pinentry is not reading key from Mac keychain
Setup:
I am using XCode Version 13.0 (13A233) on MacOS 11.6 (20G165). My git (v2.33.0) preferences are set to sign commits using my PGP key. My GPG Suite Preferences say to save the secret key in my Mac keychain, and I can confirm that the correct key is present in the keychain in the expected entry.
Observed:
When I try to commit from XCode, pinentry-mac (v1.1.1) doesn’t read the key from the keychain as expected. Instead it displays the password dialog (with the “save in keychain” field checked),and requires the password to be entered. But then it doesn’t update the password in the keychain, and the prompt dialog appears the next time I go to save (and the cache has expired).
Expected
I expect pinentry to read the password from the keychain.
Additional info
$ /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac --version
pinentry-mac (pinentry) 1.1.1
Copyright (C) 2016 g10 Code GmbH
$ git config --system --get-all credential.helper
osxkeychain
$ git config --global --get-all credential.helper
osxkeychain
/usr/local/share/gcm-core/git-credential-manager-core
I have cleared the keychain of passwords, turned the "save to keychain" preference on and off, restarted the machine several times; all with no change in behavior. The password is never saved to the keychain, and when in the keychain is never used.
macOS 11.6 20G165
GPG Suite 2021.1 3030 (0e6215293c)
GPG Mail -
GPG Keychain 1.8 1670 (342981ae2c)
GPG Services 2.2 1146 (4bf5d13ec3)
MacGPG 2.2.27 968 (6c0abb39b8)
GPG Suite Preferences 2.5 1176 (7021bee7e2)
Libmacgpg 1.3 944 (dfc721caaf)
pinentry 1.1.1.1 18 (b7195e9d4c)
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 12 Oct, 2021 09:06 PM
Hi dev,
welcome to the GPGTools support platform. Sorry to hear you are having problems using GPG Suite.
Has this previously worked for you?
Also could you please download and install our latest hotfix GPG Suite and see if that solves your problem.
All the best,
Steve
Disclaimer: Hotfixes are GPG Suite builds containing our latest source code, so bugs and crashes may occur.
2 Posted by dev on 16 Oct, 2021 05:17 PM
Hi Steve,
Installing the 10-15 hotfix - GPG Suite 2021.1 (3038n) - has fixed the problem... thanks!
To answer your original question: I don't know if this problem always existed, because I only recently switched by git settings to auto-sign commits with my PGP key by default, so earlier commits from Xcode would not have seen this issue.
One additional thought: I hadn't installed GPGMail when I first installed the GPG Suite, but I accidentally did when installing the hotfix. Is it possible that the absence of GPG Mail was related to the issue?
Support Staff 3 Posted by Steve on 19 Oct, 2021 07:17 PM
Thanks for the update. This is a bit curious. I am certain that GPG Mail would not play into your use case and pinentry would be installed even, if you do not install GPG Mail. You can try that routine with the nightly by deselecting GPG Mail in the custom install option. But I doubt it will change anything.
Glad this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best,
Steve
Steve closed this discussion on 19 Oct, 2021 07:17 PM.