Skip to content

fix(ssh): skip file path signing keys in GPG agent forwarding#734

Merged
skevetter merged 1 commit intomainfrom
fix/731-ssh-key-path-detection
Apr 14, 2026
Merged

fix(ssh): skip file path signing keys in GPG agent forwarding#734
skevetter merged 1 commit intomainfrom
fix/731-ssh-key-path-detection

Conversation

@skevetter
Copy link
Copy Markdown
Owner

@skevetter skevetter commented Apr 14, 2026
edited by coderabbitai bot
Loading

  • When user.signingKey is a file path (starts with / or ~) and gpg.format is not explicitly ssh or x509, skip GPG agent forwarding — the key is an SSH key, not a GPG hex fingerprint
  • Handles the case where users set an SSH key path in user.signingKey without setting gpg.format = ssh
  • Preserves x509 certificate path behavior (gpgsm legitimately uses file paths)

Closes #731

Summary by CodeRabbit

  • Bug Fixes

    • Improved GPG/SSH signing key validation to detect filesystem paths (both absolute and tilde-prefixed) and skip them in specific scenarios.
    • Enhanced signing key processing to return empty values instead of passing through potentially invalid configuration entries.

  • Tests

    • Added test coverage validating behavior for absolute and tilde-prefixed paths in signing key configuration.

@skevetter
fix(ssh): skip file path signing keys in GPG agent forwarding (#731)
c56f0c4 
GPG key IDs are hex fingerprints, not file paths. When user.signingKey
is a file path (starts with / or ~), it's an SSH key — skip passing it
to setup-gpg. This handles the case where gpg.format is not set to ssh
but the signing key is still an SSH key path.
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 14, 2026
edited
Loading

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0436dcfe-47c9-43c3-9b3f-ce1a8468d59b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • ✅ Review completed - (🔄 Check again to review again)
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/731-ssh-key-path-detection

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai bot added the size/m label Apr 14, 2026
@skevetter skevetter marked this pull request as ready for review April 14, 2026 03:21
@skevetter skevetter merged commit 8f408e4 into main Apr 14, 2026
41 checks passed
@skevetter skevetter deleted the fix/731-ssh-key-path-detection branch April 14, 2026 03:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/m size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Starting project with gpg agent forwarding fails to start the ssh server

1 participant

@skevetter