Signing git commits with PGP fails

  • Done
  • quality assurance status badge
Details
3 participants
  • Jonathan Brielmaier
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Submitted by
Jonathan Brielmaier
Severity
normal
J
J
Jonathan Brielmaier wrote on 19 Jun 2020 00:35
(name . bug-guix)(address . bug-guix@gnu.org)
b3455d79-29cf-b381-45d0-ccb2deab9ccd@web.de
I have a strange error/problem with signing git commits with PGP.

Following situation

`git` is installed via system configuration
`git:send-email` via `guix install` into the user profile

~/.gitconfig has
```
[commit]
gpgsign = true
```

but trying to sign a git commit fails:
```
git commit -m "test"
error: gpg failed to sign the data
fatal: failed to write commit object
```

`guix remove git:send-email` does not help, still the same.
`guix install git` also doesn't help.

What is wrong here?

P.S: As long as commit signing is not working I cannot become a commiter
to the repo. Marius and Ricardo already pledged their support :P
L
L
Leo Famulari wrote on 19 Jun 2020 03:52
(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)
20200619015247.GA1458@jasmine.lan
On Fri, Jun 19, 2020 at 12:35:09AM +0200, Jonathan Brielmaier wrote:
Toggle quote (2 lines)
> I have a strange error/problem with signing git commits with PGP.

The setup can be complicated...

Toggle quote (11 lines)
> Following situation
>
> `git` is installed via system configuration
> `git:send-email` via `guix install` into the user profile
>
> ~/.gitconfig has
> ```
> [commit]
> gpgsign = true
> ```

I also have:

------
[gpg]
program = gpg
[user]
signingkey = B0515948F1E7D3C1B98038A02646FA30BACA7F08
------

Toggle quote (7 lines)
> but trying to sign a git commit fails:
> ```
> git commit -m "test"
> error: gpg failed to sign the data
> fatal: failed to write commit object
> ```

Do you also have a GPG pinentry program installed? Are you able to sign
an arbitrary file with GPG, outside of Git? For example:

$ gpg --output test.sig --sign file
J
J
Jonathan Brielmaier wrote on 19 Jun 2020 16:43
(name . Leo Famulari)(address . leo@famulari.name)(address . 41941@debbugs.gnu.org)
2036f2a5-4ec9-0e44-3e71-e6860f5979fa@web.de
On 19.06.20 03:52, Leo Famulari wrote:
Toggle quote (25 lines)
> On Fri, Jun 19, 2020 at 12:35:09AM +0200, Jonathan Brielmaier wrote:
>> I have a strange error/problem with signing git commits with PGP.
>
> The setup can be complicated...
>
>> Following situation
>>
>> `git` is installed via system configuration
>> `git:send-email` via `guix install` into the user profile
>>
>> ~/.gitconfig has
>> ```
>> [commit]
>> gpgsign = true
>> ```
>
> I also have:
>
> ------
> [gpg]
> program = gpg
> [user]
> signingkey = B0515948F1E7D3C1B98038A02646FA30BACA7F08
> ------

Oke, the signingkey parameter is also present in my config.

Toggle quote (12 lines)
>> but trying to sign a git commit fails:
>> ```
>> git commit -m "test"
>> error: gpg failed to sign the data
>> fatal: failed to write commit object
>> ```
>
> Do you also have a GPG pinentry program installed? Are you able to sign
> an arbitrary file with GPG, outside of Git? For example:
>
> $ gpg --output test.sig --sign file

I have pinentry installed from the config.scm, but it's still
```
gpg --output test.sig --sign TODO.md
gpg: signing failed: No pinentry
gpg: signing failed: No pinentry
```
Do I need an additional service?
L
L
Leo Famulari wrote on 19 Jun 2020 18:17
(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)
20200619161754.GA1614@jasmine.lan
On Fri, Jun 19, 2020 at 04:43:10PM +0200, Jonathan Brielmaier wrote:
Toggle quote (4 lines)
> I have pinentry installed from the config.scm, but it's still
> [...]
> gpg: signing failed: No pinentry

I think the root of the problem is that GPG can't find pinentry.

With Guix, it should work automatically if you install GPG and a
pinentry to your user's profile. [0]

When installed via config.scm, you should set "pinentry-program" with
the right path, either on gpg-agent's command line or in
~/.gnupg/gpg-agent.conf.

[0] See 'gnu/packages/patches/gnupg-default-pinentry.patch' of commit
e5b44b06b3f, which fixed a longstanding UX bug
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl7s5S8ACgkQJkb6MLrK
fwjN9BAA4xSyhD5LGsvAz0DywuWE8NtoTg18npIrm1xZHuRe4ITNtqZSgej47IBD
8S/Z6+oPsxzx2vNjh4Dgmp1koFVtxl9lYXLC0B20FWsXK1JvM5ME0ic85pwH//2D
GzBHuugbOEQCGbrnGvuGmoPX5V2eceU5uLfoVZtPllfqGXWaqWZ1Fn0S9gvZoC5O
5HFxJg6QI8xESEwnUwKPm4XWc3JNQJ+bT8eO7Jz3EZ0CL+afxX23WjTNw46fj2k7
aoktwvLfD8WSWYnBDH7b9la+UMwFTk3R+TU5xw8wfJSu0BOhDvZHLg2lVXAYYqPZ
pAn/+2BDYJIL+XUXHZPozss+nkYxmx48/sgO/5mbJqTED+iQRdFCqM7FStBvXZCw
9hIPYwxH2jZsOYwvnhWeLe95HVfcOJErP/KlBxcRSc2iPkVl3fnYDweohG7YFQxG
0i04DSiX5687ziCCRB6X7eySMYpai7zL4QWyl1RHCJ4/6Ml0G/Z2r8QMCQG6nx+r
pNW7JS/xxMwbRa5nTM7WiEVocjv/QKiUF6ZqzyfBdrEwC/7+lI3PUncisiR+sZD/
ZR3UqD/j2NWBLSkGeYHGo+CoBoEPpA1tanOsegD1YwB30X2Ze+CV6+7LpGN+Bdq7
XyiSDTA3EIo+N56MckeKtt72SwBX6/9gWUqTCDZ9etAMBsx02Bc=
=7Rua
-----END PGP SIGNATURE-----


J
J
Jonathan Brielmaier wrote on 19 Jun 2020 18:42
(name . Leo Famulari)(address . leo@famulari.name)(address . 41941@debbugs.gnu.org)
a4d52ae2-ed00-c1bf-ffd8-874a1d6647ea@web.de
On 19.06.20 18:17, Leo Famulari wrote:
Toggle quote (17 lines)
> On Fri, Jun 19, 2020 at 04:43:10PM +0200, Jonathan Brielmaier wrote:
>> I have pinentry installed from the config.scm, but it's still
>> [...]
>> gpg: signing failed: No pinentry
>
> I think the root of the problem is that GPG can't find pinentry.
>
> With Guix, it should work automatically if you install GPG and a
> pinentry to your user's profile. [0]
>
> When installed via config.scm, you should set "pinentry-program" with
> the right path, either on gpg-agent's command line or in
> ~/.gnupg/gpg-agent.conf.
>
> [0] See 'gnu/packages/patches/gnupg-default-pinentry.patch' of commit
> e5b44b06b3f, which fixed a longstanding UX bug

A already tried that but had a typo
So
```
pinentry-program /run/current-system/profile/bin/pinentry
``` in ~/.gnupg/gpg-agent.conf

I wonder if we can do better here?
L
L
Leo Famulari wrote on 19 Jun 2020 20:13
(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)
20200619181327.GA6617@jasmine.lan
On Fri, Jun 19, 2020 at 06:42:21PM +0200, Jonathan Brielmaier wrote:
Toggle quote (8 lines)
> A already tried that but had a typo
> So
> ```
> pinentry-program /run/current-system/profile/bin/pinentry
> ``` in ~/.gnupg/gpg-agent.conf
>
> I wonder if we can do better here?

Let us know if you have a suggestion :)
L
L
Ludovic Courtès wrote on 21 Jun 2020 15:28
control message for bug #41941
(address . control@debbugs.gnu.org)
87pn9sa6pl.fsf@gnu.org
tags 41941 notabug
close 41941
quit
?
Your comment

This issue is archived.

To comment on this conversation send an email to 41941@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 41941
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch