Develop Reference

flatpak not working - apparently GPG issue

On a fresh Arch Linux install, I have difficulties to make flatpak work.
It seems it's due to a GPG issue but I can't figure out what I did wrong.
I cleared the caches, uninstalled & reinstalled, to no avail.
Here is an expression of the symptom:
$ flatpak remote-ls flathub
error: Unable to load summary from remote flathub: Signature made Mon Jan 24 18:48:35 2022 using RSA key ID 562702E9E3ED7EE8
Can't check signature: public key not found
Please note that the user profile has been restored from a backup (incl. its GPG keys). I checked GPG seems functional.
Any clue?
Thanks!

I found that I was missing the corresponding trusted key in /var/lib/flatpak/repo/flathub.trustedkeys.gpg. I copied it from a VM of mine and now it works.
But why was the trusted key missing in first instance?

Error while installing Halyard

Im trying to install halyard in Ubuntu 16.04.
I have downloaded installhalyard script using curl
curl -O https://raw.githubusercontent.com/spinnaker/halyard/master/install/debian/InstallHalyard.sh
After Im executing sudo bash InstallHalyard.sh to install halyard command.
But Its not getting installed and showing the below error
jayanth#jayanth-VirtualBox:~$ sudo bash InstallHalyard.sh
[sudo] password for jayanth:
Please supply a non-root user to run Halyard as: jayanth
Halyard version will be stable
Halyard will be downloaded from gs://spinnaker-artifacts/halyard
Halyard config will come from bucket gs://halconfig
Halconfig will be stored at /home/jayanth/.hal/config
Uninstall script is located at /home/jayanth/.hal/uninstall.sh
Running ubuntu 16.04
gpg: keyring `/tmp/tmptyeoozb6/secring.gpg' created
gpg: keyring `/tmp/tmptyeoozb6/pubring.gpg' created
gpg: requesting key 86F44E2A from hkp server keyserver.ubuntu.com
**Error: retrieving gpg key timed out.**
gpg: /tmp/tmptyeoozb6/trustdb.gpg: trustdb created
gpg: key 86F44E2A: public key "Launchpad OpenJDK builds (all archs)" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK
Due to the above error, Im unable to install Halyard.
Please help me here.
BR
Jayanth

i use below command to deploy halyard
kubectl create deployment hal --image gcr.io/spinnaker-marketplace/halyard:1.20.2

I have again tried sudo apt-get update this time and installed open ssh client and server.
This time it worked.

Looks as though you either had a problem with network connectivity or some other reason that your system can't reach the host keyserver.ubuntu.com. Make sure you can reach that server (try pinging it for instance) and your install should work.

Error with git pull and git push [duplicate]

I'm using Git (and GitHub) on a daily basis and everything has been working fine and all of a sudden, I can no longer communicate with my remote GitHub repository through my Git commands. When I try to "Git pull", it gives the following error:
fatal: unable to access 'https://github.com/snahrvar/eatibl.git/':
error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
protocol version
So, I tested across multiple repositories, and I get the same errors on my computer. I had someone else interact with those same repositories, and it works fine for them. Prior to this error, I did an "npm install sharp" on a project and that ended up failing, and I suspect this may have messed with some SSL setting, but that's a wild guess!
Any general thoughts or guidance would be much appreciated!
If it's helpful at all, here is my environment:
Git version: 1.9.4.msysgit.2
Windows version: Windows 8.1

Updating TortoiseGit and GCM didn't help me, but updating Git itself did, as per #Frederic's advice in comments.
https://git-scm.com/download/win
To make sure the new version of Git installs properly and doesn't conflict with previous installations (it might, if you used TortoiseGit's, because it would use different folders and mess with PATH variable), remove the existing Git installation before installing the updated Git. Might also need to install with administrator rights.

You're likely running into an incompatibility with GitHub's deprecation of weak SSL encryption protocols:
Weak cryptographic standards removal notice
The solution will vary, but for Windows you likely need to upgrade the Git credential manager to 1.14.0
https://github.com/Microsoft/Git-Credential-Manager-for-Windows/releases/tag/v1.14.0

If you are using Android Studio or IntelliJ IDEA, updating Git to the latest version and changing the path to point to the new version solve the problem for me.

Using TortoiseGit, I did all of the other fixes/updates given for this and still no success. I found this: Can't git push/pull/fetch suddenly
My TortoiseGit settings for Git for Windows Git.exe path was pointing to C:\Program Files (x86)\Git\bin. I changed it to C:\Program Files\Git\bin and now it's working again.

This is what worked for me.
Install the latest version of Git from here: https://git-scm.com/download/win
In TortoiseGit, go to menu Settings → General → Git.exe Path - change it from 32-bit to 64-bit path:
C:\Program Files (x86)\Git\bin → C:\Program Files\Git\bin

Updating Git was not enough in my situation. After debugging for several hours, this was my fix:
C:\wamp64\www\maandlastenmanager> git config http.sslVersion
tslv1.0
C:\wamp64\www\maandlastenmanager> git config http.sslVersion tlsv1.2
C:\wamp64\www\maandlastenmanager> git config http.sslVersion
tslv1.2

I had this same problem while pulling code from GitHub on my Visual Studio Code terminal. I found the advice in the previous answers useful and hacked a solution together following the steps below:
I updated Git.
I updated Git Credential Manager for Windows.
Made some changes to the registry.
Updated my Visual Studio Code installation to the latest version.
Changed my Windows path for Git from C:\Program Files (x86)\Git\bin. to C:\Program Files\Git\bin.
This repository was quite useful.
I hope this helps someone.

TL;DR: git config --system http.sslbackend schannel and switch off HTTPS checks for github.com in your antivirus software
I'm using the Git command line on Windows 8 x64. In addition, my antivirus software checks HTTPS traffic by default. Like other people in answering this question, I use GitHub almost daily.
Updating Git - didn't help - because I used OpenSSL (see below)
Updating credential manager - didn't help
Then I started playing with switching the SSL backend:
git config --system http.sslbackend openssl
----------------vs------------------
git config --system http.sslbackend schannel
and the antivirus software checks for SSL traffic:
OpenSSL, HTTPS checks ON: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
OpenSSL, HTTPS checks OFF: SSL certificate problem: unable to get local issuer certificate
SecureChannel, HTTPS checks ON: schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
SecureChannel, HTTPS checks OFF: worked fine
P.S.: Instead of commandline, you can just reinstall the latest Git, selecting "Use native Windows SSL validation library".
P.P.S.: The case (3) seems to be a bug in the schannel library, because the MITM certificate my antivirus software uses is whitelisted on my machine.

On macOS, you can install the latest git via Homebrew.

Same for me with Git 1.9.5.msysgit.1 too. I tried to install https://github.com/Microsoft/Git-Credential-Manager-for-Windows/releases/tag/v1.14.0, but no change.
Actually, nothing happen after installation; maybe I'm doing something wrong? (That may not help for the initial question, but for other people, yes!)

Yeah, I encountered the same issue on a pull request today and the solution was to simply update Git by downloading the latest (2.16.2) 64-bit version of Git for Windows. It was released 5 days ago, on 2018-02-20.

The comment by #andw worked for me:
Update Git version 1.9.5 to 2.15.1 using these steps:
In sourceTree, go to menu Tools → Options → Git → Use Embedded Git.

A quick solution would be git config --global http.sslVerify true, but it is not recommended as it defeats the purpose using SSL.
A second and better way is to use ssh keys rather than an SSL URL.
Steps to generate SSH keys
o Run the following command in a Git terminal (Git Bash): ssh-keygen
After running the command, the following message will appear:
Generating public/private RSA key pair.
Enter file in which to save the key (/h//.ssh/id_rsa):
Give the path for the key to be stored in, for example, enter the file in which to save the key (/h//.ssh/id_rsa): C:\Users\Public\my-new-ssh-key
Then give the passphrase for that key (any password of minimum 8 characters)
• Next run the following command: eval “$(ssh-agent –s)”
• Run the following command: ssh-add C:/Users/Public/my-new-ssh-key Note: use forward slash in the path to the newly created SSH key.
After that, add the contents of the file my-new-ssh-key.pub and add it in the text area for Add public key (Bitbucket, GitHub, etc.)

While connecting to a remote repository to fetch, pull, push, etc., I had the same error:
fatal: unable to access 'https://github.com/repository.git/': error:1
407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
I just reinstalled Git 64-bit in place of 32-bit and that fixed the issue.
After installation, verify the Git path in environment variables. It should be:
C:\Program Files\Git\bin\git.exe

This is an issue with IntelliJ and RubyMine. GitHub must have disabled SSL (PCI compliance maybe?) in favor of TLS. If you open Settings in IntelliJ or RubyMine and navigate to Version Control > Git, you'll see it's using a git.exe installed under the application's path. You should download the most current version of Git and change the path in your VCS settings to point to that, e.g. C:\Program Files\Git\bin\git.exe if you install it on Windows. Works like a charm after that.

Sometimes, this is caused by outdated msysgit which is using old ssl and not maintained any more, you can install latest git for windows, and point the git.exe path in tortoise setting to it, then this problem gone.

Git version upgrade did the trick for me. I had the version 1.9.5 and so and I upgraded to 2.21.0 on windows. Also upgrading is very easy. We don't need to uninstall the older version. Download the latest Git installer and just keep on pressing next using default options and the version will be changed to new version and all the old settings will still be working like ssh keys etc. We don't need to generate the keys again and put on github or any other repository.
Earlier my https protocol cloning was not working and giving error
fatal: unable to access 'https://github.com/tensorflow/models/':
error:1407742E: SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
protocol version
Once I downloaded new version and ran the same clone command it worked without any issues.

I also came across to this problem recently
What worked for me was to revert an automatic update of git

Encountered a similar error.
On windows, Updated git on windows to the latest version.
That fixed the problem.

gpg: can't connect to the agent: IPC connect call failed

I am having a problem while trying to decrypt some keys using GPG. The following output is given to me:
gpg: can't connect to the agent: IPC connect call failed
I already edited some files, pointed in this tutorial: https://michaelheap.com/gpg-cant-connect-to-the-agent-ipc-connect-call-failed/ but with no success.
Possible reasons for that?

Even I had the above issue in Ubuntu 20 WSL, I tried all the below | above suggestions, but none worked for me.
root#7400-9888K13:/mnt/c/Users/PKammari# wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add -
gpg: can't connect to the agent: IPC connect call failed
What did I do to resolve the issue?
remove gpg
install other version of gpg.
How do I do it?
apt remove gpg ( follow the instructions)
apt install gnupg1 (follow the instructions)
Option 2.
sudo apt update --y
`sudo apt remove gpg`
`sudo apt-get update -y`
`sudo apt-get install -y gnupg1`
Proof. (refer to the screenshot):

There is probably already a gpg-agent running on the system, which your gpg command is unable to connect to.
If you do a pkill -9 gpg-agent and then source <(gpg-agent --daemon) to restart the agent, you should be able to connect to the pinentry-curses for inputting your password.

In my case the agent wasn't even started. This is what I did to resolve:
C:\Program Files (x86)\gnupg\bin>gpg-connect-agent -v
gpg-connect-agent: no running gpg-agent - starting 'C:\Program Files (x86)\gnupg\bin\gpg-agent.exe'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
> ^Z
Afterwards the commands to the agent started working.

To hopefully add to preetam's excellent answer above for those very new to this.
To install gnupg1 - if you get the error "Package gnupg1 is not available, but referenced....."
sudo apt remove gpg
sudo apt-get update -y
sudo apt-get install -y gnupg1

For me, previous responses worked, but partially, what made the magic in my case was a combination of all, see the commands below.
If you get error add-apt-repository: command not found, then, install package software properties common.
sudo apt remove gpg
sudo apt-get update -y
sudo apt-get install -y gnupg1
# In case of Error when adding "ppa" with message: add-apt-repository: command not found
sudo apt-get install software-properties-common
# Now, the hack
sudo add-apt-repository ppa:rafaeldtinoco/lp1871129
sudo apt update
wget https://launchpad.net/~rafaeldtinoco/+archive/ubuntu/lp1871129/+files/libc6_2.31-0ubuntu8+lp1871129~1_amd64.deb
sudo dpkg --install libc6_2.31-0ubuntu8+lp1871129~1_amd64.deb
sudo apt-mark hold libc6 #to avoid further update
# Edit: /var/lib/dpkg/info/libc6:amd64.postinst and remove the sleep 1 that is in nearly the last line.

apt-get install -y gnupg gnupg1
cp -a /usr/bin/gpg /usr/bin/gpg2
ln -sf /usr/bin/gpg1 /usr/bin/gpg
apt-key worked for me after executing those commands.
I'm WSL 2.0 with Ubuntu 20.04 (Windows 10 Build 2004).
Reason:
uninstalling gnupg (2.x) also uninstalls gpg-agent, which is required.
installing gnupg1 (1.x) will install only gpg binary, not gpg-agent.
Both are required to work, but we want gnupg1 (1.x) to be the default "gpg" command (despite working with 2.x support-tools).

Based upon other behaviors in my Windows 10 system and through experimentation, I believe sometimes Windows Defender blocks gpg-agent from running because of a Windows Defender bug that slows the system trying to access low-level CPU counters.
Read Windows Defender can Significantly Impact Intel CPU Performance, We have the Fix. Work around the issue by downloading Counter Control from TECHPOWERUP and clicking "Reset Counters" when this problem arises. (See below.)
In my case I would frequently get the following error while trying to sign JAR files for deployment to Maven Central.
gpg: can't connect to the gpg-agent: IPC connect call failed
gpg: keydb_search failed: No agent running
gpg: skipped "…": No agent running
gpg: signing failed: No agent running
Sometimes if I kept trying over and over and over, eventually it would succeed.
Based on other answers, when this happened I trying manually connecting to the gpg-agent, but even that would time out:
> gpg-connect-agent --verbose
gpg-connect-agent: no running gpg-agent - starting 'C:\\Program Files (x86)\\GnuPG\\bin\\gpg-agent.exe'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: waiting for the agent to come up ... (4s)
gpg-connect-agent: waiting for the agent to come up ... (3s)
gpg-connect-agent: waiting for the agent to come up ... (2s)
gpg-connect-agent: waiting for the agent to come up ... (1s)
gpg-connect-agent: can't connect to the gpg-agent: IPC connect call failed
gpg-connect-agent: error sending standard options: No agent running
Because I've been experiencing similar slowdown issues on my machine seemingly related to Windows Defender, I ran "Counter Control" and sure enough, it showed that Windows Defender was maxing out the counter access as described in the article above. (Image embedded from the article.)
I tried to manually connect to gpg-agent again, but this time I hit "Reset Counters" in the utility just as gpg-connect-agent was retrying. When I did this, it immediately connected!
> gpg-connect-agent --verbose
gpg-connect-agent: no running gpg-agent - starting 'C:\\Program Files (x86)\\GnuPG\\bin\\gpg-agent.exe'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to the agent established
This seems unlikely to be a coincidence that it would connect at just the moment I reset the counters. Moreover Windows Defender has been causing other slowdown problems on my machine.
I believe that buggy behavior of Windows Defender is causing this problem on my machine. Please investigate and report if you can reproduce this workaround. (Note that, as per the article, this problem only affects certain generations of Intel CPUs.)
Update: Upon further testing, I'm still getting can't connect to the gpg-agent even if I've already reset counters to prevent Windows Defender from hogging the CPU as explained above. For some reason I normally still have to manually run gpg-connect-agent. Now it may be that resetting the counters while gpg-agent was trying to connect allowed it to connect. And it could still be be that Windows Defender is stopping gpg-agent from connecting when my system starts up. But at this moment all I know is that 1) gpg-agent isn't starting up automatically, 2) I have to run gpg-connect-agent manually, and 3) even running gpg-connect-agent will time out unless I reset the CPU counters to stop Windows Defender from hogging the CPU.

Mine is a windows machine, and when I do git commit I get the following message. I have already configured gpg keys on my machine.
gpg: can't connect to the gpg-agent: IPC connect call failed
gpg: keydb_search failed: No agent running
gpg: skipped "BBB42EB62E25E8EB33AE2E65F40A504840B1C66B": No agent running
gpg: signing failed: No agent running
error: gpg failed to sign the data
fatal: failed to write commit object
Will Buffington answer worked for me.
I had to apply the command
gpg-connect-agent -v
repeatedly as shown below. And it worked in the third attempt.
Once the I get the message connection to agent established, I now ran the commit command again. Now its successful. Note the -S flag to sign my commits.
Update
This morning, it did not start even after 3 attempts. I had to double click the exe from its installed location.

I had the same problem. In my case, the gpg config files were somehow corrupted. To solve it, I have removed all the configurations inside ~/.gnupg (make sure to backup any keys that you still need). Then I have reinstalled gpg and everything worked well.

On WSL1 Ubuntu 20.04 following workaround available: https://github.com/microsoft/WSL/issues/5125#issuecomment-619097534
sudo add-apt-repository ppa:rafaeldtinoco/lp1871129
sudo apt update
sudo apt install libc6=2.31-0ubuntu8+lp1871129~1 -y
sudo apt-mark hold libc6

I had to use:
sudo apt autoremove gpg gnupg1 gnupg2

In windows subsystem Ubuntu 20 works these steps:
sudo apt remove gpg
sudo apt-get update -y
sudo apt-get install -y gnupg1
After that steps appear "Ok"

I had the same problem when I killed the agent. It was not able to connect to agent again. So I had to remove all gpg gpg-related packages, and reinstall. I had to remove gpg-agent as well.
so what I did
sudo apt remove gpg gpg-agent
sudo apt-get install -y gpg

I was able to connect without installing new software. In my case the issue was that the IPC file wasn't in the expected position.
Check if gpg-agent with ps -eaf | grep gpg is running and kill it if it is running with killall gpg-agent
Start gpg-agent with verbose
$ gpg-agent --daemon -v
...
GPG_AGENT_INFO=/tmp/.../S.gpg-agent; export GPG_AGENT_INFO
copy-paste the GPG_AGENT_INFO line, including the export, in the shell where you need the agent.

on mac git clone over https fails to authentication

On a mac mini with Mavericks I am having problems authenticating when I try to git clone from a private git server. I have installed and configured git on Windows and Ubuntu a few times with this same server and haven't this sort of problem before. I'm at a loss as to what to try next.
Symptoms:
git clone https://username#git.example.com:8448/git/libs/project.git
Cloning into 'project' ...
Password for 'https://username#git.example.com:8448': [1] note
fatal: Authentication failed for 'https://username#git.example.com:8448/git/libs/project.git'
[1] I am not asked for this on other systems. I believe I have configured my git client to not ask for passwords. No password I provide is good at this prompt
I have this in my ~/.gitconfig:
[http]
sslKey = /Users/macuser/auth/username.key
sslCert = /Users/macuser/auth/username.pem
sslVerify = false
[user]
name = username
email = username#example.com
I received the following files when setting up my client certificates which I placed in a folder named ~/auth:
username.cer
username.p12
username.pem
ca.cer
I ran this command to generate the key file:
openssl rsa -in /Users/macuser/auth/username.pem -out /Users/macuser/auth/username.key
And then I ran git config commands such as:
git config --global http.sslKey /Users/macuser/auth/username.key
git config --global http.sslCert /Users/macuser/auth/username.pem
git config --global http.sslVerify false
After configuring git just like the steps above, on other systems when I do a 'git clone https' it just works. On OS X Mavericks with Xcode command line tools installed, git cannot authenticate.
What am I doing wrong?
Thanks in advance.
Edit:
I thought I'd add this piece of information. The server is using a self signed certificate, or one which comes from no authority. This is why I set http.sslVerify to false.
Here are the verbose clone commands. The setups on Linux and Mac are the same, save for auth folder locations. The Linux version succeeds while the Mac version fails.
http://cache.codebot.org/stackoverflow/linux-git-works.txt
http://cache.codebot.org/stackoverflow/mac-git-fails.txt
Answer:
sudo port install git-core

when you try to use git clone and if its prompt for password please provide the git personal access token here
that will resolve the issue.

The solution was to use the macports version of git rather than using the version included with Xcode command line tools.
sudo port install git-core

sslVerify false? Then you desactivate completely the certificate verification by curl.
You can have more details with:
GIT_CURL_VERBOSE=1 git clone https://...
Check if the other systems don't have a %HOME%/_netrc (Windows) or ~/.netrc (unix) with your credentials in it, which would explain why you don't have to enter a password there.
In your case, it is possible the CA and other root certificates used in Linux in /etc/ssl/certs/ca-certificates.crt aren't present on mac.
Try to add the content of that Linux file to the git cert file on the client side on your <path/to/git/bin/curl-ca-bundle.crt> file, a bit like in this solution.
The OP sysrpl reports though that it isn't necessary, since sysrpl had to do a:
sudo port install git-core
to update/reset the git installation on the Mac.