SSH Commit Signing

Just did it. The id number is: [#ZNW-59812-231]
Thinking more about it, it might be possible 1password gets more forcefully suspended on my dev computer since I keep running out of memory, don't know if that might affect it's ability to prompt for confirmation when signing commits.

Hey @spocklogical:

Thanks for following up. In that case, I'd like to ask you to create a diagnostics report from your device:

Sending Diagnostics Reports (Mac)

Attach the diagnostics to an email message addressed to support+forum@1password.com.

With your email please include:

• A link to this thread: https://1password.community/discussion/131318/ssh-commit-signing#latest
• Your forum username: spocklogical

You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks very much!

I run into it when signing commits. Before I realized the issue was failed signing, I ran the commit command using sudo, which technically worked, though I think it probably changes things in the .git directory, and it's probably only working that way since it would use a different user's global git config that didn't have commit signing enabled.

Hey mvgijssel:

First I'd like to apologize for the delayed response here. op-ssh-sign exists to offer a one-click install for Git commit signing. By default, Git uses ssh-keygen to sign commits, using the SSH agent available in the SSH_AUTH_SOCK environment variable. Changing the signing command allows for a one click install. If you instead comment out the /op-ssh-sign line of your .gitconfig in your container, as well as forward your SSH_AUTH_SOCK in, is Git able to sign your commits? Let me know.

Hi @spocklogical:

Would you mind elaborating where you're running into trouble? Is that when pushing to a Git repo, SSHing to a server, or signing your commits? Let me know.

Jack

I ran into the

error: could not connect to agent

issue, and I keep forgetting I have 1password commit signing running, so when I go to look up the error I get all kinds of other things that have nothing to do with 1password and then after about a week I cold-start 1password and it asks me to authenticate for git signing and then I realize that's been the issue all along.

I'm a little hesitant to edit my .gitconfig because I also have the github cli installed which has also edited it, though the github cli should only be setting itself up as an https auth provider which should be separate from the signing settings 1password sets, but I just want to mention it to make sure it's not possible it could be causing any conflicts.

I'm currently using a https://code.visualstudio.com/docs/remote/containers on macOS and I'm trying to get the git commit signing to work. SSH is already working by explicitly exporting the 1Password specific SSH_AUTH_SOCK in the terminal I use before opening VSCode


export SSH_AUTH_SOCK=~/Library/Group\ Containers/2BUA8C4S2C.com.1password/t/agent.sock
code .


This enables using the SSH keys from 1Password from within the devcontainer, because VSCode does some magic with the socket in the background.

For git commit signing I'm now running into this error

```
error: Error: AppError { error: could not connect to agent

Caused by:
std::io::error::Error, location: Location { file: "ssh/op-ssh-sign/src/utils.rs", line: 27, col: 14 } }

fatal: failed to write commit object
```

I've installed 1Password within the devcontainer using https://support.1password.com/install-linux/#other-distributions-or-arm-targz and updated my .gitconfig like


...
[gpg]
format = ssh
[gpg "ssh"]
program = /opt/1Password/op-ssh-sign
[commit]
gpgsign = true
[tag]
gpgsign = true
...


But I'm unable to get it work. My suspicion is that op-ssh-sign is looking in the wrong place for the socket, but I can't validate this because it's closed source.

Would folks from 1Password be able to help out? 😏

Thanks for the tip! Alas my configuration is more subtle and I already have this checked.

If you're interested, I think this is what is causing it:

• Disable "Keep 1Password in menu bar" (Also no browser extension. What I'm getting is: There's nothing else wanting 1Password to be running)
• Enable "Lock on sleep, screensaver, or switching users"
• Lock your Mac
• Login again
• git commit
• 💥 Boom, error

Yep, that is something we have on the roadmap. In the mean time, there's this setting on Mac that could already mostly cover it:

Yes, it is working perfectly when 1Password is running. Good work 👍

My workaround is to start 1Password by hand and try again. Ideally the app would just be started automatically in this situation.

The error messages in op-ssh-sign are a bit cryptic indeed, we're actively working on improving those! But I assume you did get it working now, correct?