GPG inside toolbox containers

Hello all!

I would like to sign my git commits so they appear as verified on GitHub/Lab, while utilizing toolbox containers, but it appears that GPG runs into some permissions issues running in the toolbox.

At first when attempting to git commit -S ..., I got the error gpg failed to sign the data. I then ran echo "test" | gpg --clearsign to troubleshoot. I then got the error Inappropriate ioctl for device. I did some research and found that running export GPG_TTY=$(tty) worked for some people. I thought had put that in my bash_profile but ran it anyway. After that, I got a different error with the above test: Permission denied. Tried it again with sudo and got the same error. I then exited the toolbox, ran the export GPG_TTY=$(tty) command again and then was able to successfully sign the commit.

It makes sense that there might be some permissions errors, since I suppose the container technically has a different user (would it technically be a different computer in GPG’s eyes?). The questions is, what’s the best way around this? Exit the toolbox for GPG stuff? Export the keys on the host system and reimport them in the toolbox? Or is there some way to configure the toolbox to use the host GPG? Or am I missing something else entirely?

If you need any more info from me feel free to ask!

So I may have spoken too soon. I rebooted the computer (not sure why I hadn’t tried that yet) and it started working. I did also add a line to execute the gpg-agent in my bash_profile so that may have also had something to do with it. I’m not really sure though. Either way it is working now.

1 Like

I’ve had the same issue and thought I would add to this in case anyone else comes across it whilst trying to get it to work.

After playing around, it’s my understanding that the toolbox container is unable to unlock the GPG secret key without pinentry installed. So to get it to work you can either install pinentry in the container or start gpg-agent in the host first to unlock the key as you appear to have done in your case by adding it to your bashrc.