Skip to main content
Topic: can't sign commits with gpg even thou gpg-keys are unlocked with pam-gnupg (Read 1979 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

can't sign commits with gpg even thou gpg-keys are unlocked with pam-gnupg

so, ever since i moved to suite66, i'v been having trouble signing commits with gpg

it's as if my gpg keys are not unlocked upon login, I am using pam-gnupg to unlock my gpg keys on login
apart from that i am also using gnome-keyring for pkcs11, and secrets

here is my /etc/pam.d/login
Code: [Select]
auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login
auth       optional     pam_gnome_keyring.so
account    include      system-local-login
session    include      system-local-login
password   include      system-local-login
session    optional     pam_gnome_keyring.so auto_start

here is my /etc/pam.d/system-local-login
Code: [Select]
auth      include   system-login
account   include   system-login
password  include   system-login
session   include   system-login
auth     optional  pam_gnupg.so store-only
session  optional  pam_gnupg.so

Code: [Select]
#password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password required pam_unix.so sha512 shadow use_authtok
password required pam_unix.so sha512 shadow nullok
password optional pam_gnome_keyring.so

here is my ~/.gnupg/gpg-agent.conf
Code: [Select]
pinentry-program /usr/bin/pinentry-gnome3
allow-preset-passphrase
max-cache-ttl 86400

here is my ~/.gitconfig (except that i replaced my email with xxxx ,and signing key with xxxxx as I am not entirely sure if it's safe to show it publicly)
Code: [Select]
[user]
email = kronikpillow@xxxxxxxxxx
name = KronikPillow
signingkey = XXXXXXXXXXXXXX
[credential]
helper = /usr/lib/git-core/git-credential-libsecret
[hub]
protocol = ssh
[commit]
gpgsign = true

in my ~/.config/pam-gnupg I have used the keygrip of the subkey with the [E] flag after using gpg -K --with-keygrip to get the keygrip

this is my xinitrc
Code: [Select]
#!/bin/sh
if [ -f "${XDG_CONFIG_HOME:-$HOME/.config}/x11/xprofile" ]; then
. "${XDG_CONFIG_HOME:-$HOME/.config}/x11/xprofile"
else
. "$HOME/.xprofile"
fi

ssh-agent dwm

this is my xprofile
Code: [Select]
#!/bin/sh
xrdb ${XDG_CONFIG_HOME:-$HOME/.config}/x11/xresources  # Uncomment to use Xresources colors/settings on startup
eval $(gnome-keyring-daemon --start)
polkit-gnome & # start a policy kit agent
setbg & # set the background with the `setbg` script
remaps & # run the remaps script, switching caps/esc and more; check it for more info
xcompmgr & # xcompmgr for transparency
dunst & # dunst for notifications
unclutter & # Remove mouse when idle

here is my ~/.config/pinentry/preexec
Code: [Select]
#!/hint/sh

# Define additional functionality for pinentry. For example
test -e /usr/lib/libgcr-base-3.so.1 && exec /usr/bin/pinentry-gnome3 "$@"
#test -e /usr/lib/libQt5Widgets.so.5 && exec /usr/bin/pinentry-qt     "$@"

after i reboot and login, if i try to do a commit i get a

Code: [Select]
❯ g commit -am "test"
error: gpg failed to sign the data
fatal: failed to write commit object

but as soon as i run mutt wizard sync (luke smith's mutt wizard)
mw -Y
email syncs, and after that, I can make commits with git and they get signed with no issue ... I am confused as to why this is happening, this exact same setup on Arch works perfectly without the above issues

can someone help me please?

Re: can't sign commits with gpg

Reply #1
so, ever since i moved to suite66, i'v been having trouble signing commits with gpg
This has nothing to do with suite66, as the rest of your post shows.

after i reboot and login, if i try to do a commit i get a

Code: [Select]
❯ g commit -am "test"
error: gpg failed to sign the data
fatal: failed to write commit object
What is "g"? I assume some alias? If so, what is the output of
Code: [Select]
command -v g

but as soon as i run mutt wizard sync (luke smith's mutt wizard)
mw -Y
email syncs, and after that, I can make commits with git and they get signed with no issue ...
This shows that your GnuPG is set up correctly, and the problem lies with git.

Quote
here is my ~/.gitconfig (except that i replaced my email with xxxx ,and signing key with xxxxx as I am not entirely sure if it's safe to show it publicly)
Code: [Select]
[user]
email = kronikpillow@xxxxxxxxxx
name = KronikPillow
signingkey = XXXXXXXXXXXXXX
[credential]
helper = /usr/lib/git-core/git-credential-libsecret
[hub]
protocol = ssh
[commit]
gpgsign = true
Your signing key fingerprint is perfectly safe to publish, as for it to work as intended for signing you need to publish the entire public key anyway, which holds more information than just its fingerprint.

Anyway, my .gitconfig is the following:
Code: [Select]
[user]
email = [redacted-myemail]
name = Страхиња Радић
signingkey = 51E8DF5A
[url "ssh://[email protected]/"]
insteadOf = https://github.com/
[url "ssh://[email protected]/"]
insteadOf = https://git.sr.ht/
[pull]
rebase = false
[gpg]
program = gpg2
[init]
defaultBranch = master
[sendemail]
from = [redacted-myemail]
sendmailCmd = msmtp -a [redacted-myemail]
I think you don't need the [credential] section, and not sure about the [hub] section as I don't use the hub program.

I recommend taking your time to get familiar with how signing and encryption works in general and in particular with gpg. The official site is a good starting point, and there are plenty of other resources online as well.

Re: can't sign commits with gpg

Reply #2
Страхиња brate moj :) sorry for the Serbian I had as I'm from Serbia, and I'm assuming according to your name that you are as well :D this is a exact copy of my working git/pam/gnupg config that I used just a few days ago on Arch, before i switched to Artix, I use btrfs and i did a backup of my root and my home, and basically ported the entire working setup in to Artix via vimdiff ... the hub section just tells the hub wrapper to use ssh instead of the https protocol, as by default it uses https, there is virtually no differente, same packages installed, same everything, it's driving me crazy :-/ i even tried the
[gpg]
   program = gpg2

flag, it didn't solve the problem

btw g is just a alias to git

Code: [Select]
command -v g
alias g=git

Re: can't sign commits with gpg

Reply #3
I have changed my gitconfig to basically be similar to yours

Code: [Select]
[user]
email = kronikpillow@xxxxx
name = KronikPillow
signingkey = xxxxxxx
[commit]
gpgsign = true
[gpg]
program = gpg2

[url "[email protected]:"]
insteadOf = https://github.com/
[url "[email protected]:"]
insteadOf = https://gitlab.com/
[url "[email protected]:"]
insteadOf = https://bitbucket.org/
[url "[email protected]:"]
insteadOf = https://framagit.org/

still the same issue, althou I have noticed that you do not have the gpgsign = true flag

Re: can't sign commits with gpg

Reply #4
I prefer to have control over when I want or don't want to sign commits, so I don't have gpgsign option set.

Regarding [url ""] ... insteadOf, I think you need the ssh:// protocol prepended in those URLs, like I have. That replaces the HTTPS access to repositories with SSH completely.

Try this (assuming your updated configuration with [gpg] ... program):
Code: [Select]
gpg --sign --armor --default-key [your_fingerprint] <<EOT
Some message...
EOT
when first logging on your system, and paste the output.

your_fingerprint above is your key's fingerprint (its last 8 hexadecimal digits). You can list fingerprints with
Code: [Select]
gpg --list-keys --fingerprint [your_email]

Edit: Also post the output of
Code: [Select]
echo $GPG_TTY
tty

Stack overflow has a similar question (found by web search), though it seems it is Mac-centric, but still some hints could be gained from the answers.

For example, you can try setting GIT_TRACE=1 before calling git to have a more detailed trace output.

Re: can't sign commits with gpg

Reply #5
running
Code: [Select]
gpg --sign --armor --default-key [your_fingerprint] <<EOT
Some message...
EOT
after getting the fingerprint via
Code: [Select]
gpg --list-keys --fingerprint [your_email]
freezes gpg, and nothing happens, it just hangs, further investigating falling back to ~/.gnupg/gpg-agent.conf and removing
Code: [Select]
pinentry-program /usr/bin/pinentry-gnome3
upon login, and attempting to sign a commit, i get a GTK pinentry prompt to input my password, hence for some reason, upon login the key is not unlocked, yet on the other side, as soon as I run mutt wizard with mw -Y to sync my email, the keys get unlocked ...

loging out, reloging again, and running  GIT_TRACE=1 g commit -m "test" gives me the following output
Code: [Select]
GIT_TRACE=1 g commit -m "test"
19:43:31.288980 git.c:455               trace: built-in: git commit -m test
19:43:31.290233 run-command.c:666       trace: run_command: gpg --status-fd=2 -bsau 0AF6757E3DEA0025
and then it launches the GTK pinentry prompt, after I cancel entering the password i get a
Code: [Select]
error: gpg failed to sign the data
fatal: failed to write commit objec

hence, the end conclusion is that pam-gnupg for some reason does not unlock my key on login, but does unlock it as soon as i prompt mutt wizard, and then all other gnupg / gpg-agent related operations continue as normal, but having to sync my mail upon login just to unlock my key, sounds like a tedious task :D

following further on that stackoverflow post, changing the gpg program from gpg to gpg2, and backwards, does not solve the issue
while runnining
Code: [Select]
echo "test" | gpg --clearsign
opens the GTK pinentry prompt, and succesfully signs the message ... a fter running
Code: [Select]
echo "test | gpg -clearsign
running
Code: [Select]
git log --show-signature -1
as suggested in the stackoverflow post, gives me a
Code: [Select]
[commit 81aeb6571eac59851493bf0fee5846639b54b07c (HEAD -> master)
gpg: Signature made Sat 09 Oct 2021 12:55:41 PM CEST
gpg:                using RSA key E97D4DF9B44DF03C5B6689FD8CCA9FC7BC1BBF96
gpg: Can't check signature: No public key
Author: KronikPillow <kronikpillow@xxxxxxxx>
Date:   Sat Oct 9 12:55:41 2021 +0200

    test

output of
Code: [Select]
echo $GPG_TTY
tty
is
Code: [Select]
tty
/dev/tty1
/dev/pts/1

Re: can't sign commits with gpg

Reply #6
output of
Code: [Select]
echo $GPG_TTY
tty
is
Code: [Select]
tty
/dev/tty1
/dev/pts/1
This could be the problem. You need to add
Code: [Select]
export GPG_TTY=$(tty)
to your initialization file (~/.bashrc for bash).

Edit: This is described in the manual, on the website which I suggested above:
https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html#Invoking-GPG_002dAGENT
 and also available as a man page (man gpg-agent).

You can inspect what the mutt-wizard is doing exactly, it is just a shell script. It calls mailsync, which is another shell script:
Code: [Select]
less $(which mw)
less $(which mailsync)

Re: can't sign commits with gpg

Reply #7
I already have export GPG_TTY=$(tty) in my .zprofile

Code: [Select]
#!/bin/zsh

# profile file. Runs on login. Environmental variables are set here.

# Adds `~/.local/bin` to $PATH
typeset -U path
path+=(~/.local/bin{,/**/*(N/)} "$path[@]")

unsetopt PROMPT_SP

# Default programs:
export EDITOR="nvim"
export TERMINAL="alacritty"
export BROWSER="brave"

# ~/ Clean-up:
export XDG_CONFIG_HOME="$HOME/.config"
export XDG_DATA_HOME="$HOME/.local/share"
export XDG_CACHE_HOME="$HOME/.cache"
export XINITRC="${XDG_CONFIG_HOME:-$HOME/.config}/x11/xinitrc"
#export XAUTHORITY="$XDG_RUNTIME_DIR/Xauthority" # This line will break some DMs.
export NOTMUCH_CONFIG="${XDG_CONFIG_HOME:-$HOME/.config}/notmuch-config"
export GTK2_RC_FILES="${XDG_CONFIG_HOME:-$HOME/.config}/gtk-2.0/gtkrc-2.0"
export LESSHISTFILE="-"
export WGETRC="${XDG_CONFIG_HOME:-$HOME/.config}/wget/wgetrc"
export INPUTRC="${XDG_CONFIG_HOME:-$HOME/.config}/shell/inputrc"
export ZDOTDIR="${XDG_CONFIG_HOME:-$HOME/.config}/zsh"
#export ALSA_CONFIG_PATH="$XDG_CONFIG_HOME/alsa/asoundrc"
#export GNUPGHOME="${XDG_DATA_HOME:-$HOME/.local/share}/gnupg"
export WINEPREFIX="${XDG_DATA_HOME:-$HOME/.local/share}/wineprefixes/default"
export KODI_DATA="${XDG_DATA_HOME:-$HOME/.local/share}/kodi"
export PASSWORD_STORE_DIR="${XDG_DATA_HOME:-$HOME/.local/share}/password-store"
export TMUX_TMPDIR="$XDG_RUNTIME_DIR"
export ANDROID_SDK_HOME="${XDG_CONFIG_HOME:-$HOME/.config}/android"
export CARGO_HOME="${XDG_DATA_HOME:-$HOME/.local/share}/cargo"
export GOPATH="${XDG_DATA_HOME:-$HOME/.local/share}/go"
export ANSIBLE_CONFIG="${XDG_CONFIG_HOME:-$HOME/.config}/ansible/ansible.cfg"
export UNISON="${XDG_DATA_HOME:-$HOME/.local/share}/unison"
# export HISTFILE="${XDG_DATA_HOME:-$HOME/.local/share}/history"
export WEECHAT_HOME="${XDG_CONFIG_HOME:-$HOME/.config}/weechat"
export MBSYNCRC="${XDG_CONFIG_HOME:-$HOME/.config}/mbsync/config"
export ELECTRUMDIR="${XDG_DATA_HOME:-$HOME/.local/share}/electrum"

# Other program settings:
export SUDO_ASKPASS="$HOME/.local/bin/dmenupass"
export FZF_DEFAULT_OPTS="--layout=reverse --height 40%"
export LESS=-R
export LESS_TERMCAP_mb="$(printf '%b' '')"
export LESS_TERMCAP_md="$(printf '%b' '')"
export LESS_TERMCAP_me="$(printf '%b' '')"
export LESS_TERMCAP_so="$(printf '%b' '')"
export LESS_TERMCAP_se="$(printf '%b' '')"
export LESS_TERMCAP_us="$(printf '%b' '')"
export LESS_TERMCAP_ue="$(printf '%b' '')"
export LESSOPEN="| /usr/bin/highlight -O ansi %s 2>/dev/null"
export QT_QPA_PLATFORMTHEME="gtk2" # Have QT use gtk2 theme.
export MOZ_USE_XINPUT2="1" # Mozilla smooth scrolling/touchpads.
export AWT_TOOLKIT="MToolkit wmname LG3D" #May have to install wmname
export _JAVA_AWT_WM_NONREPARENTING=1 # Fix for Java applications in dwm
export XCURSOR_THEME="Bibata-Original-Classic"
export GPG_TTY=$(tty)

# This is the list for lf icons:
export LF_ICONS="di=📁:\
fi=📃:\
tw=🤝:\
ow=📂:\
ln=⛓:\
or=❌:\
ex=🎯:\
*.txt=✍:\
*.mom=✍:\
*.me=✍:\
*.ms=✍:\
*.png=🖼:\
*.webp=🖼:\
*.ico=🖼:\
*.jpg=📸:\
*.jpe=📸:\
*.jpeg=📸:\
*.gif=🖼:\
*.svg=🗺:\
*.tif=🖼:\
*.tiff=🖼:\
*.xcf=🖌:\
*.html=🌎:\
*.xml=📰:\
*.gpg=🔒:\
*.css=🎨:\
*.pdf=📚:\
*.djvu=📚:\
*.epub=📚:\
*.csv=📓:\
*.xlsx=📓:\
*.tex=📜:\
*.md=📘:\
*.r=📊:\
*.R=📊:\
*.rmd=📊:\
*.Rmd=📊:\
*.m=📊:\
*.mp3=🎵:\
*.opus=🎵:\
*.ogg=🎵:\
*.m4a=🎵:\
*.flac=🎼:\
*.wav=🎼:\
*.mkv=🎥:\
*.mp4=🎥:\
*.webm=🎥:\
*.mpeg=🎥:\
*.avi=🎥:\
*.mov=🎥:\
*.mpg=🎥:\
*.wmv=🎥:\
*.m4b=🎥:\
*.flv=🎥:\
*.zip=📦:\
*.rar=📦:\
*.7z=📦:\
*.tar.gz=📦:\
*.z64=🎮:\
*.v64=🎮:\
*.n64=🎮:\
*.gba=🎮:\
*.nes=🎮:\
*.gdi=🎮:\
*.1=ℹ:\
*.nfo=ℹ:\
*.info=ℹ:\
*.log=📙:\
*.iso=📀:\
*.img=📀:\
*.bib=🎓:\
*.ged=👪:\
*.part=💔:\
*.torrent=🔽:\
*.jar=♨:\
*.java=♨:\
"

[ ! -f ${XDG_CONFIG_HOME:-$HOME/.config}/shell/shortcutrc ] && shortcuts >/dev/null 2>&1 &

if pacman -Qs libxft-bgra >/dev/null 2>&1; then
# Start graphical server on user's current tty if not already running.
[ "$(tty)" = "/dev/tty1" ] && ! pidof -s Xorg >/dev/null 2>&1 && exec startx "$XINITRC"
else
echo "\033[31mIMPORTANT\033[0m: Note that \033[32m\`libxft-bgra\`\033[0m must be installed for this build of dwm.
Please run:
\033[32myay -S libxft-bgra-git\033[0m
and replace \`libxft\`. Afterwards, you may start the graphical server by running \`startx\`."
fi

# Switch escape and caps if tty and no passwd required:
sudo -n loadkeys ${XDG_DATA_HOME:-$HOME/.local/share}/larbs/ttymaps.kmap 2>/dev/null

I don't see how inspecting mutt wizard or mailsync is relevant, this is a direct issue with Artix-suite66 and gnupg and or pam-gnupg, mutt wizard just initializes pass and unlocks the key, something that pam-gnupg should be doing upon login so that i would not be asked for a password prompt, note the gpg key password is the same as my login password ... like i said, this exact same setup of all my dotfiles works perfectly fine on Arch, I do not have to unlock my GPG key manually, pam-gnupg does it ... and it seems to work on Artix-runit, but not on Artix-suite66

mutt wizard is a very long script but here it is
less $(which mw)
Code: [Select]
#!/bin/sh

prefix="/usr"
maildir="${XDG_DATA_HOME:-$HOME/.local/share}/mail"
muttshare="$prefix/share/mutt-wizard"
cachedir="${XDG_CACHE_HOME:-$HOME/.cache}/mutt-wizard"
muttrc="${XDG_CONFIG_HOME:-$HOME/.config}/mutt/muttrc"
accdir="${XDG_CONFIG_HOME:-$HOME/.config}/mutt/accounts"
msmtprc="${XDG_CONFIG_HOME:-$HOME/.config}/msmtp/config"
msmtplog="${XDG_CONFIG_HOME:-$HOME/.config}/msmtp/msmtp.log"
mbsyncrc="${MBSYNCRC:-$HOME/.mbsyncrc}"
mpoprc="${XDG_CONFIG_HOME:-$HOME/.config}/mpop/config"
alias mbsync='mbsync -c "$mbsyncrc"'

# On Ubuntu/Debian, a link is needed since they use an older version.
if command -V apt-get >/dev/null 2>&1; then
ln -s "$msmtprc" "$HOME/.msmtprc" 2>/dev/null
master="Master"
slave="Slave"
fi

for x in "/etc/ssl/certs/ca-certificates.crt" \
"/etc/pki/tls/certs/ca-bundle.crt" "/etc/ssl/cert.pem" \
"/etc/ssl/ca-bundle.pem" "/etc/pki/tls/cacert.pem" \
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" \
"/usr/share/ca-certificates/"; do
[ -f "$x" ] && sslcert="$x" && break
done || { echo "CA Certificate not found. Please install one or link it to /etc/ssl/certs/ca-certificates.crt" && exit 1 ;}

checkbasics() { command -V gpg >/dev/null 2>&1 && GPG="gpg" || GPG="gpg2"
PASSWORD_STORE_DIR="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
[ -r "$PASSWORD_STORE_DIR/.gpg-id" ] || {
echo "First run \`pass init <yourgpgemail>\` to set up a password archive."
echo "(If you don't already have a GPG key pair, first run \`$GPG --full-generate-key\`.)"
       exit 1 ;} ;}

getaccounts() { accounts="$(find -L "$accdir" -type f 2>/dev/null | grep -o "[0-9]-.*.muttrc" | sed "s/-/: /;s/\.muttrc$//" | sort -n)" ;}

list() { getaccounts && [ -n "$accounts" ] && echo "$accounts" || exit 1 ;}

prepmsmtp() { echo "account $fulladdr
host $smtp
port ${sport:-587}
from $fulladdr
user $login
passwordeval \"pass $fulladdr\"
auth ${auth:-on}
tls on
tls_trust_file $sslcert
logfile $msmtplog
$tlsline
" >> "$msmtprc"
}

prepmbsync() { mkdir -p "${mbsyncrc%/*}"
echo "
IMAPStore $fulladdr-remote
Host $imap
Port ${iport:-993}
User $login
PassCmd \"pass $fulladdr\"
AuthMechs LOGIN
SSLType ${imapssl:-IMAPS}
CertificateFile $sslcert

MaildirStore $fulladdr-local
Subfolders Verbatim
Path ${XDG_DATA_HOME:-$HOME/.local/share}/mail/$fulladdr/
Inbox ${XDG_DATA_HOME:-$HOME/.local/share}/mail/$fulladdr/${inbox:-INBOX}

Channel $fulladdr
Expunge Both
${master:-Far} :$fulladdr-remote:
${slave:-Near} :$fulladdr-local:
Patterns * !\"[Gmail]/All Mail\"
Create Both
SyncState *
MaxMessages ${maxmes:-0}
ExpireUnread no
# End profile
" >> "$mbsyncrc" ;}

prepmpop() { mkdir -p "${mpoprc%/*}"
echo "
account $fulladdr
tls on
user $login
host $imap
delivery maildir ${XDG_DATA_HOME:-$HOME/.local/share}/mail/$fulladdr/${inbox:-INBOX}
passwordeval pass $fulladdr
" >> "$mpoprc" ;}

prepmutt() { echo "# vim: filetype=neomuttrc
# muttrc file for account $fulladdr
set realname = \"$realname\"
set from = \"$fulladdr\"
set sendmail = \"msmtp -a $fulladdr\"
alias me $realname <$fulladdr>
set folder = \"$folder\"
set header_cache = $cachedir/$fulladdr/headers
set message_cachedir = $cachedir/$fulladdr/bodies
set mbox_type = Maildir
set hostname = \"$hostname\"
$extra

bind index,pager gg noop
bind index,pager g noop
bind index,pager M noop
bind index,pager C noop
bind index gg first-entry
unmailboxes *
unalternates *
unset signature
$synccmd
" > "$accdir/$idnum-$fulladdr.muttrc"

[ ! -f "$muttrc" ] && echo "# vim: filetype=neomuttrc" > "$muttrc"
! grep -q "^source.*mutt-wizard.muttrc" "$muttrc" && echo "source $muttshare/mutt-wizard.muttrc" >> "$muttrc"
! grep "^source.*.muttrc" "$muttrc" | grep -qv "$muttshare/mutt-wizard.muttrc" && echo "source $accdir/$idnum-$fulladdr.muttrc" >> "$muttrc"
echo "macro index,pager i$idnum '<sync-mailbox><enter-command>source $accdir/$idnum-$fulladdr.muttrc<enter><change-folder>!<enter>;<check-stats>' \"switch to $fulladdr\"" >> "$muttrc"
}

getprofiles() { \
mkdir -p "${muttrc%/*}" "$accdir" "${XDG_CONFIG_HOME:-$HOME/.config}/msmtp"
unset msmtp_header msmtp_profile mutt_profile mbsync_profile
case "$iport" in
1143) imapssl=None ;;
143) imapssl=STARTTLS ;;
esac
case "$type" in
online) folder="imaps://$login@$imap:${iport:-993}"
extra="set imap_user = \"$login\"
set imap_pass = \"\`pass $fulladdr\`\"
set ssl_starttls = yes
set ssl_force_tls = yes"
;;
pop) synccmd="macro index o \"<shell-escape>mpop $fulladdr<enter>\" \"run mpop to get $fulladdr's mail\""
folder="$maildir/$fulladdr"
prepmpop ;;
*) synccmd="macro index o \"<shell-escape>mbsync $fulladdr<enter>\" \"run mbsync to sync $fulladdr\""
folder="$maildir/$fulladdr"
prepmbsync ;;
esac
prepmsmtp
prepmutt

prepnotmuch # Create a notmuch config file if not present already.
}

parsedomains(){ serverinfo="$(grep "^${fulladdr#*@}" "$muttshare/domains.csv" 2>/dev/null)"

[ -z "$serverinfo" ] && serverinfo="$(grep "$(echo "${fulladdr#*@}" | sed "s/\.[^\.]*$/\.\\\*/")" "$muttshare/domains.csv" 2>/dev/null)"

IFS=, read -r service imapsugg iportsugg smtpsugg sportsugg <<EOF
$serverinfo
EOF
imap="${imap:-$imapsugg}"
smtp="${smtp:-$smtpsugg}"
sport="${sport:-$sportsugg}"
iport="${iport:-$iportsugg}"
}

delete() { if [ -z "${fulladdr+x}" ]; then
echo "Select the account you would like to delete (by number):"
list || exit 1
read -r input
match="^$input:"
else
match=" $fulladdr$"
getaccounts
fi

fulladdr="$(echo "$accounts" | grep "$match" | cut -f2 -d' ')"

[ -z "$fulladdr" ] && echo "$fulladdr is not a valid account name." && return 1

sed -ibu "/IMAPStore $fulladdr-remote$/,/# End profile/d" "$mbsyncrc" 2>/dev/null ; rm -f "$mbsyncrc"bu
rm -rf "${cachedir:?}/${fulladdr:?}" "$accdir/"[1-9]"-$fulladdr.muttrc"
sed -ibu "/[0-9]-$fulladdr.muttrc/d" "$muttrc" 2>/dev/null; rm -f "$muttrc"bu
sed -ibu "/account $fulladdr$/,/^\(\s*$\|account\)/d" "$msmtprc" 2>/dev/null; rm -f "$msmtprc"bu
sed -ibu "/account $fulladdr$/,/^\(\s*$\|account\)/d" "$mpoprc" 2>/dev/null; rm -f "$mpoprc"bu
pass rm -f "$fulladdr" >/dev/null 2>&1
[ -n "${purge+x}" ] && rm -rf "${maildir:?}/${fulladdr:?}"

for file in "$msmtprc" "$mbsyncrc" "$mpoprc"; do
sed -ibu 'N;/^\n$/D;P;D;' "$file" 2>/dev/null; rm -f "$file"bu
done
}

askinfo() { \
[ -z "$fulladdr" ] && echo "Give the full email address to add:" &&
read -r fulladdr
while ! echo "$fulladdr" | grep -qE "^.+@.+\.[A-Za-z]+$"; do
echo "$fulladdr is not a valid email address. Please retype the address:"
read -r fulladdr
done
getaccounts; echo "$accounts" | grep -q "\s$fulladdr$" 2>/dev/null &&
{ echo "$fulladdr has already been added" && exit 1 ;}
{ [ -z "$imap" ] || [ -z "$smtp" ] ;} && parsedomains
[ -z "$imap" ] && echo "Give your email server's IMAP address (excluding the port number):" &&
read -r imap
[ -z "$smtp" ] && echo "Give your email server's SMTP address (excluding the port number):" &&
read -r smtp
[ "$sport" = 465 ] && tlsline="tls_starttls off"
[ -z "$realname" ] && realname="${fulladdr%%@*}"
hostname="$(echo "$fulladdr" | cut -d @ -f 2)"
login="${login:-$fulladdr}"
if [ -n "${password+x}" ]; then
createpass
else
getpass
fi
}

createpass() { echo "$password" > "$PASSWORD_STORE_DIR/$fulladdr"
  "$GPG" -qe $(printf -- " -r %s" $(cat "$PASSWORD_STORE_DIR/.gpg-id")) "$PASSWORD_STORE_DIR/$fulladdr"
rm -f "$PASSWORD_STORE_DIR/$fulladdr" ;}

getpass() { while : ; do pass rm -f "$fulladdr" >/dev/null 2>&1
pass insert -f "$fulladdr" && break; done ;}

formatShortcut() { toappend="$toappend
macro index,pager g$1 \"<change-folder>=$3<enter>\" \"go to $2\"
macro index,pager M$1 \";<save-message>=$3<enter>\" \"move mail to $2\"
macro index,pager C$1 \";<copy-message>=$3<enter>\" \"copy mail to $2\"" ;}

setBox() { toappend="$toappend
set $1 = \"+$2\"" ;}

getboxes() { if [ -n "${force+x}" ] ; then
mailboxes="$(printf "INBOX\\nDrafts\\nJunk\\nTrash\\nSent\\nArchive")"
else
info="$(curl --location-trusted -s -m 5 --user "$login:$(pass "$fulladdr")" --url "${protocol:-imaps}://$imap:${iport:-993}")"
[ -z "$info" ] && echo "Log-on not successful." && return 1
mailboxes="$(echo "$info" | grep -v HasChildren | sed "s/.*\" //;s/\"//g" | tr -d '
')"
fi
[ "$type" = "pop" ] && mailboxes="INBOX"
getaccounts; for x in $(seq 1 9); do echo "$accounts" | grep -q "^$x:" || { export idnum="$x"; break ;}; done
toappend="mailboxes $(echo "$mailboxes" | sed "s/^/\"=/;s/$/\"/" | paste -sd ' ' - )"
IFS='
'
for x in $mailboxes; do
case "$x" in
*[Ss][Ee][Nn][Tt]*) setBox record "$x"; formatShortcut s sent "$x" ;;
*[Dd][Rr][Aa][Ff][Tt][Ss]*) setBox postponed "$x"; formatShortcut d drafts "$x" ;;
*[Tt][Rr][Aa][Ss][Hh]*) formatShortcut t trash "$x"; setBox trash "$x" ;;
*[Jj][Uu][Nn][Kk]*) formatShortcut j junk "$x" ;;
*[Aa][Rr][Cc][Hh][Ii][Vv][Ee]*) formatShortcut a archive "$x" ;;
*[Ss][Pp][Aa][Mm]*) formatShortcut S spam "$x" ;;
*[Ii][Nn][Bb][Oo][Xx]) formatShortcut i inbox "$x"; setBox spoolfile "$x" inbox="$x" ;;
esac
done
unset IFS
}

finalize() { echo "$toappend" >> "$accdir/$idnum-$fulladdr.muttrc"
[ "$type" != "online" ] && echo "$mailboxes" | xargs -I {} mkdir -p "$maildir/$fulladdr/{}/cur" "$maildir/$fulladdr/{}/tmp" "$maildir/$fulladdr/{}/new"
echo "$fulladdr (account #$idnum) added successfully."
command -V urlview >/dev/null 2>&1 && [ ! -f "$HOME/.urlview" ] && echo "COMMAND \$BROWSER" > "$HOME/.urlview"
return 0 ;}

prepnotmuch() { \
[ -z "$NOTMUCH_CONFIG" ] && NOTMUCH_CONFIG="$HOME/.notmuch-config"
[ -f "$NOTMUCH_CONFIG" ] && return 0
nmbasic="[database]
path=$maildir
[user]
name=$realname
primary_email=$fulladdr
[new]
tags=unread;inbox;
ignore=.mbsyncstate;.uidvalidity
[search]
exclude_tags=deleted;spam;
[maildir]
synchronize_flags=true
[crypto]
gpg_path=$GPG"
echo "$nmbasic" > "$NOTMUCH_CONFIG" ;}

togglecron() { cron="$(mktemp)"
crontab -l > "$cron"
if grep -q mailsync "$cron"; then
echo "Removing automatic mailsync..."
sed -ibu /mailsync/d "$cron"; rm -f "$cron"bu
else
echo "Adding automatic mailsync every ${cronmin:-10} minutes..."
echo "*/${cronmin-10} * * * * $prefix/bin/mailsync" >> "$cron"
fi &&
crontab "$cron"; rm -f "$cron" ;}

setact() { if [ -n "${action+x}" ] && [ "$action" != "$1" ]; then
echo "Running $1 with $action..."
echo "Incompatible options given. Only one action may be specified per run."
return 1
else
action="$1"
fi; }

mwinfo() { cat << EOF
mw: mutt-wizard, auto-configure email accounts for mutt
including downloadable mail with \`isync\`.

Main actions:
  -a [email protected] Add an email address
  -l List email addresses configured
  -d Remove an already added address
  -D [email protected] Force remove account without confirmation
  -y [email protected] Sync mail for account by name
  -Y Sync mail for all accounts
  -t number Toggle automatic mailsync every <number> minutes
  -T Toggle automatic mailsync

Options allowed with -a:
  -u Account login name if not full address
  -n "Real name" to be on the email account
  -i IMAP/POP server address
  -I IMAP/POP server port
  -s SMTP server address
  -S SMTP server port
  -x Password for account (recommended to be in double quotes)
  -p Install for a Protonmail account.
  -P Add for a POP server instead of IMAP.
  -X Delete an account's local email too when deleting.
  -o Configure address, but keep mail online.
  -f Assume typical English mailboxes without attempting log-on.

NOTE: Once at least one account is added, you can run
\`mbsync -a\` to begin downloading mail.

To change an account's password, run \`pass edit [email protected]\`.
EOF
}

while getopts "fpPXlhodTYD:y:i:I:s:S:u:a:n:x:m:t:" o; do case "${o}" in
l) setact list || exit 1 ;;
d) setact delete || exit 1 ;;
D) setact delete || exit 1 ; fulladdr="$OPTARG" ;;
y) setact sync || exit 1 ; fulladdr="$OPTARG" ;;
Y) setact sync || exit 1 ;;
a) setact add || exit 1 ; fulladdr="$OPTARG" ;;
i) setact add || exit 1 ; imap="$OPTARG" ;;
I) setact add || exit 1 ; iport="$OPTARG" ;;
s) setact add || exit 1 ; smtp="$OPTARG" ;;
S) setact add || exit 1 ; sport="$OPTARG" ;;
u) setact add || exit 1 ; login="$OPTARG" ;;
n) setact add || exit 1 ; realname="$OPTARG" ;;
m) setact add || exit 1 ; maxmes="$OPTARG" ;;
o) setact add || exit 1 ; type="online" ;;
P) setact add || exit 1 ; type="pop"; protocol="pop3s" ; iport="${iport:-995}" ;;
f) setact add || exit 1 ; force=True ;;
x) setact add || exit 1 ; password="$OPTARG" ;;
X) setact delete || exit 1 ; purge=True ;;
t) setact toggle || exit 1 ; cronmin="$OPTARG" ;;
T) setact toggle || exit 1 ;;
p) echo "NOTE: Protonmail users must install and configure Protonmail Bridge first for the first sync to work."
protocol="imap"
imap="127.0.0.1"
iport="1143"
smtp="127.0.0.1"
sport="1025"
auth="login"
  tlsline="tls_fingerprint $(msmtp --serverinfo --host=$smtp --port=$sport --tls --tls-certcheck=off | awk '/SHA256:/ {print $2}')"
setact add || exit 1
;;
*) mwinfo;  exit 1 ;;
esac done

case "$action" in
list) list ;;
add) checkbasics && askinfo && getboxes && getprofiles && finalize ;;
delete) delete ;;
sync) mailsync $fulladdr ;;
toggle) togglecron ;;
*) mwinfo; exit 1 ;;
esac

less $which(mailsync)
Code: [Select]
#!/bin/sh

# - Syncs mail for all accounts, or a single account given as an argument.
# - Displays a notification showing the number of new mails.
# - Displays a notification for each new mail with its subject displayed.
# - Runs notmuch to index new mail.
# - This script can be set up as a cron job for automated mail syncing.

# There are many arbitrary and ugly features in this script because it is
# inherently difficult to pass environmental variables to cronjobs and other
# issues. It also should at least be compatible with Linux (and maybe BSD) with
# Xorg and MacOS as well.

# Run only if user logged in (prevent cron errors)
pgrep -u "${USER:=$LOGNAME}" >/dev/null || { echo "$USER not logged in; sync will not run."; exit ;}
# Run only if not already running in other instance
pidof mbsync >/dev/null && { echo "mbsync is already running."; exit ;}

# First, we have to get the right variables for the mbsync file, the pass
# archive, notmuch and the GPG home.  This is done by searching common profile
# files for variable assignments. This is ugly, but there are few options that
# will work on the maximum number of machines.
eval "$(grep -h -- \
"^\s*\(export \)\?\(MBSYNCRC\|PASSWORD_STORE_DIR\|NOTMUCH_CONFIG\|GNUPGHOME\)=" \
"$HOME/.profile" "$HOME/.bash_profile" "$HOME/.zprofile"  "$HOME/.config/zsh/.zprofile" "$HOME/.zshenv" \
"$HOME/.bashrc" "$HOME/.zshrc" "$HOME/.config/zsh/.zshrc" "$HOME/.pam_environment" 2>/dev/null)"

export GPG_TTY=$TTY

[ -n "$MBSYNCRC" ] && alias mbsync="mbsync -c $MBSYNCRC" || MBSYNCRC="$HOME/.mbsyncrc"

# Settings are different for MacOS (Darwin) systems.
case "$(uname)" in
Darwin)
notify() { osascript -e "display notification \"$2 in $1\" with title \"You've got Mail\" subtitle \"Account: $account\"" && sleep 2 ;}
messageinfo() { osascript -e "display notification with title \"📧 $from\" subtitle \"$subject\"" ;}
;;
*)
case "$(readlink -f /sbin/init)" in
*systemd*) export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$(id -u)/bus ;;
esac
# remember if a display server is running since `ps` doesn't always contain a display
pgrepoutput="$(pgrep -a X\(org\|wayland\))"
displays="$(echo "$pgrepoutput" | grep -wo "[0-9]*:[0-9]\+" | sort -u)"
notify() { [ -n "$pgrepoutput" ] && for x in ${displays:-0:}; do
export DISPLAY=$x
notify-send --app-name="mutt-wizard" "mutt-wizard" "📬 $2 new mail(s) in \`$1\` account."
done ;}
messageinfo() { [ -n "$pgrepoutput" ] && for x in ${displays:-0:}; do
export DISPLAY=$x
notify-send --app-name="mutt-wizard" "📧$from:" "$subject"
done ;}
;;
esac

# Check account for new mail. Notify if there is new content.
syncandnotify() {
    acc="$(echo "$account" | sed "s/.*\///")"
    if [ -z "$opts" ]; then mbsync "$acc"; else mbsync "$opts" "$acc"; fi
    new=$(find "$HOME/.local/share/mail/$acc/INBOX/new/" "$HOME/.local/share/mail/$acc/Inbox/new/" "$HOME/.local/share/mail/$acc/inbox/new/" -type f -newer "${XDG_CONFIG_HOME:-$HOME/.config}/mutt/.mailsynclastrun" 2> /dev/null)
    newcount=$(echo "$new" | sed '/^\s*$/d' | wc -l)
    case 1 in
$((newcount > 5)) ) notify "$acc" "$newcount" ;;
    $((newcount > 0)) ) for file in $new; do
    # Extract subject and sender from mail.
    from=$(awk '/^From: / && ++n ==1,/^\<.*\>:/' "$file" | perl -CS -MEncode -ne 'print decode("MIME-Header", $_)' | awk '{ $1=""; if (NF>=3)$NF=""; print $0 }' | sed 's/^[[:blank:]]*[\"'\''\<]*//;s/[\"'\''\>]*[[:blank:]]*$//')
    subject=$(awk '/^Subject: / && ++n == 1,/^\<.*\>: / && ++i == 2' "$file" | head -n 1 | perl -CS -MEncode -ne 'print decode("MIME-Header", $_)' | sed 's/^Subject: //' | sed 's/^{[[:blank:]]*[\"'\''\<]*//;s/[\"'\''\>]*[[:blank:]]*$//' | tr -d '\n')
    messageinfo &
done ;;
    esac
}

# Sync accounts passed as argument or all.
if [ "$#" -eq "0" ]; then
    accounts="$(awk '/^Channel/ {print $2}' "$MBSYNCRC")"
else
    for arg in "$@"; do
        [ "${arg%${arg#?}}" = '-' ] && opts="${opts:+${opts} }${arg}" && shift 1
    done
    accounts=$*
fi

# Parallelize multiple accounts
for account in $accounts; do
    syncandnotify &
done

wait

notmuch new 2>/dev/null

#Create a touch file that indicates the time of the last run of mailsync
touch "${XDG_CONFIG_HOME:-$HOME/.config}/mutt/.mailsynclastrun"

Re: can't sign commits with gpg

Reply #8
This has nothing to do with suite66. I'm using latest suite66 myself and I can sign git commits without any problems. It is a matter of misconfiguration on your part.

I didn't ask to include those scripts. The commands were there for you to inspect those scripts and try to arrive to the conclusion what is preventing git from activating gpg correctly.

Your profile is likely not sourced correctly, or at correct times by your setup (DE/WM/terminal emulator), as evident from the different output of echo $GPG_TTY and tty. Those need to match. The script mailsync goes around this by exporting the GPG_TTY variable before calling mbsync.

Re: can't sign commits with gpg

Reply #9
I am not a developer, or a programmer of any sorts, just a regular everyday user who's been living in Arch for the past 4-5 years, and have mediocre knowledge, I do understand code to some point, but not enough to be able to conclude myself what is preventing git from unlocking my GPG key via inspecting the mutt wizard scripts, while again, I repeat, my complete dotfiles were unmodified until this thread and your suggestions started, and the original setup from the first post, was working completely fine on Arch, I'v went trough my btrfs snapshots of my Arch system and verified that everything is identical as my Arch setup, it is, except that in Arch, i did not have a  /dev/pts/1 when verifying the export GPG_TTY command's output, what is /dev/pts/1 and where is it coming from?

Re: can't sign commits with gpg

Reply #10
I mean i am learning code, but still a beginner

I'v just placed

GPG_TTY=$(tty)
export GPG_TTY

at the top of my .zshrc instead of .zprofile due to a suggestion on this post because i use the starship prompt and it's located at the bottom of my .zshrc

output of command
echo $GPG_TTY
tty

is now

Code: [Select]
/dev/pts/1
/dev/pts/1

they are not identical, but when trying to do a git commit, git still prompts me for my GPG password, aka git still doesn't unlock it

Re: can't sign commits with gpg

Reply #11
Can gpg list your keys now?
Code: [Select]
gpg --list-keys --fingerprint [your_email]
If so, does this work?
Code: [Select]
pkill gpg-agent
gpg --clearsign --default-key [key_fingerprint] <<EOT
Test... Enter your key password when asked after EOT
EOT
gpg --clearsign --default-key [key_fingerprint] <<EOT
Test... Should not ask again for password
EOT

Re: can't sign commits with gpg

Reply #12
Code: [Select]
 gpg --list-keys --fingerprint [email retracted]
pub   rsa4096 2021-10-09 [SC]
      2E0C C697 84FA 46A2 6BCF  8B26 0AF6 757E 3DEA 0025
uid           [ultimate] Dejan Kutle <email retracted>
sub   rsa4096 2021-10-09 [E]

❯ gpg --clearsign --default-key 3DEA0025 <<EOT
Test... Enter your key password when asked after EOT
EOT
gpg: using "3DEA0025" as default secret key for signing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Test... Enter your key password when asked after EOT
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

still, upon login, pam-gnupg is not unlocking my gpg key, while after i run mutt wizard sync, it gets unlocked ... I am totally confused about why this is happening ...

another thing I'd like to note ... on Arch when using
# Configure pinentry to use the correct TTY
Code: [Select]
GPG_TTY=$(tty)
export GPG_TTY
gpg-connect-agent updatestartuptty /bye >/dev/null 2>&1 &
on .zprofile or .zshenv, everything works fine, but on Artix, for some reason if i use it in .zshenv and .zprofile the
Code: [Select]
echo $GPG_TTY
tty
gives me a
Code: [Select]
tty
/dev/tty1
/dev/pts/1
while if i use
Code: [Select]
GPG_TTY=$(tty)
export GPG_TTY
gpg-connect-agent updatestartuptty /bye >/dev/null 2>&1 &
on .zshrc or .zlogin it gives me a
Code: [Select]
/dev/pts/1
/dev/pts/1
one thing i remember, when i was using Arch was that
Code: [Select]
echo $GPG_TTY
tty
gave me a output of
Code: [Select]
/dev/tty/1
/dev/tty/1
not a pts/1 ... is it possible that i need to edit something in the suite66 environment regarding the tty's? by editing 66-env -t boot boot@system

Re: can't sign commits with gpg

Reply #13
You wrote this:
output of command
echo $GPG_TTY
tty

is now

Code: [Select]
/dev/pts/1
/dev/pts/1

they are not identical, but when trying to do a git commit, git still prompts me for my GPG password, aka git still doesn't unlock it
I assume the "not identical" is a typo and it should read "now identical", because those two lines:
Code: [Select]
/dev/pts/1
/dev/pts/1
are identical. Therefore, I asked you to repeat the commands I listed, since now setting GPG_TTY works on your side.

But now, you write:
on Artix, for some reason if i use it in .zshenv and .zprofile the
Code: [Select]
echo $GPG_TTY
tty
gives me a
Code: [Select]
tty
/dev/tty1
/dev/pts/1
So which one is true? Is the output of echo $GPG_TTY and tty identical? If not, this is the cause of the issue from this thread. If it is, the commands I asked you to check should work. I don't use zsh, so I can't help you. With mksh, which I'm using, and bash, everything works perfectly. Perhaps don't use zsh if you don't know exactly how it works and interacts with other programs?

Related: https://github.com/keybase/keybase-issues/issues/2798

Re: can't sign commits with gpg

Reply #14
I know how ZSH works, the order of the files loading in a interactive login is
/etc/zshenv
~/.zshenv
/etc/zprofile
~/.zprofile
/etc/zshrc
~/.zshrc
/etc/zlogin
~/.zlogin
~/.zlogout
/etc/zlogout

while on a non interactive login
/etc/zshenv
~/.zshenv
/etc/zshrc
~/.zshrc

while scripts only read
/etc/zshenv
~/.zshenv

... I feel like I'm  being trolled by you while I'm asking for your help as I really want to give Artix a try and learn a new init system... you don't have to be rude about the fact that your not paying attention to what I'v written to you, if your intent is to be rude about it I'll go ask for help elsewhere or I'll just uninstall Artix and be on my way back to Arch as on Arch this problem does not happen even when i use export GPG_TTY=$(tty) in .zprofile

if you re-read my previous post I'v told you that on Artix, if
Code: [Select]
GPG_TTY=$(tty)
export GPG_TTY
is located in .zprofile the
Code: [Select]
echo $GPG_TTY
tty
gives me a output where the tty's do not match for what ever reason, because it should, as .zprofile is loaded every time in a interactive login

while if i use it in .zshrc or .zlogin which are basically at the end of the zsh load order, it gives me a matching tty, but that
Code: [Select]
gpg --list-keys --fingerprint [email retracted]
pub   rsa4096 2021-10-09 [SC]
      2E0C C697 84FA 46A2 6BCF  8B26 0AF6 757E 3DEA 0025
uid           [ultimate] Dejan Kutle <email retracted>
sub   rsa4096 2021-10-09 [E]
gives me a
Code: [Select]
❯ gpg --clearsign --default-key 3DEA0025 <<EOT
Test... Enter your key password when asked after EOT
EOT
gpg: using "3DEA0025" as default secret key for signing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Test... Enter your key password when asked after EOT
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

still does not work even thou the tty's match, you can clearly see that it says
Code: [Select]
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

... so to be clear, this last piece of code, where it says inappropriate ioctl for device is with matching tty output of echo $GPG_TTY ... then later i have moved it back to .zprofile to see why when used in .zprofile it gives me a non matching output because this link suggests that the export $GPG_TTY command should be located at the top of .zshrc before anything else is loaded in .zshrc, so placing it in .zprofile should work as .zprofile is sourced before .zshrc is, and on Arch it does work and gives me a matching tty, except that the output of echo $GPG_TTY on Arch is not /dev/pts/1 /dev/pts/1 it is /dev/tty1 /dev/tty1 ...

so, despite everything, even when using a setup that gives me a matching tty the end result is that git still does not unlock my GPG key, and it gives me a
Code: [Select]
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device
  ...

please do not be rude with elitist attitude and suggest things like that I shouldn't use ZSH and similar things if i don't know how to use it or how it works as that's simply not true... I have taken steps out of annoyance, and installed Arch on my 2nd hard disk, replicated this exact same setup from my first post, and with all other variants and suggestions that were made by you, in all variants, on Arch, my GPG key gets unlocked on login, and by git, and everything works fine .. this is a problem with either artix and pam-gnupg, or artix and git or artix and zsh, as it seems that on artix a interactive shell is not sourcing .zprofile everytime and exporting the TTY, while it should ... despite that, even when tty's are matching, end result is the same, the keys do not get unlocked and i can't sign my commits