Skip to content

fix: GPG agent forwarding crash with SSH signing keys (#731)#732

Draft
skevetter wants to merge 3 commits intomainfrom
investigate-issue-731
Draft

fix: GPG agent forwarding crash with SSH signing keys (#731)#732
skevetter wants to merge 3 commits intomainfrom
investigate-issue-731

Conversation

@skevetter
Copy link
Copy Markdown
Owner

@skevetter skevetter commented Apr 13, 2026
edited
Loading

  • Skip passing --gitkey to setup-gpg when gpg.format = ssh, since SSH signing keys are handled by the separate SSH signature helper path
  • Make signing key setup non-fatal in setup-gpg so a failure doesn't tear down the entire tunnel and kill the SSH server
  • Add E2E test reproducing the scenario from [Bug]: Starting project with gpg agent forwarding fails to start the ssh server #731: SSH signing configured + GPG forwarding enabled

Fixes #731

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 13, 2026
edited
Loading

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 73f51ebb-8858-446c-8005-87913a4abaf7

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch investigate-issue-731

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 13, 2026

⚠️ This PR contains unsigned commits. To get your PR merged, please sign those commits (git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}) and force push them to this branch (git push --force-with-lease).

If you're new to commit signing, there are different ways to set it up:

Sign commits with gpg

Follow the steps below to set up commit signing with gpg:

  1. Generate a GPG key
  2. Add the GPG key to your GitHub account
  3. Configure git to use your GPG key for commit signing
Sign commits with ssh-agent

Follow the steps below to set up commit signing with ssh-agent:

  1. Generate an SSH key and add it to ssh-agent
  2. Add the SSH key to your GitHub account
  3. Configure git to use your SSH key for commit signing
Sign commits with 1Password

You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.

Learn how to use 1Password to sign your commits.

Watch the demo

@skevetter skevetter force-pushed the investigate-issue-731 branch from c6b235a to 1c85086 Compare April 13, 2026 14:50
@github-actions github-actions bot added size/l and removed size/m labels Apr 13, 2026
@skevetter skevetter force-pushed the investigate-issue-731 branch from 1c85086 to 07eff03 Compare April 13, 2026 16:58
@github-actions github-actions bot added size/m and removed size/l labels Apr 13, 2026
@skevetter
fix(ssh): skip GPG signing key when gpg.format is ssh (#731)
83049c0 
When the user has SSH-based commit signing configured (gpg.format=ssh),
the GPG agent forwarding code no longer passes the SSH key path as
--gitkey to setup-gpg. SSH signing keys are handled by the separate
SSH signature helper path.
@skevetter
fix(gpg): make signing key setup non-fatal in setup-gpg (#731)
a82e652 
Setting user.signingKey in the container is optional — if it fails,
GPG agent forwarding and the SSH server should still start. This
prevents a bad signing key configuration from tearing down the
entire tunnel.
@skevetter
test(e2e): add GPG forwarding with SSH signing format test (#731)
52edd73 
Validates that workspace starts successfully when GPG agent forwarding
is enabled and the host has gpg.format=ssh with an SSH signing key.
This is the exact scenario reported in issue #731.
@skevetter skevetter force-pushed the investigate-issue-731 branch from 07eff03 to 52edd73 Compare April 13, 2026 18:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/m

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Starting project with gpg agent forwarding fails to start the ssh server

1 participant

@skevetter