fix: configure GPG for non-interactive use and document RSA key requirement

Copilot · devakesu · Copilot · commit 441448474849 · 2026-02-16T18:18:38.000Z
- Add GPG agent configuration for loopback pinentry mode
- Fixes "Inappropriate ioctl for device" error in GitHub Actions
- Document that RSA 4096-bit keys should be used (not ECC Curve 25519)
- Update both GPG_SETUP.md and GPG_QUICK_START.md with key type requirements
- Add troubleshooting section for ECC key compatibility issues

Co-authored-by: devakesu &lt;61821107+devakesu@users.noreply.github.com&gt;
diff --git a/.github/workflows/auto-version-bump.yml b/.github/workflows/auto-version-bump.yml
@@ -68,6 +68,14 @@ jobs:
           git_committer_name: ${{ secrets.GPG_COMMITTER_NAME || 'GhostClass Bot' }}
           git_committer_email: ${{ secrets.GPG_COMMITTER_EMAIL || '61821107+devakesu@users.noreply.github.com' }}
 
+      - name: Configure GPG for non-interactive use
+        if: steps.repo-check.outputs.is_same_repo == 'true'
+        run: |
+          # Configure GPG to work in non-interactive mode (no TTY)
+          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          gpg-connect-agent reloadagent /bye || true
+
       - name: Setup Node.js
         uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
diff --git a/docs/GPG_QUICK_START.md b/docs/GPG_QUICK_START.md
@@ -2,13 +2,19 @@
 
 This is a quick reference for setting up GPG signing. For detailed instructions, see [GPG_SETUP.md](./GPG_SETUP.md).
 
+## ⚠️ Important: Use RSA Keys
+
+**Use RSA 4096-bit keys, NOT ECC Curve 25519!**
+
+ECC keys can cause "Inappropriate ioctl for device" errors in GitHub Actions. RSA keys are more compatible with automated CI/CD environments.
+
 ## TL;DR - Quick Setup
 
 ### 1. Generate GPG Key
 ```bash
 gpg --full-generate-key
 ```
-- Choose RSA and RSA, 4096 bits
+- Choose **RSA and RSA**, 4096 bits ⚠️ **NOT ECC/EdDSA**
 - Use email: `61821107+devakesu@users.noreply.github.com` (your GitHub no-reply email)
 - Set a strong passphrase
 
@@ -74,6 +80,11 @@ If you want to use a different email:
 - ✅ Check: You exported the PRIVATE key (not just public)
 - ✅ Check: You copied the entire key including headers/footers
 
+**Problem**: "Inappropriate ioctl for device" error
+- ✅ **Solution**: Generate a new RSA 4096-bit key (NOT ECC Curve 25519)
+- ✅ ECC keys cause compatibility issues in GitHub Actions
+- ✅ The workflow now auto-configures GPG for non-interactive use
+
 ## Need More Help?
 
 See the full guide: [docs/GPG_SETUP.md](./GPG_SETUP.md)
diff --git a/docs/GPG_SETUP.md b/docs/GPG_SETUP.md
@@ -8,6 +8,17 @@ This guide explains how to generate a GPG key and configure it for the auto-vers
 - Access to repository Settings → Secrets and variables → Actions
 - A verified email address in your GitHub account
 
+## Important: Key Type Compatibility
+
+**⚠️ Use RSA keys for best compatibility with GitHub Actions**
+
+While GitHub supports various key types (RSA, ECC/EdDSA), **RSA keys are recommended** for GitHub Actions workflows because:
+- Better compatibility with automated signing in non-interactive environments
+- Avoid "Inappropriate ioctl for device" errors common with ECC keys
+- More reliable pinentry-mode loopback support
+
+**Avoid**: ECC (Curve 25519) sign-only keys may cause signing failures in CI/CD environments.
+
 ## Step 1: Generate a GPG Key
 
 Run the following commands on your local machine:
@@ -18,7 +29,7 @@ gpg --full-generate-key
 ```
 
 When prompted:
-1. **Key type**: Select `(1) RSA and RSA (default)`
+1. **Key type**: Select `(1) RSA and RSA (default)` ⚠️ **IMPORTANT: Use RSA, not ECC**
 2. **Key size**: Enter `4096`
 3. **Key validity**: Enter `0` (key does not expire) or set an expiration
 4. **Real name**: Enter your name (e.g., "Your Name" or "GhostClass Bot")
@@ -123,6 +134,21 @@ If you want to keep your email private, you can use GitHub's no-reply email:
 - **Cause**: Incorrect passphrase in repository secrets
 - **Solution**: Double-check the GPG_PASSPHRASE secret matches your key's passphrase
 
+### "Inappropriate ioctl for device" Error
+
+- **Cause**: GPG trying to prompt for passphrase in non-interactive environment, or using incompatible key type (ECC)
+- **Solution**: 
+  1. **Use RSA keys instead of ECC** (recommended) - Generate a new RSA 4096-bit key
+  2. The workflow now automatically configures GPG for non-interactive use with loopback pinentry
+  3. If using ECC keys, consider regenerating with RSA for better CI/CD compatibility
+
+### Using ECC/EdDSA Keys (Not Recommended)
+
+If you must use ECC Curve 25519 keys:
+- Be aware of potential compatibility issues in GitHub Actions
+- The "Inappropriate ioctl for device" error is common with ECC keys
+- **Strongly recommend using RSA 4096-bit keys instead**
+
 ## Security Best Practices
 
 1. **Never share your private key**: Only add it to repository secrets, never commit it
