Signing git commits with PGP fails

DoneSubmitted by Jonathan Brielmaier.
Details
3 participants
  • Jonathan Brielmaier
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Severity
normal
J
J
Jonathan Brielmaier wrote on 19 Jun 2020 00:35
(name . bug-guix)(address . bug-guix@gnu.org)
b3455d79-29cf-b381-45d0-ccb2deab9ccd@web.de
I have a strange error/problem with signing git commits with PGP.
Following situation
`git` is installed via system configuration`git:send-email` via `guix install` into the user profile
~/.gitconfig has```[commit] gpgsign = true```
but trying to sign a git commit fails:```git commit -m "test"error: gpg failed to sign the datafatal: failed to write commit object```
`guix remove git:send-email` does not help, still the same.`guix install git` also doesn't help.
What is wrong here?
P.S: As long as commit signing is not working I cannot become a commiterto the repo. Marius and Ricardo already pledged their support :P
L
L
Leo Famulari wrote on 19 Jun 2020 03:52
(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)
20200619015247.GA1458@jasmine.lan
On Fri, Jun 19, 2020 at 12:35:09AM +0200, Jonathan Brielmaier wrote:
Toggle quote (2 lines)> I have a strange error/problem with signing git commits with PGP.
The setup can be complicated...
Toggle quote (11 lines)> Following situation> > `git` is installed via system configuration> `git:send-email` via `guix install` into the user profile> > ~/.gitconfig has> ```> [commit]> gpgsign = true> ```
I also have:
------[gpg] program = gpg [user] signingkey = B0515948F1E7D3C1B98038A02646FA30BACA7F08------
Toggle quote (7 lines)> but trying to sign a git commit fails:> ```> git commit -m "test"> error: gpg failed to sign the data> fatal: failed to write commit object> ```
Do you also have a GPG pinentry program installed? Are you able to signan arbitrary file with GPG, outside of Git? For example:
$ gpg --output test.sig --sign file
J
J
Jonathan Brielmaier wrote on 19 Jun 2020 16:43
(name . Leo Famulari)(address . leo@famulari.name)(address . 41941@debbugs.gnu.org)
2036f2a5-4ec9-0e44-3e71-e6860f5979fa@web.de
On 19.06.20 03:52, Leo Famulari wrote:
Toggle quote (25 lines)> On Fri, Jun 19, 2020 at 12:35:09AM +0200, Jonathan Brielmaier wrote:>> I have a strange error/problem with signing git commits with PGP.>> The setup can be complicated...>>> Following situation>>>> `git` is installed via system configuration>> `git:send-email` via `guix install` into the user profile>>>> ~/.gitconfig has>> ```>> [commit]>> gpgsign = true>> ```>> I also have:>> ------> [gpg]> program = gpg> [user]> signingkey = B0515948F1E7D3C1B98038A02646FA30BACA7F08> ------
Oke, the signingkey parameter is also present in my config.
Toggle quote (12 lines)>> but trying to sign a git commit fails:>> ```>> git commit -m "test">> error: gpg failed to sign the data>> fatal: failed to write commit object>> ```>> Do you also have a GPG pinentry program installed? Are you able to sign> an arbitrary file with GPG, outside of Git? For example:>> $ gpg --output test.sig --sign file
I have pinentry installed from the config.scm, but it's still```gpg --output test.sig --sign TODO.mdgpg: signing failed: No pinentrygpg: signing failed: No pinentry```Do I need an additional service?
L
L
Leo Famulari wrote on 19 Jun 2020 18:17
(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)
20200619161754.GA1614@jasmine.lan
On Fri, Jun 19, 2020 at 04:43:10PM +0200, Jonathan Brielmaier wrote:
Toggle quote (4 lines)> I have pinentry installed from the config.scm, but it's still> [...]> gpg: signing failed: No pinentry
I think the root of the problem is that GPG can't find pinentry.
With Guix, it should work automatically if you install GPG and apinentry to your user's profile. [0]
When installed via config.scm, you should set "pinentry-program" withthe right path, either on gpg-agent's command line or in~/.gnupg/gpg-agent.conf.
[0] See 'gnu/packages/patches/gnupg-default-pinentry.patch' of commite5b44b06b3f, which fixed a longstanding UX bug
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl7s5S8ACgkQJkb6MLrKfwjN9BAA4xSyhD5LGsvAz0DywuWE8NtoTg18npIrm1xZHuRe4ITNtqZSgej47IBD8S/Z6+oPsxzx2vNjh4Dgmp1koFVtxl9lYXLC0B20FWsXK1JvM5ME0ic85pwH//2DGzBHuugbOEQCGbrnGvuGmoPX5V2eceU5uLfoVZtPllfqGXWaqWZ1Fn0S9gvZoC5O5HFxJg6QI8xESEwnUwKPm4XWc3JNQJ+bT8eO7Jz3EZ0CL+afxX23WjTNw46fj2k7aoktwvLfD8WSWYnBDH7b9la+UMwFTk3R+TU5xw8wfJSu0BOhDvZHLg2lVXAYYqPZpAn/+2BDYJIL+XUXHZPozss+nkYxmx48/sgO/5mbJqTED+iQRdFCqM7FStBvXZCw9hIPYwxH2jZsOYwvnhWeLe95HVfcOJErP/KlBxcRSc2iPkVl3fnYDweohG7YFQxG0i04DSiX5687ziCCRB6X7eySMYpai7zL4QWyl1RHCJ4/6Ml0G/Z2r8QMCQG6nx+rpNW7JS/xxMwbRa5nTM7WiEVocjv/QKiUF6ZqzyfBdrEwC/7+lI3PUncisiR+sZD/ZR3UqD/j2NWBLSkGeYHGo+CoBoEPpA1tanOsegD1YwB30X2Ze+CV6+7LpGN+Bdq7XyiSDTA3EIo+N56MckeKtt72SwBX6/9gWUqTCDZ9etAMBsx02Bc==7Rua-----END PGP SIGNATURE-----

J
J
Jonathan Brielmaier wrote on 19 Jun 2020 18:42
(name . Leo Famulari)(address . leo@famulari.name)(address . 41941@debbugs.gnu.org)
a4d52ae2-ed00-c1bf-ffd8-874a1d6647ea@web.de
On 19.06.20 18:17, Leo Famulari wrote:
Toggle quote (17 lines)> On Fri, Jun 19, 2020 at 04:43:10PM +0200, Jonathan Brielmaier wrote:>> I have pinentry installed from the config.scm, but it's still>> [...]>> gpg: signing failed: No pinentry>> I think the root of the problem is that GPG can't find pinentry.>> With Guix, it should work automatically if you install GPG and a> pinentry to your user's profile. [0]>> When installed via config.scm, you should set "pinentry-program" with> the right path, either on gpg-agent's command line or in> ~/.gnupg/gpg-agent.conf.>> [0] See 'gnu/packages/patches/gnupg-default-pinentry.patch' of commit> e5b44b06b3f, which fixed a longstanding UX bug
A already tried that but had a typoSo```pinentry-program /run/current-system/profile/bin/pinentry``` in ~/.gnupg/gpg-agent.conf
I wonder if we can do better here?
L
L
Leo Famulari wrote on 19 Jun 2020 20:13
(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)
20200619181327.GA6617@jasmine.lan
On Fri, Jun 19, 2020 at 06:42:21PM +0200, Jonathan Brielmaier wrote:
Toggle quote (8 lines)> A already tried that but had a typo> So> ```> pinentry-program /run/current-system/profile/bin/pinentry> ``` in ~/.gnupg/gpg-agent.conf> > I wonder if we can do better here?
Let us know if you have a suggestion :)
L
L
Ludovic Courtès wrote on 21 Jun 2020 15:28
control message for bug #41941
(address . control@debbugs.gnu.org)
87pn9sa6pl.fsf@gnu.org
tags 41941 notabugclose 41941quit
?