Create guide for GPG agent forwarding [ch15007] #497
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
✨ Coder.com for PR #497 deployed! It will be updated on every commit.
|
|
The fix for pinentry is to add |
added 2 commits
July 22, 2021 14:43
Also added some troubleshooting. Needs cleanup.
Added security considerations Added code-server ux issue
|
Can you take a look at this and clean it up so it'll deploy a preview site? |
jawnsy
reviewed
Jul 22, 2021
| ## Making the connection | ||
|
|
||
| On your local device, ensure the gpg-agent is running and that it works when | ||
| you attempt to perform a GPG action such as `echo "test" | gpg --clearsign".` |
There was a problem hiding this comment.
looks like a quote is imbalanced here
added 2 commits
July 22, 2021 16:32
|
@mterhar you should be good to go: https://codercom-nhj9c7za9-codercom.vercel.app/docs/coder/v1.20/guides/customization/gpg-forwarding |
|
@khorne3 This is validated and I've tested it with my yubikey and made some troubleshooting tips for the next version. I did apparently ruin the linting though :-( |
khorne3
approved these changes
Aug 26, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
One of the recent major pushes for government contractors and other software-supply-chain sensitive organizations is to sign all commits to be sure they're coming from the right people and going through the right process to get integrated into the codebase.
Adding GPG injection in the same way as Coder does SSH key management may work for some users but if they're using a smart card or yubikey, GPG forwarding is needed.
Configuration of GPG forwarding is fragile and has a lot of moving pieces so this guide is intended to help users line up those pieces effectively.
ch-15007
Things to be addressed:
SSH workaround, put
IdentityFile ~/.ssh/coderinto the.ssh/configfile... but that's not really the intended use.