VScode & qubes-split gpg: signing failed: Inappropriate ioctl for device

dkzkz · March 12, 2026, 3:18pm

I’m trying to make vscode use qubes-split-gpg following this documentation Split GPG — Qubes OS Documentation and this post Some help with split-gpg2 - #14 by JustAnotherQubesUser

So i tried to do in VScode vm

export QUBES_GPG_DOMAIN=gpg-vscode
git config --global gpg.program qubes-gpg-client-wrapper

In dom0 i added in a policy :

qubes.Gpg	*	@anyvm	gpg-codium	ask
qubes.GpgKeyImport *    @anyvm gpg-codium ask
qubes.Gpg2 + * @default allow target=gpg-codium

But when i try push a signed commit with vscode i get this error

> git -c user.useConfigOnly=true commit --quiet --allow-empty-message --file - -S
error: gpg failed to sign the data:
[GNUPG:] KEY_CONSIDERED (key number)
[GNUPG:] BEGIN_SIGNING H10
[GNUPG:] PINENTRY_LAUNCHED 820 curses 1.3.1 - - :0 - 1000/1000 -
gpg: signing failed: Inappropriate ioctl for device
[GNUPG:] FAILURE sign (key number)
gpg: signing failed: Inappropriate ioctl for device

fatal: failed to write commit object

Key number = the private key inside gpg-vm

split-gpg2-dom0 is installed in dom0 and the split-gpg2 package is installed in the template and the service is enabled for vscode vm

what i’m missing ?

parulin · March 12, 2026, 3:42pm

Are you trying to use Split GPG 1 ? Split GPG 2 ? Or both ?

Is gpg -K working?

dkzkz · March 12, 2026, 3:51pm

I’m confused with the documenttion so i tried to use all of them i don’t know if we should keep th old qubes-split-gpg

Yes in the gpg-code vm

parulin · March 12, 2026, 4:00pm

You should stick to only one of them first.

dkzkz · March 12, 2026, 4:45pm

Do you know how to execute split-gpg2 with the cli command ? i can’t find the exec with whereis command

I tried to do git config --global gpg.program /usr/share/split-gpg2/split-gpg2-client

But it does nothing

parulin · March 12, 2026, 5:03pm

You just use gpg, split-gpg2-client is a service.

dkzkz · March 12, 2026, 5:16pm

I’ve made some progress i do not have the error now but instead i get this :

> git -c user.useConfigOnly=true commit --quiet --allow-empty-message --file - -S
error: gpg failed to sign the data:
gpg: skipped "dkzkz <(mail)>": No secret key
[GNUPG:] INV_SGNR 9 dkzkz (mail)
[GNUPG:] FAILURE sign 17
gpg: signing failed: No secret key

fatal: failed to write commit object

The private key is in the gpg-code vm i can see th key with gpg --list-secret-keys commands

parulin · March 12, 2026, 6:06pm

Ok, can I assume you followed the Split GPG-2 documentation?

gpg-codium is your server qube and gpg-vscode is your client qube?

Are the instructions in Check that Split GPG-2 works working?

dkzkz · March 12, 2026, 11:54pm

Yes doing gpg -K in gpg-codium works

 [user@gpg-codium ~]$ gpg -K
[keyboxd]
---------
sec   rsa4096 (date of the key) [SC] [expires: ]
                  (key number is here)
uid           [ unknown] dkzkz <(mail)>
ssb   rsa4096 (date of the key) [E] [expires: ]

I think VSCode doesn’t work correctly with qubes-split features i spent too much time trying to make it work i give up

I also tried to change the template for gpg-code , i tried the fedora template and debian template and none of them seems to work unfortunately

parulin · March 13, 2026, 5:51am

You haven’t answered my questions so I can’t help.

dkzkz · March 14, 2026, 10:29am

When i replied “Yes” in my previous answer it mean yes for everything you asked me but i should have been more clear sorry for that

But i still don’t think vscode can work with split-gpg-2 i need a last thing before giving up

parulin · March 14, 2026, 10:32am

gpg working in the server qube doesn’t matter. Is it working in a shell session in the client qube?