Codex and GPG Signing
In my usual Git workflow, I sign commits with GPG.
There is no deep reason for it, but I like seeing Verified in the GitHub commit history.
git config --global commit.gpgsign true
This setting itself is fine, but I ran into a small issue when asking Codex to handle Git work.
When creating a commit, GPG needs the passphrase, and signing fails at that point.
At first, I committed by canceling the signing step, but it felt wrong, so I decided to fix it.
Use pinentry-qt
GPG uses pinentry to ask for the passphrase.
Some variants accept input in the CLI, while others show a GUI dialog.
When Codex runs Git commands, it may not handle terminal-based input prompts well.
So I decided to specify pinentry-qt, which can show a GUI input dialog.
On Ubuntu, first install pinentry-qt.
sudo apt install pinentry-qt
Then set pinentry-program in ~/.gnupg/gpg-agent.conf.
vim ~/.gnupg/gpg-agent.conf
The content should look like this.
pinentry-program /usr/bin/pinentry-qt
Reload GPG Agent to apply the setting.
gpg-connect-agent reloadagent /bye
If the setting does not seem to apply, killing the Agent once may also help.
gpgconf --kill gpg-agent
With this setup, when Codex creates a commit, the GPG passphrase prompt appears as a GUI dialog.
As a result, I can keep signed commits enabled without setting commit.gpgsign to false.
Notes
If you are using WSL, the environment needs to be able to display GUI windows.
With WSLg on Windows 11, it will often work as-is.
GPG configuration also varies quite a bit by environment.
If you already have another pinentry-program configured in gpg-agent.conf, it is better to check the existing setup before overwriting it.
Previously, I wrote about calling the Windows-side Pinentry to make GPG-signed commits from VSCode.
Enable GPG-Signed Commits in VSCode
This time, the topic is Git work from Codex, so I chose to use pinentry-qt on the Linux side.