Skip to content

Enable pinentry mode to loopback for GPG signing

What does this MR do?

Enable pinentry mode to loopback

Why was this MR needed?

With !1606 (merged) we upgraded the base image used for CI, which included a OS version upgrade from Debian 8 to Debian 9. Debian 9 comes with gpg2 instead of v1 so things work a bit differently.

When --pinentry-mode=loopback is not passed we get errors like gpg: signing failed: Inappropriate ioctl for device due to the lack of TTY in CI.

Looking a deb package provided in https://gitlab-runner-downloads.s3.amazonaws.com/v12.3.0/index.html we can see the following:

gpg --verify out/deb/gitlab-runner_amd64.deb

gpg: Signature made Fri Sep 20 10:33:18 2019 CEST
gpg:                using RSA key 9CE45ABC880721D4
gpg: Can't check signature: No public key

With gpg2 now we can see the same thing

gpg: Signature made Wed Oct  2 15:03:55 2019 CEST
gpg:                using RSA key 30183AC2C4E23A409EFBE7059CE45ABC880721D4
gpg: Can't check signature: No public key

Does this MR meet the acceptance criteria?

  • Documentation created/updated
  • Added tests for this feature/bug
  • In case of conflicts with master - branch was rebased

What are the relevant issue numbers?

Closes #4751 (closed)

Merge request reports