Snap sign unable to invoke gpg-agent pinentry


#1

A while back, during assertion signing tests, I received the following error from snap sign:

$ cat model.json | snap sign -k test-key
error: cannot sign assertion: cannot sign using GPG: /usr/bin/gpg --personal-digest-preferences SHA512 --default-key <my key> --detach-sign failed: exit status 2 ("gpg: signing failed: No such file or directory\ngpg: signing failed: No such file or directory\n")

It seems that, when executed by snap, gpg-agent is unable to run the pinentry program to read the key passphrase and prefers to display this rather cryptic error message instead. Indeed, If I unlock my key by running a gpg operation manually, such as

$ gpg --homedir /home/claudio/.snap/gnupg --detach-sign <some file>
Please enter the passphrase to unlock the OpenPGP secret key:
"test-key"

it correctly asks my passphrase and for that point on snap sign operations are executed as expected (until the agent times out and starts asking for the passphrase again). I didn’t investigate why exactly this is happening, but I’ll leave the information here in case this is happening to someone else.