gpg failed to sign the data fatal: failed to write

2019-01-15 23:47发布

站内问答 / 后端开发
1448 22 6

I followed few articles over the pretty attributes on Git 2.10 release note. Going through which upgraded the git to 2.10.0 and made changes to global .gitconfig resulting as follows - 

[filter "lfs"]
    clean = git-lfs clean %f
    smudge = git-lfs smudge %f
    required = true
[user]
    name = xyz
    email = abc.def@gmail.com
    signingkey = AAAAAAA
[core]
    excludesfile = /Users/xyz/.gitignore_global
    editor = 'subl' --wait
[difftool "sourcetree"]
    cmd = opendiff \"$LOCAL\" \"$REMOTE\"
    path = 
[mergetool "sourcetree"]
    cmd = /Applications/SourceTree.app/Contents/Resources/opendiff-w.sh \"$LOCAL\" \"$REMOTE\" -ancestor \"$BASE\" -merge \"$MERGED\"
    trustExitCode = true
[alias]
    lg = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative
[color "diff"]
    old = red strike
    new = green italic

But now that I try to sign my commits using 

git commit -a -S -m "message"

I get to see the following error -

You need a passphrase to unlock the secret key for

user: "XYZ (Digitally Signed) "

2048-bit RSA key, ID AAAAAAAA, created 2016-07-01

error: gpg failed to sign the data fatal: failed to write commit object

Note - I can still commit changes using git commit -a -m "message"

Is there a way to overcome the same? Or any change required in gpg configs to get along with the upgradation of git?

Update 1

Also seeking further usefulness, following Is there a way to "autosign" commits in Git with a GPG key?. I've already configured the key using 

git config --global user.signingkey ED5CDE14(with my key) 
git config --global commit.gpgsign true

and quite obviously getting the same error anyway.

22条回答
Rolldiameter
2楼-- · 2019-01-16 00:35

Very much like @birchlabs, after a lot of digging/searching I found that it wasn't GPG, but rather GPG Suite. I did cask reinstall gpg-suite and it solved it for me.

查看更多
0人赞 添加讨论(0) 举报
爷、活的狠高调
3楼-- · 2019-01-16 00:40

I've DONE it through this short and easy recipe:

Auto-sign commits on MacOS (Globally and with different IDEs):

Get your signingkey in this way.

brew install gnupg gnupg2 pinentry-mac
git config --global user.signingkey <YOUR_SIGNING_KEY>
git config --global commit.gpgsign true
git config --global gpg.program gpg

Put the following in gpg.conf file (edit file with nano ~/.gnupg/gpg.conf command):

no-tty

Put the following in gpg-agent.conf file (edit file with nano ~/.gnupg/gpg-agent.conf command):

pinentry-program /usr/local/bin/pinentry-mac
查看更多
0人赞 添加讨论(0) 举报
虎瘦雄心在
4楼-- · 2019-01-16 00:40

got it setup by simply :

brew uninstall gpg 

brew install gpg2
查看更多
0人赞 添加讨论(0) 举报
小情绪 Triste *
5楼-- · 2019-01-16 00:42

Update Oct. 2016: issue 871 did mention "Signing stopped working in Git 2.9.3"

Git for Windows 2.10.1 released two days ago (Oct. 4th, 2016) has fixed Interactive GPG signing of commits and tag.

the recent gpg-sign change in git (which introduces no problem on Linux) exposes a problem in the way in which, on Windows, non-MSYS2-git interacts with MSYS2-gpg.

Original answer:

Reading "7.4 Git Tools - Signing Your Work", I assume you have your "user.signingkey" configuration set.

The last big refactoring (before Git 2.10) around gpg was in commit 2f47eae2a, here that error message was moved to gpg-interface.c

A log on that file reveals the recent change in commit af2b21e (Git 2.10)

gpg2 already uses the long format by default, but most distributions seem to still have "gpg" be the older 1.x version due to compatibility reasons. And older versions of gpg only show the 32-bit short ID, which is quite insecure.

This doesn't actually matter for the verification itself: if the verification passes, the pgp signature is good.
But if you don't actually have the key yet, and want to fetch it, or you want to check exactly which key was used for verification and want to check it, we should specify the key with more precision.

So check how you specified your user.signingkey configuration, and the version of gpg you are using (gpg1 or gpg2), to see if those have any effect on the error message.

There is also commit 0581b54 which changes the condition for the gpg failed to sign the data error message (in complement to commit 0d2b664):

We don't read from stderr at all currently. However, we will want to in a future patch, so this also prepares us there (and in that case gpg does write before reading all of the input, though again, it is unlikely that a key uid will fill up a pipe buffer).

Commit 4322353 shows gpg now uses a temporary file, so there could be right issues around that.

Let's convert to using a tempfile object, which handles the hard cases for us, and add the missing cleanup call.

查看更多
0人赞 添加讨论(0) 举报
Bombasti
6楼-- · 2019-01-16 00:42

The git trace was very revealing for my situation...

GIT_TRACE=1 git commit -m "a commit message"
13:45:39.940081 git.c:344               trace: built-in: git commit -m 'a commit message'
13:45:39.977999 run-command.c:640       trace: run_command: gpg --status-fd=2 -bsau 'First Last <first.last@domain.com>'
error: gpg failed to sign the data
fatal: failed to write commit object

I needed to generate an initial key per the format that git was checking against.

gpg --quick-generate-key "First Last <first.last@domain.com>"

Then it worked.

And be sure to replace your name and email instead of "First Last <first.last@domain.com>"

Hope that helps.

查看更多
0人赞 添加讨论(0) 举报
戒情不戒烟
7楼-- · 2019-01-16 00:42

I must have accidentally updated gpg somehow because I got this after trying to test if gpg works:

gpg: WARNING: server 'gpg-agent' is older than us (2.1.21 < 2.2.10)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.

Running gpgconf --kill all fixed it for me.

Hope this helps someone.

查看更多
0人赞 添加讨论(0) 举报
上一页 1 2 3 4 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)