GPG installed with Git Bash #6667
Comments
chrmarti
added
containers
I have implemented the forwarding, but I haven't tried (or know) all types of setups for GPG.
"GPG installed with Git Bash" I haven't tested, maybe that works slightly different.
See #6608 (comment). |
|
Btw. |
|
@chrmarti Okay, thanks. I don't personally care about getting forwarding with GPG with Git Bash working, or with MSYS2 or anything like that. I hope we can agree that the documentation regarding VS Code Remote's GPG forwarding can be improved and the conversation in this issue and in #6566 provides some guidance. This can be closed as far as I'm concerned. |
|
@jeremyn Would you want to see the extra socket mentioned in documentation? And the fact that GPG with Git Bash isn't working (we don't know why yet)? |
|
@chrmarti If you can think of some coherent way to explain VS Code's cascading search for a GPG socket, then you could add that to the documentation. If GPG forwarding is only supported with specific software like Gpg4Win then you could say that. I'm not comfortable with you saying gpg with Git Bash does or doesn't work here based solely on my reported testing. Big picture though, I'm not sure who the documentation is for or what the point of the documentation is. I think GPG forwarding as implemented is a bit of a misfeature and security risk and so I don't think there is any way to responsibly explain what's happening to help typical users make important security decisions, if that's the goal. |
|
This issue has been closed automatically because it needs more information and has not had recent activity. See also our issue reporting guidelines. Happy Coding! |
@chrmarti I hope this doesn't sound argumentative, but your response seems to miss that we're doing a second hop through an intermediate server. I'm still not entirely sure we're talking about the same thing. Have you personally tried this or inspected the internal Remote-Containers code or are you answering based on the public documentation such as "Sharing GPG Keys"? The documentation there doesn't mention using Remote-SSH with Remote-Containers.
You can see in my comment at #6608 (comment) what I tried and what did and didn't happen. In that case on my local system I was using the GPG installed with Git Bash, not Gpg4Win. The key data got copied over but the container couldn't see any secret keys so any socket forwarding it tried to do, failed. Also, looking at the "Sharing GPG Keys" link, the closest matching situation is for WSL which requires installing the
socatpackage, which I don't think I had on the SSH server. I'm not super interested in digging into it more, guessing on packages to install etc, unless you can confirm what works for you.I vaguely understand the VS Code workspace trust concept, but you can see from my comment in the other issue that I consider Remote-SSH with Remote-Containers as a sort of sandbox. So in my case the answer would be that I trust the code and the dependencies to run in the contained environment specifically because they are limited in accessing anything outside of it.
Originally posted by @jeremyn in #6566 (comment)
The text was updated successfully, but these errors were encountered: