` in the .bashrc, to make sure the prompt is always on the current tty. i can't stand GUI passwd prompts anyway. – cas Jul 28 '17 at 06:07
  • 1
    No, I'm not doing it over SSH. What's weird is that I found that if I kill gpg-agent, gpg works again. I'm trying to figure out why and make a long term solution. – John Leuenhagen Jul 28 '17 at 16:10
  • I just noticed in the `gpg-agent` man page that setting GPG_TTY as above isn't something I hacked up to work, it's required. The man page says you should always set it in your .bashrc as I did, and also says `It is important that this environment variable always reflects the output of the tty command.` - that must have been where I got it from. One other thing you need to be careful of is the pinentry program used by gpg-agent. I have mine set (in `~/.gnupg/gpg-agent.conf`) to `/usr/bin/pinentry-curses` – cas Jul 28 '17 at 16:40

2 Answers2

40

I came across this exact issue (OSX Sierra 10.12.6, gpg/GnuPG 2.2.5)

Commands that would hang:

gpg -K # --list-secret-keys
gpg -d # --decrypt
gpg --edit-key
gpgconf --kill gpg-agent

My solution was the same as mentioned by John above (ie. kill gpg-agent) as most other methods on how-can-i-restart-gpg-agent would also hang.

# Solution    
pkill -9 gpg-agent

Then for signing git commits I set the tty env as mentioned by cas above and also at gpg-failed-to-sign-commit-object.

export GPG_TTY=$(tty)
CoffeeMonster
  • 501
  • 4
  • 4
-1
$ ps aux | grep -E "gpg-agent"
alper  28970   0.0   92436   3284   15:31 0:00 /usr/bin/gpg-agent --supervised

Here output variable contains 28970.

from subprocess import Popen, PIPE
import signal

def kill_process_by_name(process_name):
    p1 = Popen(["ps", "auxww"], stdout=PIPE)
    p2 = Popen(["grep", "-E", process_name], stdin=p1.stdout, stdout=PIPE)
    p1.stdout.close()  # noqa
    p3 = Popen(["awk", "{print $2}"], stdin=p2.stdout, stdout=PIPE)
    p2.stdout.close()
    output = p3.communicate()[0].decode("utf-8").strip()
    lines = output.splitlines()  # awk may return more than one pid number
    for pid in lines:
        if pid.isnumeric():
            os.kill(int(pid), signal.SIGKILL)
alper
  • 449
  • 2
  • 8
  • 20
  • This isn't really a solution to the problem, just a workaround. I'd advise against auto-killing processes in a script like this. – John Leuenhagen Mar 09 '22 at 18:05
  • Why are you against auto-killing processes in a script like this? Wouldn't you kill processes in a bash-script using `kill -9 $(ps auxww | grep -E "[p]rocess_name" | awk '{print $2}') > /dev/null 2>&1`? – alper Mar 09 '22 at 18:50
  • that would be just as bad. My point is that automatically killing a process to get it to work isn't a solution. It's just an ugly workaround, and I wouldn't feel comfortable using it. – John Leuenhagen Mar 10 '22 at 19:42
  • What would you fell comfortable to use? Don't you ever automatically kill a process and restart it in your on computer, or ever restart the operating system if somehing unexpected happens? – alper Mar 10 '22 at 22:12