Signing git commits with PGP fails

Jonathan Brielmaier wrote on 19 Jun 2020 00:35

Recipients:(name . bug-guix)(address . bug-guix@gnu.org)

Message-ID:b3455d79-29cf-b381-45d0-ccb2deab9ccd@web.de

I have a strange error/problem with signing git commits with PGP.
Following situation
`git` is installed via system configuration`git:send-email` via `guix install` into the user profile
~/.gitconfig has```[commit] gpgsign = true```
but trying to sign a git commit fails:```git commit -m "test"error: gpg failed to sign the datafatal: failed to write commit object```
`guix remove git:send-email` does not help, still the same.`guix install git` also doesn't help.
What is wrong here?
P.S: As long as commit signing is not working I cannot become a commiterto the repo. Marius and Ricardo already pledged their support :P

Leo Famulari wrote on 19 Jun 2020 03:52

Recipients:(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)

Message-ID:20200619015247.GA1458@jasmine.lan

On Fri, Jun 19, 2020 at 12:35:09AM +0200, Jonathan Brielmaier wrote:

Toggle quote (2 lines)

> I have a strange error/problem with signing git commits with PGP.

The setup can be complicated...

Toggle quote (11 lines)> Following situation> > `git` is installed via system configuration> `git:send-email` via `guix install` into the user profile> > ~/.gitconfig has> ```> [commit]>   gpgsign = true> ```

I also have:
------[gpg] program = gpg [user] signingkey = B0515948F1E7D3C1B98038A02646FA30BACA7F08------

Toggle quote (7 lines)

> but trying to sign a git commit fails:> ```> git commit -m "test"> error: gpg failed to sign the data> fatal: failed to write commit object> ```

Do you also have a GPG pinentry program installed? Are you able to signan arbitrary file with GPG, outside of Git? For example:
$ gpg --output test.sig --sign file

Jonathan Brielmaier wrote on 19 Jun 2020 16:43

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 41941@debbugs.gnu.org)

Message-ID:2036f2a5-4ec9-0e44-3e71-e6860f5979fa@web.de

On 19.06.20 03:52, Leo Famulari wrote:

Toggle quote (25 lines)> On Fri, Jun 19, 2020 at 12:35:09AM +0200, Jonathan Brielmaier wrote:>> I have a strange error/problem with signing git commits with PGP.>> The setup can be complicated...>>> Following situation>>>> `git` is installed via system configuration>> `git:send-email` via `guix install` into the user profile>>>> ~/.gitconfig has>> ```>> [commit]>>   gpgsign = true>> ```>> I also have:>> ------> [gpg]>         program = gpg> [user]>         signingkey = B0515948F1E7D3C1B98038A02646FA30BACA7F08> ------

Oke, the signingkey parameter is also present in my config.

Toggle quote (12 lines)>> but trying to sign a git commit fails:>> ```>> git commit -m "test">> error: gpg failed to sign the data>> fatal: failed to write commit object>> ```>> Do you also have a GPG pinentry program installed? Are you able to sign> an arbitrary file with GPG, outside of Git? For example:>> $ gpg --output test.sig --sign file

I have pinentry installed from the config.scm, but it's still```gpg --output test.sig --sign TODO.mdgpg: signing failed: No pinentrygpg: signing failed: No pinentry```Do I need an additional service?

Leo Famulari wrote on 19 Jun 2020 18:17

Recipients:(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)

Message-ID:20200619161754.GA1614@jasmine.lan

On Fri, Jun 19, 2020 at 04:43:10PM +0200, Jonathan Brielmaier wrote:

Toggle quote (4 lines)

> I have pinentry installed from the config.scm, but it's still> [...]> gpg: signing failed: No pinentry

I think the root of the problem is that GPG can't find pinentry.
With Guix, it should work automatically if you install GPG and apinentry to your user's profile. [0]
When installed via config.scm, you should set "pinentry-program" withthe right path, either on gpg-agent's command line or in~/.gnupg/gpg-agent.conf.
[0] See 'gnu/packages/patches/gnupg-default-pinentry.patch' of commite5b44b06b3f, which fixed a longstanding UX bug

Jonathan Brielmaier wrote on 19 Jun 2020 18:42

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 41941@debbugs.gnu.org)

Message-ID:a4d52ae2-ed00-c1bf-ffd8-874a1d6647ea@web.de

On 19.06.20 18:17, Leo Famulari wrote:

Toggle quote (17 lines)> On Fri, Jun 19, 2020 at 04:43:10PM +0200, Jonathan Brielmaier wrote:>> I have pinentry installed from the config.scm, but it's still>> [...]>> gpg: signing failed: No pinentry>> I think the root of the problem is that GPG can't find pinentry.>> With Guix, it should work automatically if you install GPG and a> pinentry to your user's profile. [0]>> When installed via config.scm, you should set "pinentry-program" with> the right path, either on gpg-agent's command line or in> ~/.gnupg/gpg-agent.conf.>> [0] See 'gnu/packages/patches/gnupg-default-pinentry.patch' of commit> e5b44b06b3f, which fixed a longstanding UX bug

A already tried that but had a typoSo```pinentry-program /run/current-system/profile/bin/pinentry``` in ~/.gnupg/gpg-agent.conf
I wonder if we can do better here?

Leo Famulari wrote on 19 Jun 2020 20:13

Recipients:(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)

Message-ID:20200619181327.GA6617@jasmine.lan

On Fri, Jun 19, 2020 at 06:42:21PM +0200, Jonathan Brielmaier wrote:

Toggle quote (8 lines)

> A already tried that but had a typo> So> ```> pinentry-program /run/current-system/profile/bin/pinentry> ``` in ~/.gnupg/gpg-agent.conf> > I wonder if we can do better here?

Let us know if you have a suggestion :)

Ludovic Courtès wrote on 21 Jun 2020 15:28

control message for bug #41941

Recipients:(address . control@debbugs.gnu.org)

Message-ID:87pn9sa6pl.fsf@gnu.org

tags 41941 notabugclose 41941quit

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date