From b71c320ea523352ed4e13352243e950361a41460 Mon Sep 17 00:00:00 2001
From: Xevion <xevion@xevion.dev>
Date: Mon, 27 Oct 2025 15:17:17 -0500
Subject: [PATCH] feat: add WSL GPG integration with Windows pinentry support

Configure chezmoi to automatically set up WSL to use Windows GPG for native
Qt5 GUI passphrase prompts during git commit signing:

- Add symlink_dot_gnupg.tmpl to link ~/.gnupg to Windows GPG directory
- Add run_onchange_before_setup-wsl-gpg.sh.tmpl for system GPG symlink
- Update .chezmoiignore to handle .gnupg appropriately per platform
- Document GPG configuration in CLAUDE.md and ONBOARDING.md

This enables seamless git commit signing in WSL environments (including
Claude Code) without passphrase prompt issues, while maintaining platform
independence for regular Linux installations.
---
 CLAUDE.md                                     |  6 +++
 ONBOARDING.md                                 |  4 ++
 home/.chezmoiignore                           |  7 ++++
 .../run_onchange_before_setup-wsl-gpg.sh.tmpl | 38 +++++++++++++++++++
 home/symlink_dot_gnupg.tmpl                   |  3 ++
 5 files changed, 58 insertions(+)
 create mode 100644 home/run_onchange_before_setup-wsl-gpg.sh.tmpl
 create mode 100644 home/symlink_dot_gnupg.tmpl

diff --git a/CLAUDE.md b/CLAUDE.md
index 987a054..35d9a69 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -33,6 +33,12 @@ This is a **chezmoi source directory** for managing dotfiles across multiple mac
 - Bootstrap encryption key from Doppler before apply
 - Handle `chezmoi init` and `chezmoi update --init`
 
+**GPG Configuration (WSL-only):**
+- `~/.gnupg` → Symlink to Windows GPG directory (`C:\Users\Xevion\AppData\Roaming\gnupg`)
+- `/usr/local/bin/gpg` → Symlink to Windows `gpg.exe` (via `run_onchange_before_setup-wsl-gpg.sh.tmpl`)
+- Enables native Windows Qt5 pinentry GUI for passphrase prompts
+- Automatic setup on WSL; ignored on regular Linux
+
 ## Critical Restrictions
 
 ### NEVER Do These Actions
diff --git a/ONBOARDING.md b/ONBOARDING.md
index af90088..e54a305 100644
--- a/ONBOARDING.md
+++ b/ONBOARDING.md
@@ -13,3 +13,7 @@ When **bolded**, this application won't be installed automatically. It implies t
 - Preferred applications
   - [ ] kitty
   - [ ] micro
+- WSL-specific requirements
+  - [ ] **GPG4win** (Windows) - Required for Git commit signing with GUI pinentry
+    - Install via: `scoop install gpg4win`
+    - WSL will automatically link to Windows GPG for native passphrase dialogs
diff --git a/home/.chezmoiignore b/home/.chezmoiignore
index 6776b79..6b9091a 100644
--- a/home/.chezmoiignore
+++ b/home/.chezmoiignore
@@ -22,5 +22,12 @@ key.txt
 
 # Windows-only
 Documents/PowerShell
+AppData/
+
+{{/* WSL-specific: .gnupg is symlinked to Windows GPG directory */}}
+{{ if not .wsl }}
+# On non-WSL Linux, .gnupg is managed separately (not via chezmoi)
+.gnupg
+{{ end }}
 
 {{ end }}
diff --git a/home/run_onchange_before_setup-wsl-gpg.sh.tmpl b/home/run_onchange_before_setup-wsl-gpg.sh.tmpl
new file mode 100644
index 0000000..573fb83
--- /dev/null
+++ b/home/run_onchange_before_setup-wsl-gpg.sh.tmpl
@@ -0,0 +1,38 @@
+{{- if .wsl -}}
+#!/bin/bash
+set -eu
+
+# WSL GPG Setup - Link to Windows GPG for native pinentry support
+# This script creates a system-level symlink from /usr/local/bin/gpg to Windows gpg.exe
+# This allows WSL to use Windows' native Qt5 pinentry GUI for passphrase prompts
+
+GPG_WINDOWS="/mnt/c/Users/{{ .chezmoi.username }}/scoop/apps/gpg4win/current/GnuPG/bin/gpg.exe"
+GPG_LINK="/usr/local/bin/gpg"
+
+# Check if Windows GPG exists
+if [ ! -f "$GPG_WINDOWS" ]; then
+    echo "WARNING: Windows GPG not found at $GPG_WINDOWS"
+    echo "         Skipping GPG symlink setup"
+    exit 0
+fi
+
+# Check if symlink already exists and is correct
+if [ -L "$GPG_LINK" ]; then
+    CURRENT_TARGET=$(readlink "$GPG_LINK")
+    if [ "$CURRENT_TARGET" = "$GPG_WINDOWS" ]; then
+        echo "GPG symlink already configured correctly"
+        exit 0
+    else
+        echo "Updating GPG symlink (was pointing to: $CURRENT_TARGET)"
+    fi
+else
+    echo "Creating GPG symlink to Windows GPG"
+fi
+
+# Create/update the symlink (requires sudo)
+echo "Note: This requires sudo to create a symlink in /usr/local/bin"
+sudo ln -sf "$GPG_WINDOWS" "$GPG_LINK"
+
+echo "✓ GPG symlink configured: $GPG_LINK -> $GPG_WINDOWS"
+echo "  WSL will now use Windows GPG with native GUI pinentry"
+{{- end -}}
diff --git a/home/symlink_dot_gnupg.tmpl b/home/symlink_dot_gnupg.tmpl
new file mode 100644
index 0000000..5e56b61
--- /dev/null
+++ b/home/symlink_dot_gnupg.tmpl
@@ -0,0 +1,3 @@
+{{- if .wsl -}}
+/mnt/c/Users/Xevion/AppData/Roaming/gnupg
+{{- end -}}