GNU bug report logs -
#41941
Signing git commits with PGP fails
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41941 in the body.
You can then email your comments to 41941 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#41941; Package
guix.
(Thu, 18 Jun 2020 22:36:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Jonathan Brielmaier <jonathan.brielmaier <at> web.de>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Thu, 18 Jun 2020 22:36:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
I have a strange error/problem with signing git commits with PGP.
Following situation
`git` is installed via system configuration
`git:send-email` via `guix install` into the user profile
~/.gitconfig has
```
[commit]
gpgsign = true
```
but trying to sign a git commit fails:
```
git commit -m "test"
error: gpg failed to sign the data
fatal: failed to write commit object
```
`guix remove git:send-email` does not help, still the same.
`guix install git` also doesn't help.
What is wrong here?
P.S: As long as commit signing is not working I cannot become a commiter
to the repo. Marius and Ricardo already pledged their support :P
Information forwarded
to
bug-guix <at> gnu.org:
bug#41941; Package
guix.
(Fri, 19 Jun 2020 01:54:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 41941 <at> debbugs.gnu.org (full text, mbox):
On Fri, Jun 19, 2020 at 12:35:09AM +0200, Jonathan Brielmaier wrote:
> I have a strange error/problem with signing git commits with PGP.
The setup can be complicated...
> Following situation
>
> `git` is installed via system configuration
> `git:send-email` via `guix install` into the user profile
>
> ~/.gitconfig has
> ```
> [commit]
> gpgsign = true
> ```
I also have:
------
[gpg]
program = gpg
[user]
signingkey = B0515948F1E7D3C1B98038A02646FA30BACA7F08
------
> but trying to sign a git commit fails:
> ```
> git commit -m "test"
> error: gpg failed to sign the data
> fatal: failed to write commit object
> ```
Do you also have a GPG pinentry program installed? Are you able to sign
an arbitrary file with GPG, outside of Git? For example:
$ gpg --output test.sig --sign file
Information forwarded
to
bug-guix <at> gnu.org:
bug#41941; Package
guix.
(Fri, 19 Jun 2020 14:44:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 41941 <at> debbugs.gnu.org (full text, mbox):
On 19.06.20 03:52, Leo Famulari wrote:
> On Fri, Jun 19, 2020 at 12:35:09AM +0200, Jonathan Brielmaier wrote:
>> I have a strange error/problem with signing git commits with PGP.
>
> The setup can be complicated...
>
>> Following situation
>>
>> `git` is installed via system configuration
>> `git:send-email` via `guix install` into the user profile
>>
>> ~/.gitconfig has
>> ```
>> [commit]
>> gpgsign = true
>> ```
>
> I also have:
>
> ------
> [gpg]
> program = gpg
> [user]
> signingkey = B0515948F1E7D3C1B98038A02646FA30BACA7F08
> ------
Oke, the signingkey parameter is also present in my config.
>> but trying to sign a git commit fails:
>> ```
>> git commit -m "test"
>> error: gpg failed to sign the data
>> fatal: failed to write commit object
>> ```
>
> Do you also have a GPG pinentry program installed? Are you able to sign
> an arbitrary file with GPG, outside of Git? For example:
>
> $ gpg --output test.sig --sign file
I have pinentry installed from the config.scm, but it's still
```
gpg --output test.sig --sign TODO.md
gpg: signing failed: No pinentry
gpg: signing failed: No pinentry
```
Do I need an additional service?
Information forwarded
to
bug-guix <at> gnu.org:
bug#41941; Package
guix.
(Fri, 19 Jun 2020 16:19:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 41941 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Fri, Jun 19, 2020 at 04:43:10PM +0200, Jonathan Brielmaier wrote:
> I have pinentry installed from the config.scm, but it's still
> [...]
> gpg: signing failed: No pinentry
I think the root of the problem is that GPG can't find pinentry.
With Guix, it should work automatically if you install GPG and a
pinentry to your user's profile. [0]
When installed via config.scm, you should set "pinentry-program" with
the right path, either on gpg-agent's command line or in
~/.gnupg/gpg-agent.conf.
[0] See 'gnu/packages/patches/gnupg-default-pinentry.patch' of commit
e5b44b06b3f, which fixed a longstanding UX bug
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#41941; Package
guix.
(Fri, 19 Jun 2020 16:43:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 41941 <at> debbugs.gnu.org (full text, mbox):
On 19.06.20 18:17, Leo Famulari wrote:
> On Fri, Jun 19, 2020 at 04:43:10PM +0200, Jonathan Brielmaier wrote:
>> I have pinentry installed from the config.scm, but it's still
>> [...]
>> gpg: signing failed: No pinentry
>
> I think the root of the problem is that GPG can't find pinentry.
>
> With Guix, it should work automatically if you install GPG and a
> pinentry to your user's profile. [0]
>
> When installed via config.scm, you should set "pinentry-program" with
> the right path, either on gpg-agent's command line or in
> ~/.gnupg/gpg-agent.conf.
>
> [0] See 'gnu/packages/patches/gnupg-default-pinentry.patch' of commit
> e5b44b06b3f, which fixed a longstanding UX bug
A already tried that but had a typo
So
```
pinentry-program /run/current-system/profile/bin/pinentry
``` in ~/.gnupg/gpg-agent.conf
I wonder if we can do better here?
Information forwarded
to
bug-guix <at> gnu.org:
bug#41941; Package
guix.
(Fri, 19 Jun 2020 18:14:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 41941 <at> debbugs.gnu.org (full text, mbox):
On Fri, Jun 19, 2020 at 06:42:21PM +0200, Jonathan Brielmaier wrote:
> A already tried that but had a typo
> So
> ```
> pinentry-program /run/current-system/profile/bin/pinentry
> ``` in ~/.gnupg/gpg-agent.conf
>
> I wonder if we can do better here?
Let us know if you have a suggestion :)
Added tag(s) notabug.
Request was from
Ludovic Courtès <ludo <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Sun, 21 Jun 2020 13:29:02 GMT)
Full text and
rfc822 format available.
bug closed, send any further explanations to
41941 <at> debbugs.gnu.org and Jonathan Brielmaier <jonathan.brielmaier <at> web.de>
Request was from
Ludovic Courtès <ludo <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Sun, 21 Jun 2020 13:29:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 20 Jul 2020 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 293 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.