qcommit apparently hangs waiting for gpg key

Rob Walker пишет:
> Public bug reported:
>
> (This was originally posted some time ago on the bzr bug list, but I
> believe they had wanted it to be re-posted here instead.)
>
> I use GPG to sign all my commits.
>
> Whenever I use the qcommit command on Windows, either launching it via a
> command prompt or the TortoiseBzr interface, whenever I attempt to
> commit, the "Status" tab shows that it gets to "Saving data locally -
> Stage (2/5)" and forever hangs there. I have to kill the process and
> break the lock on the branch . Normal commits (not using qbzr) work from
> the command line, where I have to enter the password in order to commit
> using GPG.
>
> I'm using Bazaar 1.12 and GPG4win version 1.1.3.

It hangs because gpg require password and want to read it from stdin.
I suspect you should see gpg prompt in the console (when you run qcommit
from command-line) but it obviously won't help in the case of TBZR.

Because QBzr has no idea that gpg is used and it require the password,
we can't handle this situation reliable.

The best you can do to workaround this is to use special gpg-agent program
to hold your key.

This is arguably bug in QBzr because we don't manage gpg stuff. Everything going on inside bzrlib and QBzr just invoke plain `bzr commit` as subprocess and handle it progress bar and related UI.

SO if bzr can ask passphrase for gpg in usual way (via console UI used for other password) we can handle this in QBzr.

Until then either use gpg-agent program, or supply password in the commandline in your bazaar.conf.

We could possibly handle this more elegantly as follows: if there is no gpg agent, bzr should act as a gpg agent itself, passing GPG_AGENT_INFO when running gpg. Then it can handle gpg's request for a passphrase by calling a method on the UI factory, and qbzr can in that case pop up a dialog.

However, for most users it's probably cleaner to just run a gpg agent.

Just adding a 'me-to' to this, as it prevents me from using "bzr qcommit" for my day-to-day work.

Oddly enough, I see the warning:
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information

show up in both the console that I spawned 'bzr qcommit' from and in the Status window of qcommit.

So it at least looks like gpg can somewhat connect to the raw terminal, it just doesn't prompt me for a password there.

Note that it wouldn't be a full solution once you are using something like Bazaar Explorer that doesn't want to have a console window shown.

John A Meinel пишет:
> Just adding a 'me-to' to this, as it prevents me from using "bzr
> qcommit" for my day-to-day work.

I'm sorry, but this is clearly problem in bzrlib in first place.

> Oddly enough, I see the warning:
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
>
> show up in both the console that I spawned 'bzr qcommit' from and in the
> Status window of qcommit.

Maybe this is side-effect of running commit as subprocess?

> So it at least looks like gpg can somewhat connect to the raw terminal,
> it just doesn't prompt me for a password there.
>
> Note that it wouldn't be a full solution once you are using something
> like Bazaar Explorer that doesn't want to have a console window shown.

Yes, so I guess proper solution to prompt for password via GUI is
required. Can we use gpgme library and avoid gpg binary?

Another question: John, why you don't use gpg-agent?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Belchenko wrote:
> John A Meinel пишет:
>> Just adding a 'me-to' to this, as it prevents me from using "bzr
>> qcommit" for my day-to-day work.
>
> I'm sorry, but this is clearly problem in bzrlib in first place.
>
>> Oddly enough, I see the warning:
>> gpg: WARNING: using insecure memory!
>> gpg: please see http://www.gnupg.org/faq.html for more information
>>
>> show up in both the console that I spawned 'bzr qcommit' from and in the
>> Status window of qcommit.
>
> Maybe this is side-effect of running commit as subprocess?
>
>> So it at least looks like gpg can somewhat connect to the raw terminal,
>> it just doesn't prompt me for a password there.
>>
>> Note that it wouldn't be a full solution once you are using something
>> like Bazaar Explorer that doesn't want to have a console window shown.
>
> Yes, so I guess proper solution to prompt for password via GUI is
> required. Can we use gpgme library and avoid gpg binary?
>
> Another question: John, why you don't use gpg-agent?
>

There isn't really a gpg-agent on Windows...

John
=:->

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqw5FcACgkQJdeBCYSNAAOJuQCeL44iUDNJvi0KnbsWJKN7lLHA
T3AAoLyDKZfdG6lDuAkhjg7tJnsIxDji
=UArK
-----END PGP SIGNATURE-----

Any progress on this? It's kinda annoying being forced to drop to console every time I need to make a commit.

GPG4Win project http://www.gpg4win.org/

GPG4Win 2.0.4 has gpg-agent inside, and it can be successfully used with gpg2.exe in that package.

So in theory, all you need is to run gpg-agent as service on windows, and set full path to gpg2.exe in DEFAULT section of bazaar.conf, e.g.

gpg_signing_command = C:\Program Files\GnuPG\gpg2.exe

Actually, setting gpg_signing_command is not needed.

After testing gpg4win 2.0.4 I can say that it can invoke gpg-agent if there is not running one.
qcommit works just fine with Bazaar Explorer.