I had some issues with PyCharm and GPG signing from the IDE.
Specifically, I had to solve by creating the ~/.gnupg/gpg-agent.conf file and then appending pinentry-program /usr/bin/pinentry-gnome3, restarting the gpg-agent with gpg-connect-agent reloadagent /bye and I was on my way.
It looks like, by default, gpg-agent does not point to the correct pinentry binary for the installed DE (in my case GNOME3).
Is this by design? Would it make sense to setup a default binary in this way for a fresh installation?
There has never been any need to set a default pin entry maybe I should say change the default pinentry.
I only remember having had to set it on a system and that was caused when having ssh-session to a remote server which also has a desktop installed - then the pinentry didn’t work when signing commits using the shell.
I consider that an edge case and not one would need for normal operation.
As I couldn’t quite understand your issue - I decided to test what you mean and I can produce a similar issue on a fresh Gnome with PyCharm Community. The solution is only one click away from the IDE.
Summary
Configure the environment → Linux tab
Set up GPG support
Install gpg2 using a package manager that comes with your Linux distribution. The exact list of package will vary based on the distributive you are using, the most important being gnupg2, gnupg-agent, and a pinentry that shows a GUI prompt.For example, on Ubuntu/Debian, run sudo apt -y install gnupg2 gnupg-agent pinentry-gnome3.
To verify everything is set up correctly, open the Terminal, run the gpgconf command and make sure the output is like the following:
A Manjaro installation is a get-you-started installation so in the sense of covering all possible use cases it is not complete - nor does it claim to be anything but a starting point for new adventures.
To me it makes sense - but I am biased - I create my own ISO images to have my way
In a broader perspective - perhaps - but then take into consideration that the majority of users don’t even know what gpg does. Furthermore the user’s gpg.conf is generated manally by the user as it is a security sensitive piece of the system - there should be no configuration distributed on the ISO as this would create a possible compromise of security.
I have been using Manjaro on production systems since around 2016. I am developer and does commit signing and I am a heavy user of Jetbrains tools and Git.
I have been diving into this topic - out curiosity - as one should never turn back from an opportunity to gain knowledge and it does indeed look like there’s a place for improvement.
The default pinentry is a script - and on Gnome 4 it will default to ncurses - likely because the file libgtk-x11-2.0.so.0 no longer exist.
Perhaps the pinentry package has been forgotten - who knows
A system configuration option exist with /etc/pinentry/preexec which has some commented suggestions which may be useful in your situation.
$ cat /etc/pinentry/preexec
#!/hint/sh
# Define additional functionality for pinentry. For example
#test -e /usr/lib/libgcr-base-3.so.1 && exec /usr/bin/pinentry-gnome3 "$@"
#test -e /usr/lib/libQt5Widgets.so.5 && exec /usr/bin/pinentry-qt "$@"
Copy the folder /etc/pinentry to your home
cp -R /etc/pinentry ~/.config
Edit the file ~/.config/pinentry/preexec to use the pinentry-gnome3
#!/hint/sh
# Define additional functionality for pinentry. For example
test -e /usr/lib/libgcr-base-3.so.1 && exec /usr/bin/pinentry-gnome3 "$@"
#test -e /usr/lib/libQt5Widgets.so.5 && exec /usr/bin/pinentry-qt "$@"
The gnupg and pinentry packages is inherited from upstream Arch and it would make sense wait for upstream changes. It appears there is an update pinentry package on the way - unfortunately - the update is not related to gtk-2 pinentry.
Hey there! Thanks for your exhaustive answer. This is what I did step by step:
I’m having a similar issue where if I’m trying to export my gpg key while on a ssh session, it will prompt on the remote desktop using the desktop and not the terminal. This is beside the PyCharm issue though.
Before making the changes you suggested in this post. This would just prompt me to a form on the terminal. Now it works as expected without changing the default pinentry binary! It also works on PyCharm as expected.