gitgithubgpg-signature

gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]


I followed few articles over the pretty attributes on Git 2.10 release note. Going through which upgraded the git to 2.10.0 and made changes to global .gitconfig resulting as follows -

[filter "lfs"]
    clean = git-lfs clean %f
    smudge = git-lfs smudge %f
    required = true
[user]
    name = xyz
    email = abc.def@gmail.com
    signingkey = AAAAAAA
[core]
    excludesfile = /Users/xyz/.gitignore_global
    editor = 'subl' --wait
[difftool "sourcetree"]
    cmd = opendiff \"$LOCAL\" \"$REMOTE\"
    path = 
[mergetool "sourcetree"]
    cmd = /Applications/SourceTree.app/Contents/Resources/opendiff-w.sh \"$LOCAL\" \"$REMOTE\" -ancestor \"$BASE\" -merge \"$MERGED\"
    trustExitCode = true
[alias]
    lg = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative
[color "diff"]
    old = red strike
    new = green italic

But now that I try to sign my commits using

git commit -a -S -m "message"

I get to see the following error -

You need a passphrase to unlock the secret key for

user: "XYZ (Digitally Signed) "

2048-bit RSA key, ID AAAAAAAA, created 2016-07-01

error: gpg failed to sign the data fatal: failed to write commit object

Note - I can still commit changes using git commit -a -m "message"

Is there a way to overcome the same? Or any change required in gpg configs to get along with the upgradation of git?


Update 1

Also seeking further usefulness, following Is there a way to "autosign" commits in Git with a GPG key?. I've already configured the key using

git config --global user.signingkey ED5CDE14(with my key) 
git config --global commit.gpgsign true

and quite obviously getting the same error anyway.


Solution

  • I ran into this issue with macOS.

    Original answer:

    It seems like a gpg update (of brew) changed to location of gpg to gpg1, you can change the binary where git looks up the gpg:

    git config --global gpg.program gpg1
    

    If you don't have gpg1: brew install gpg1.

    Updated answer:

    It looks like gpg1 is being deprecated/"gently nudged out of usage", so you probably should actually update to gpg2, unfortunately this involves quite a few more steps/a bit of time:

    brew upgrade gnupg  # This has a make step which takes a while
    brew link --overwrite gnupg
    brew install pinentry-mac
    echo "pinentry-program $(brew --prefix)/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
    killall gpg-agent
    

    The first part installs gpg2, and latter is a hack required to use it. For troubleshooting, see this answer (though that is about linux not brew), it suggests a good test:

    echo "test" | gpg --clearsign  # on linux it's gpg2 but brew stays as gpg
    

    If this test is successful (no error/output includes PGP signature), you have successfully updated to the latest gpg version.

    You should now be able to use git signing again!
    It's worth noting you'll need to have:

    git config --global gpg.program gpg  # perhaps you had this already? On linux maybe gpg2
    git config --global commit.gpgsign true  # if you want to sign every commit
    

    Note: After you've run a signed commit, you can verify it signed with:

    git log --show-signature -1
    

    which will include gpg info for the last commit.