gpg failed to sign the data fatal: failed to write

I followed few articles over the pretty attributes on Git 2.10 release note. Going through which upgraded the git to 2.10.0 and made changes to global .gitconfig resulting as follows -

[filter "lfs"]
    clean = git-lfs clean %f
    smudge = git-lfs smudge %f
    required = true
[user]
    name = xyz
    email = abc.def@gmail.com
    signingkey = AAAAAAA
[core]
    excludesfile = /Users/xyz/.gitignore_global
    editor = 'subl' --wait
[difftool "sourcetree"]
    cmd = opendiff \"$LOCAL\" \"$REMOTE\"
    path = 
[mergetool "sourcetree"]
    cmd = /Applications/SourceTree.app/Contents/Resources/opendiff-w.sh \"$LOCAL\" \"$REMOTE\" -ancestor \"$BASE\" -merge \"$MERGED\"
    trustExitCode = true
[alias]
    lg = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative
[color "diff"]
    old = red strike
    new = green italic

But now that I try to sign my commits using

git commit -a -S -m "message"

I get to see the following error -

You need a passphrase to unlock the secret key for

user: "XYZ (Digitally Signed) "

2048-bit RSA key, ID AAAAAAAA, created 2016-07-01

error: gpg failed to sign the data fatal: failed to write commit object

Note - I can still commit changes using git commit -a -m "message"

Is there a way to overcome the same? Or any change required in gpg configs to get along with the upgradation of git?

Update 1

Also seeking further usefulness, following Is there a way to "autosign" commits in Git with a GPG key?. I've already configured the key using

git config --global user.signingkey ED5CDE14(with my key) 
git config --global commit.gpgsign true

and quite obviously getting the same error anyway.

标签： git github gpg-signature

22条回答

小情绪 Triste *

2楼-- · 2019-01-16 00:18

Make sure you have your email set properly.

git config --global user.email "user@example.com"

0人赞添加讨论(0) 举报

劫难

3楼-- · 2019-01-16 00:19

If everything fails, use GIT_TRACE=1 to try and see what git is actually doing:

$ GIT_TRACE=1 git commit -m "Add page that always requires a logged-in user"
20:52:58.902766 git.c:328               trace: built-in: git 'commit' '-vvv' '-m' 'Add page that always requires a logged-in user'
20:52:58.918467 run-command.c:626       trace: run_command: 'gpg' '--status-fd=2' '-bsau' '23810377252EF4C2'
error: gpg failed to sign the data
fatal: failed to write commit object

Now run the failing command manually:

$ gpg -bsau 23810377252EF4C2
gpg: skipped "23810377252EF4C2": Unusable secret key
gpg: signing failed: Unusable secret key

Turns out, my key was expired, git was not to blame.

0人赞添加讨论(0) 举报

一夜七次

4楼-- · 2019-01-16 00:25

I ran into this issue with OSX.

Original answer:

It seems like a gpg update (of brew) changed to location of gpg to gpg1, you can change the binary where git looks up the gpg:

git config --global gpg.program gpg1

If you don't have gpg1: brew install gpg1.

Updated answer:

It looks like gpg1 is being deprecated/"gently nudged out of usage", so you probably should actually update to gpg2, unfortunately this involves quite a few more steps/a bit of time:

brew upgrade gnupg  # This has a make step which takes a while
brew link --overwrite gnupg
brew install pinentry-mac
echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

The first part installs gpg2, and latter is a hack required to use it. For troubleshooting, see this answer (though that is about linux not brew), it suggests a good test:

echo "test" | gpg --clearsign  # on linux it's gpg2 but brew stays as gpg

If this test is successful (no error/output includes PGP signature), you have successfully updated to the latest gpg version.

You should now be able to use git signing again!
It's worth noting you'll need to have:

git config --global gpg.program gpg  # perhaps you had this already? On linux maybe gpg2
git config --global commit.gpgsign true  # if you want to sign every commit

Note: After you've ran a signed commit, you can verify it signed with:

git log --show-signature -1

which will include gpg info for the last commit.

0人赞添加讨论(0) 举报

劫难

5楼-- · 2019-01-16 00:25

I had a similar issue with the latest Git sources (2.12.2) built along with the latest sources of all its dependencies (Zlib, Bzip, cURL, PCRE, ReadLine, IDN2, iConv, Unistring, etc).

It turns out libreadline was giving GnuPG problems:

$ gpg --version
gpg: symbol lookup error: /usr/local/lib/libreadline.so.7: undefined symbol: UP

And of course, trying to get useful information from Git with -vvv failed, so the failure was a mystery.

To resolve the PGP failure due to ReadLine, follow the instructions at Can't update or use package manager -- gpg error:

In terminal:
ls /usr/local/lib
there was a bunch of readline libs in there (libreadline.so.BLAH-BLAH) so i:
su
mkdir temp
mv /usr/local/lib/libreadline* temp
ldconfig

0人赞添加讨论(0) 举报

神经病院院长

6楼-- · 2019-01-16 00:25

If this just happened randomly and has been working perfectly in the past, as is my case, try logging out (cmd+shift+q) and logging back in. Worked for me

0人赞添加讨论(0) 举报

唯我独甜

7楼-- · 2019-01-16 00:26

If the email assoicated to your GPG key's uid is different to the email you are using in git, you'll need to add another user id to your key OR use a key which email matches exactly.

You can add another UID by using:

$ gpg --edit-key

See for mo https://superuser.com/questions/293184/one-gnupg-pgp-key-pair-two-emails

0人赞添加讨论(0) 举报

1 2 3 4 下一页