Fixing the Git GPG sign issue
2 min read
When submitting a
commit command, I was facing:
error: gpg failed to sign the data fatal: failed to write commit object
After some searching, I managed to enable Git's debugging log as:
GIT_TRACE=1 git commit
And the output changed to:
08:55:55.059810 git.c:460 trace: built-in: git commit -m 'add readme file' 08:55:55.060693 run-command.c:655 trace: run_command: gpg --status-fd=2 -bsau email@example.com error: gpg failed to sign the data fatal: failed to write commit object
So I run
gpg --status-fd=2 -bsau firstname.lastname@example.org
Add some text and then
Ctrl+d, I got:
[GNUPG:] KEY_CONSIDERED CE5EB6D33A20B12CE310127322C5F425D323FD70 0 [GNUPG:] BEGIN_SIGNING H10 test gpg: signing failed: No pinentry [GNUPG:] FAILURE sign 67108949 gpg: signing failed: No pinentry
pinentry, what is
pinentry, a collection of simple PIN or passphrase entry dialogs which GnuPG uses for passphrase entry. The shell script
/usr/bin/pinentrydetermines which pinentry dialog is used, in the order described at...
Where is this configured? According to the same doc, it should be at
~/.gnupg/gpg-agent.conf. Opened the file and the content was:
Which I don't have, it's
pinentry-gtk-2 which also doesn't work. There are a few other commands in the same path prefixed with
pinentry which some work (says hi when I run it directly), so I picked up
/usr/bin/pinentry-qt and updated the config. Running the commit command again, and the same result. Ok, wait, maybe the agent is running, let's kill it:
gpgconf -kill gpg-agen
And voila! I also tried to set it to
/usr/bin/pinentry which according to Arch wiki should be a script that picks the right tool automatically, but it ended up with the same
No pinentry error. Apparently, this error shows up in both cases which:
pinentry-*variant doesn't exist.
pinentry-*variant exists but fails to run.
- There are some useful tips for other possible scenarios suggested over this gist.