why run this command :"gpg-connect-agent updatestartuptty /bye"

Question

I have a arch linux in vm, I imported my gpg keys and configs gpg as described here:

https://github.com/drduh/YubiKey-Guide

and also config pass & git to use gpg keys, and everything works fine, so for example when I run git pull for first time it asks me the password,

the problem is: when I restart my vm, before I can run any command(like git pull),I have to run this command:

gpg-connect-agent updatestartuptty /bye

then everything works fine,

How can I solve this issue?

Answer 1

GPG depends on pinentry to provide user interaction for typing the passwords such as the one to protect your smartcard. In order to function properly, pinentry (which, on terminal, is either pinentry-tty or pinentry-curses) needs to know which tty it should listen for user interaction.

When GPG is acting as your ssh-agent to provide git+ssh authentication, it will keep a reference of the first tty available when it started, which is not the same you will have when you connect to your VM. Unfortunately, gpg-agent has no way to know at runtime which tty you are connected to, so it will fail every time it tries to communicate with its startup tty. That's why you need to update the startup tty using that command. This behavior is shortly described on their docs.

An alternative to avoid that command every time is to use any pinentry application that does not rely on tty, such as GUI ones like pinentry-gtk-2, pinentry-gnome and so on.