I just installed Fedora 39 and configured the same way I had running in previous versions. While most of the things “mostly work”, I have a huge blocker right now: I can’t git commit! It’s a crucial part of my job, and I’m not sure what’s wrong or even how to debug it.
I was able to track it down to gpg (as I sign my commits, just like you!), which blocks forever when running this:
> gpg -vk
gpg: enabled compatibility flags:
gpg: using pgp trust model
This started happening for all calls out of a sudden and persists after reboot, and I can’t determine what’s the trigger for this. I already tried to start over and install F39 again, but eventually got into the same problem.
I can’t seem to be able to find logs for what’s going on anywhere, and using -v gets me only the output I’ve shared. Any ideas on what’s going on?
Seconding what @ankursinha said. I think it’s worthwhile to find out if some external resource blocks gpg here, or if it’s a bug in the program itself.
One tool I use to find this out is strace, which tells you the system calls a program does when it executes. If the examined program say waits for a reply of an external server, it’s often obvious in the strace output (if you know how to interpret it).
strace actually helped me get further: searching for more info about “keyboxd”, I came across this:
Commenting out “use-keyboxd” from ~/.gnupg/common.conf make it work again for me. Interestingly, I don’t remember creating this file myself, and I don’t seem to have my keys there anymore. Perhaps some package had my ~/.gnupg overridden? In any case, it’s all working now.
** Key database daemon
Since version 2.3.0 it is possible to store the keys in an SQLite
database instead of the keyring.kbx file. This is in particular
useful for large keyrings or if many instances of gpg and gpgsm may
run concurrently. This is implemented using another daemon process,
the "keyboxd". To enable the use of the keyboxd put the option
"use-keyboxd" into the configuration file ~/.gnupg/common.conf or the
global /etc/gnupg/common.conf. See also doc/examples/common.conf.
Only public keys and X.509 certificates are managed by the keyboxd;
private keys are still stored as separate files.
Since version 2.4.1 the keyboxd will be used by default for a fresh
install; i.e. if a ~/.gnupg directory did not yet exist.
Note that there is no automatic migration; if the use-keyboxd option
is enabled keys are not taken from pubring.kbx. To migrate existing
keys to the keyboxd do this:
1. Disable the keyboxd (remove use-keyboxd from common.conf)
2. Export all public keys
gpg --export --export-options backup > allkeys.gpg
gpgsm --export --armor > allcerts.gpg
3. Enable the keyboxd (add use-keyboxd to common.conf)
4. Import all public keys
gpg --import --import-options restore < allkeys.gpg
gpgsm --import < allcerts.crt
If you can reliably reproduce it, I’d file a bug. There’s maybe something off with the keyboxd bit—perhaps it isn’t running properly or there are other issues?