I understand that my use case is very unusual and I’m probably doing at least one thing that’s going to make people cringe, but I have a specific need for GPG use in a specific way and I’m stuck on how to proceed.
I’ll preface this by saying I did have it working at one time, but updates to GPG seem to have broken it and I’m not sure what my next steps should be. I suspect I need to change revisions of GPG4Win, but I’m not 100% sure, thus I’m going to ask.
So, here’s the situation.
I develop software on a combination of Windows and Linux via WSL2. I’m using a socket proxy called “wsl2-ssh-pageant” to make the gpg-agent running on Windows accessible to the WSL2 Linux install (running Arch Linux) so that Git can do the code signing via my Yubikey.
I can currently confirm that I can use “socat - UNIX-CONNECT:/home/firehawke/.gnupg/S.gpg-agent” to actually talk to the gpg-agent running in Windows from the Linux shell. The problem comes when I try to actually connect to the Agent using GPG itself.
Doing “gpg --card-status” gives me:
gpg: can’t connect to the agent: End of file
gpg: OpenPGP card not available: No agent running
after which point it starts gpg-agent and further attempts to do card status give:
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
…and it then overwrites the proxy socket file with the GPG-Agent on the Linux side.
Doing “gpg --version” provides me with…
gpg (GnuPG) 2.2.40
and I suspect there might’ve been a protocol change since that version came out, but I don’t know enough about GPG4Win’s history to be able to say for sure. Assuming this is just a case of incompatible versions, what version do I need to go back to in order to get the two sides talking again?
I’m aware that downgrading is considered a bad idea in general, but I don’t think I have any real choice in the matter if I want to get my work done without migrating literally everything to Windows (which I can do but choose not to for multiple reasons)
Oh, and just to be clear: GPG4Win sees and works just fine with the card. I can --card-status from the command line and get full details on my Yubikey, as well as code sign. It’s only the proxy side where things break.
Any ideas? Any leads? Any hope at all?