-
-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for ARM/M1 Macs #3
Comments
Totally forgot that when cross-compiling CGO is totally disabled by default (not only for darwin/arm64). Adding this made the project build locally but this is still offered as a best-effor, no idea if it will work or not on a real M1 mac. Related issue: #3.
Commit 45ffb97 enabled cross-compilation for M1 macs (Darwin/arm64 architecture). Nevertheless the build has not been tested on an actual M1 mac yet. |
Doesn't work on my 2020 Air with M1, running 11.5.2. I tried the version from brew, then manually downloaded the v0.0.2 release, replaced the binary, and tried a few basic gpg operations. Example log:
Edit: To be clear, the same does work when I reconfigure echo 1234 | gpg -as |
@rickosborne First of all thank you for providing feedback! Can you manually run the
This only checks if the Additionally, can you check if there is any additional info logged in the file |
But also, from
(This repeated a number of times.) My
|
Okay, I dug around on this a bit more. I don't know much about Go or its ecosystem, but I was able to figure out how to use goreleaser to get a build in a local
Unfortunately, that same failure is present in the
I wondered if I might have an old version of pinentry-mac, but it seems to be pretty recent:
I'll see if I can get a debugging environment up and running to see if I can step through it. |
I'm using the same
The error that
seems to be coming from the upstream dependency that I use to interact with the fallback Can you share the output of I pushed 8b392a0 that should log the path of the fallback pinentry when running with the |
After pulling down that update, and running in GoLand:
|
FWIW, it seems like my pinentry-mac config works okay. When I switch over to use it in If I then use the correct passphrase, the encryption succeeds. Having said all of that, I don't use gpg for anything other than signing git commits ... so I am not 100% sure the configuration is rock solid. |
Okay, I figured it out. (I am dumb.) I'm going to document my investigation and thought process, in the hopes that it gets picked up by search engines and helps future folks. I'll also open a minor PR against your README which I think will help. Basically: I hadn't configured pinentry-mac to actually use the Keychain. (Because, frankly, the README for pinentry doesn't actually say you can do that.) I'd thought it odd that searching through the Keychain for anything referencing "gpg", "gnu", or "pinentry" yielded nothing. So I truly didn't have the Keychain item which pinentry-touchid was looking for. (But that also means it's not getting created by pinentry-touchid, which might be a regression?) But after poking through the source, I found the default you have your README, plus the extra one:
Doing that with pinentry-mac, I then got the "Save in keychain" checkbox on its prompt: (Note the extra checkbox, versus my screenshot in my previous message.) I can then also see an entry in my Keychain: I then switched the config over to use pinentry-touchid via
(Obv, people reading this in the future will likely just have the Homebrew path, not Kill the agent once again:
Retry some encryption:
You should get prompted by pinentry-touchid this time: The first time you do this you will get a follow-up prompt to always allow access: Entering your laptop password (not your GPG passphrase) and using "Always Allow" will do exactly that, and you should never see another prompt. I can also verify that the Homebrew-installed version (v0.0.2) does work just fine once you've done all this. (I removed my locally-built executable from
Hope that helps others! |
Glad to know that it is now working and on an M1 Mac 🎉 🥳! So the main issue was that
Sure! feel free to open the PR for the README! |
Yeah, I think there may also be something on my end. I still haven't gotten IntelliJ-GPG integration working. I note that their docs include the assertion that:
Should just work. Unfortunately for me, that's not the case:
Familiar error, right? The pinentry I'm using is also from Homebrew, but I figure I must have missed a config step somewhere. I hadn't noticed until I tried using pinentry-touchid because git commit-signing does actually work just fine, and prompt as necessary ... when I use But anyway, it definitely seems like a local problem, and not one caused by pinentry-touchid. |
From your output of
Where does
For the record this also fails for me:
but
|
Dangit. I continue to be the dumbest smart person ever. It didn't even occur to me to just update that link. I keep looking for a config option. Sigh. Yep. That did it. I pointed that link at pinentry-touchid and both command-line and IJ now work like a champ. Sweet! And thank you so much for the help! |
Happy that it worked 🎉! I ran the test locally by disabling the use of keychain (by Maybe we should rework a bit #6 and provide a troubleshooting section? As in, if you face this error then best to check the symlink or maybe tweak some config additional config setting? What do you think @rickosborne? |
@rickosborne your comment helped me set this up. thanks so much for the detailed instructions! @jorgelbg, if you set up GitHub sponsors I'd love to send you a couple of dollars a month to thank you for this software :) |
@shepherdjerred Glad that you got it running 🥳! Can you share the output of
@shepherdjerred Thank you! You are too kind! I never really though about it 😅. Thanks for encouraging me into getting the sponsors profile approved. |
Here are my dotfiles |
Extend the checks that are run when the `--check` flag is provided. Previously we only checked that the binary existed in the current `$PATH`. If the binary is a symlink it will be resolved and the end file will be compared with `pinentry-mac`. This should prevent the issue reported in #3 where default gpg installation via homebrew will break because the output of `gpgconf` contains: ``` pinentry:Passphrase Entry:/usr/local/opt/pinentry/bin/pinentry ``` At the same time `/usr/local/opt/pinentry/bin/pinentry` by default points to `pinentry-curses` which means that pinentry-touchid is unable to call the fallback pinentry program entirely.
As seen in #3 the GPG installation from homebrew creates a `pinentry` symlink pointing the `pinentry-curses` which prevents `pinentry-touchid` from successfully calling the fallback pinentry program (`pinentry-mac`).
yep:
Which should also mean that I added some more logic to the I also added some additional details based on https://www.jetbrains.com/help/idea/set-up-GPG-commit-signing.html for verifying that the |
I think you're correct!
|
Hm, it seems that I've ran into a new error:
I updated from macOS Big Sur 11.5 to 11.6 last night. Maybe that's why? |
Strange, I just upgraded my work laptop to 11.6 (build 20G165) and it is still working fine. Can you check if everything is configured properly in |
Gpg works fine when I have pinentry-program set to pinentry-mac... |
Can you check (you can add this to your
So you are running pinentry-touchid in an M1 device right? I upgraded to 11.6 but my machine is a 16" Intel one. |
@shepherdjerred did you solve the issue? I couldn't reproduce it on my end and I'm wondering if it is related to a change only affecting M1 machines 🤔. |
Hi! Sorry, I've been focused on work haha. I'll try your suggestions and get back to you. |
Yep! I'm on an M1 MacBook running macOS Big Sur 11.6.
|
I think that this path is correct right I find it strange that from the logs that pinentry-touchid did log something but after gpg-agent had already failed to communicate. So pinentry-touchid was ready at Can you check if the version of pinentry-touchid that you have installed is the native ARM one? ~15s to start pinentry-touchid seems a bit too much (even with rosetta emulation) but gpg-agent seems to be failing immediately to execute it. Wondering why this triggered only with the new version tho 🤔. |
|
@shepherdjerred by any chance did you change the |
having a similar issue as @shepherdjerred, also M1, on Big Sur 11.6. only difference I'm seeing is that
|
@jorgelbg any updates on this? |
I run into the same issue, even on the intel based macbook. (MBP 16 2019, Big Sur 11.6) Found out the problem, at least in my case, is the additional I put up a quick fix here: #18 |
This appears to have resolved itself on Monterey, I have it up and running on my M1 MBP running Monterey 12.1 and the latest |
Perfect! Your PR fixed it for me. |
seems like this issue can be closed? |
Closing this issue now that it is confirmed to be working. |
i'm facing this problem atm, here's my log
i'm running venture, fully up to date |
Tried generating binaries for the M1 Macs via goreleaser, but it fails with:
There seems to be a build constraint in https://github.com/lox/go-touchid.
The text was updated successfully, but these errors were encountered: