Skip to content

Commit 4414484

Browse files
Copilotdevakesu
andcommitted
fix: configure GPG for non-interactive use and document RSA key requirement
- Add GPG agent configuration for loopback pinentry mode - Fixes "Inappropriate ioctl for device" error in GitHub Actions - Document that RSA 4096-bit keys should be used (not ECC Curve 25519) - Update both GPG_SETUP.md and GPG_QUICK_START.md with key type requirements - Add troubleshooting section for ECC key compatibility issues Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
1 parent d7cfe67 commit 4414484

File tree

3 files changed

+47
-2
lines changed

3 files changed

+47
-2
lines changed

.github/workflows/auto-version-bump.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,14 @@ jobs:
6868
git_committer_name: ${{ secrets.GPG_COMMITTER_NAME || 'GhostClass Bot' }}
6969
git_committer_email: ${{ secrets.GPG_COMMITTER_EMAIL || '61821107+devakesu@users.noreply.github.com' }}
7070

71+
- name: Configure GPG for non-interactive use
72+
if: steps.repo-check.outputs.is_same_repo == 'true'
73+
run: |
74+
# Configure GPG to work in non-interactive mode (no TTY)
75+
echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
76+
echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
77+
gpg-connect-agent reloadagent /bye || true
78+
7179
- name: Setup Node.js
7280
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
7381
with:

docs/GPG_QUICK_START.md

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,19 @@
22

33
This is a quick reference for setting up GPG signing. For detailed instructions, see [GPG_SETUP.md](./GPG_SETUP.md).
44

5+
## ⚠️ Important: Use RSA Keys
6+
7+
**Use RSA 4096-bit keys, NOT ECC Curve 25519!**
8+
9+
ECC keys can cause "Inappropriate ioctl for device" errors in GitHub Actions. RSA keys are more compatible with automated CI/CD environments.
10+
511
## TL;DR - Quick Setup
612

713
### 1. Generate GPG Key
814
```bash
915
gpg --full-generate-key
1016
```
11-
- Choose RSA and RSA, 4096 bits
17+
- Choose **RSA and RSA**, 4096 bits ⚠️ **NOT ECC/EdDSA**
1218
- Use email: `61821107+devakesu@users.noreply.github.com` (your GitHub no-reply email)
1319
- Set a strong passphrase
1420

@@ -74,6 +80,11 @@ If you want to use a different email:
7480
- ✅ Check: You exported the PRIVATE key (not just public)
7581
- ✅ Check: You copied the entire key including headers/footers
7682

83+
**Problem**: "Inappropriate ioctl for device" error
84+
-**Solution**: Generate a new RSA 4096-bit key (NOT ECC Curve 25519)
85+
- ✅ ECC keys cause compatibility issues in GitHub Actions
86+
- ✅ The workflow now auto-configures GPG for non-interactive use
87+
7788
## Need More Help?
7889

7990
See the full guide: [docs/GPG_SETUP.md](./GPG_SETUP.md)

docs/GPG_SETUP.md

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,17 @@ This guide explains how to generate a GPG key and configure it for the auto-vers
88
- Access to repository Settings → Secrets and variables → Actions
99
- A verified email address in your GitHub account
1010

11+
## Important: Key Type Compatibility
12+
13+
**⚠️ Use RSA keys for best compatibility with GitHub Actions**
14+
15+
While GitHub supports various key types (RSA, ECC/EdDSA), **RSA keys are recommended** for GitHub Actions workflows because:
16+
- Better compatibility with automated signing in non-interactive environments
17+
- Avoid "Inappropriate ioctl for device" errors common with ECC keys
18+
- More reliable pinentry-mode loopback support
19+
20+
**Avoid**: ECC (Curve 25519) sign-only keys may cause signing failures in CI/CD environments.
21+
1122
## Step 1: Generate a GPG Key
1223

1324
Run the following commands on your local machine:
@@ -18,7 +29,7 @@ gpg --full-generate-key
1829
```
1930

2031
When prompted:
21-
1. **Key type**: Select `(1) RSA and RSA (default)`
32+
1. **Key type**: Select `(1) RSA and RSA (default)` ⚠️ **IMPORTANT: Use RSA, not ECC**
2233
2. **Key size**: Enter `4096`
2334
3. **Key validity**: Enter `0` (key does not expire) or set an expiration
2435
4. **Real name**: Enter your name (e.g., "Your Name" or "GhostClass Bot")
@@ -123,6 +134,21 @@ If you want to keep your email private, you can use GitHub's no-reply email:
123134
- **Cause**: Incorrect passphrase in repository secrets
124135
- **Solution**: Double-check the GPG_PASSPHRASE secret matches your key's passphrase
125136
137+
### "Inappropriate ioctl for device" Error
138+
139+
- **Cause**: GPG trying to prompt for passphrase in non-interactive environment, or using incompatible key type (ECC)
140+
- **Solution**:
141+
1. **Use RSA keys instead of ECC** (recommended) - Generate a new RSA 4096-bit key
142+
2. The workflow now automatically configures GPG for non-interactive use with loopback pinentry
143+
3. If using ECC keys, consider regenerating with RSA for better CI/CD compatibility
144+
145+
### Using ECC/EdDSA Keys (Not Recommended)
146+
147+
If you must use ECC Curve 25519 keys:
148+
- Be aware of potential compatibility issues in GitHub Actions
149+
- The "Inappropriate ioctl for device" error is common with ECC keys
150+
- **Strongly recommend using RSA 4096-bit keys instead**
151+
126152
## Security Best Practices
127153
128154
1. **Never share your private key**: Only add it to repository secrets, never commit it

0 commit comments

Comments
 (0)