Fixing the Git GPG sign issue


2 min read

When submitting a commit command, I was facing:

error: gpg failed to sign the data
fatal: failed to write commit object

After some searching, I managed to enable Git's debugging log as:

GIT_TRACE=1 git commit

And the output changed to:

08:55:55.059810 git.c:460               trace: built-in: git commit -m 'add readme file'
08:55:55.060693 run-command.c:655       trace: run_command: gpg --status-fd=2 -bsau
error: gpg failed to sign the data
fatal: failed to write commit object

So I run

gpg --status-fd=2 -bsau

Add some text and then Ctrl+d, I got:

[GNUPG:] KEY_CONSIDERED CE5EB6D33A20B12CE310127322C5F425D323FD70 0
gpg: signing failed: No pinentry
[GNUPG:] FAILURE sign 67108949
gpg: signing failed: No pinentry

No pinentry, what is pinentry? Here:

pinentry, a collection of simple PIN or passphrase entry dialogs which GnuPG uses for passphrase entry. The shell script /usr/bin/pinentry determines which pinentry dialog is used, in the order described at...

Where is this configured? According to the same doc, it should be at ~/.gnupg/gpg-agent.conf. Opened the file and the content was:

pinentry-program /usr/bin/pinentry-gtk2

Which I don't have, it's pinentry-gtk-2 which also doesn't work. There are a few other commands in the same path prefixed with pinentry which some work (says hi when I run it directly), so I picked up /usr/bin/pinentry-qt and updated the config. Running the commit command again, and the same result. Ok, wait, maybe the agent is running, let's kill it:

gpgconf -kill gpg-agen

And voila! I also tried to set it to /usr/bin/pinentry which according to Arch wiki should be a script that picks the right tool automatically, but it ended up with the same No pinentry error. Apparently, this error shows up in both cases which:

  • the pinentry-* variant doesn't exist.
  • the pinentry-* variant exists but fails to run.


  • There are some useful tips for other possible scenarios suggested over this gist.