Add support for using external GPG instead of using built-in GPG

[realYulin]

• I was not able to find an open or closed issue matching what I'm seeing

Setup

• Which version of Git for Windows are you using? Is it 32-bit or 64-bit?

$ git --version --build-options

git version 2.37.2.windows.2
cpu: x86_64
built from commit: c5597badf94101f0076e6667edee120ab1ee5bac
sizeof-long: 4
sizeof-size_t: 8
shell-path: /bin/sh
feature: fsmonitor--daemon

• Which version of Windows are you running? Vista, 7, 8, 10? Is it 32-bit or 64-bit?

$ cmd.exe /c ver

Microsoft Windows [Version 10.0.22622.586]

• What options did you set as part of the installation? Or did you choose the
  defaults?

# One of the following:
> type "C:\Program Files\Git\etc\install-options.txt"
> type "C:\Program Files (x86)\Git\etc\install-options.txt"
> type "%USERPROFILE%\AppData\Local\Programs\Git\etc\install-options.txt"
> type "$env:USERPROFILE\AppData\Local\Programs\Git\etc\install-options.txt"
$ cat /etc/install-options.txt

Editor Option: VisualStudioCode
Custom Editor Path: 
Default Branch Option:  
Path Option: Cmd
SSH Option: ExternalOpenSSH
Tortoise Option: false
CURL Option: OpenSSL
CRLF Option: CRLFAlways
Bash Terminal Option: MinTTY
Git Pull Behavior Option: Merge
Use Credential Manager: Enabled
Performance Tweaks FSCache: Enabled
Enable Symlinks: Enabled
Enable Pseudo Console Support: Disabled
Enable FSMonitor: Disabled

• Any other interesting things about your environment that might be related
  to the issue you're seeing?

None

Details

• Which terminal/shell are you running Git from? e.g Bash/CMD/PowerShell/other

Windows PowerShell

• What commands did you run to trigger this issue? If you can provide a
  Minimal, Complete, and Verifiable example
  this will help us understand the issue.

Suggestion for installer

• What did you expect to occur after running these commands?

The installer should ask which GPG executable should be used. I have installed Gpg4win and use it generate a GPG key, but Git’s GPG is not compatible to Gpg4win’s GPG (Gpg4win stores GPG keys at C:\Users\USERNAME\AppData\Roaming\gnupg while Git stores it at C:\Users\USERNAME\.gnupg). Because I have enabled the "gpgsign" config, I have to export the private key and reimport it at Git Bash.

• What actually happened instead?

Git use its own GPG so when I commit, I can always see this error "gpg: key "xxxxxxxxxxxxxxxx" not found: Skipped"

• If the problem was occurring with a specific repository, can you provide the
  URL to that repository to help us with testing?

None

[dscho]

Sounds like a good idea. You will need to imitate git-for-windows/build-extra@68fdb43 (which did the same for SSH). To do that:

1. install Git for Windows' SDK,
2. sdk cd installer,
3. edit install.iss
4. build a new installer via sdk build installer/test the page via ./release.sh -d <new page>
5. verify that that installer works as expected?
6. open a PR?

[ElectricalBoy]

I've been using Git for Windows with Gpg4Win as my GPG executable. All I did to make it work was to set gpg.program in my .gitconfig and point it to the Gpg4Win's GPG executable. This has been working for me without any hassle.

Just sharing my workaround while waiting for this patch.

[Okeanos]

Personally, I would suggest using a workaround similar to what I do with OpenSSH as shown here, i.e. ensure that the Git-Bash loads the desired SSH binaries before the supplied ones – I am fairly certain that it should work the same for gpg if the executables have the same name between the different versions.

This has the added benefit that you can switch between them at will (which is most certainly a benefit for OpenSSH).

If time allows I may attempt to contribute a GPG patch for the installer, though (no promises).

[Okeanos]

I just created a branch+commit that enables "skipping" GPG during the Git installation. It builds and works as advertised, I think. I didn't have time to verify it in depth, though.

In particular I am not sure:

• whether all gpg related files are correctly skipped (I believe gpg-error-something.exe remains installed?!)
• whether all the gpg related files really should be skipped (there's way more than I initially thought).

I am not sure whether adding more pages to the Wizard in this fashion … is a good user experience. It'd probably be interesting to have something similar to the components page (where the Terminal fragment, Explorer integration, etc.) are presented and allow users to skip installation of these pieces (ssh, gpg, curl, …?) in a single dialog. I won't be implementing such a thing, though.

[dscho]

It'd probably be interesting to have something similar to the components page (where the Terminal fragment, Explorer integration, etc.) are presented and allow users to skip installation of these pieces (ssh, gpg, curl, …?) in a single dialog.

That thing already exists: https://github.com/git-for-windows/build-extra/blob/e3b0a68414f4222782d37dae34e828f59c558ca3/installer/install.iss#L103-L118

I just created a branch+commit that enables "skipping" GPG during the Git installation

For more efficient review, could you please open a PR? You can mark it as "WIP" via the PR title, or as a draft PR, if you want to indicate that it should not be merged as-is.

[Okeanos]

Yeah, I'll definitely open a PR (probably as WIP) soon. I just didn't get to it yesterday (mostly because of lack of testing on my part) but wanted to at least leave a note. It wasn't meant as a "please review"-message. More of a "I actually started working on it, feel free to have a look" sort of thing.