Fixing the Git GPG sign issue
When submitting a commit
command, I was facing:
error: gpg failed to sign the data
fatal: failed to write commit object
After some searching, I managed to enable Git's debugging log as:
GIT_TRACE=1 git commit
And the output changed to:
08:55:55.059810 git.c:460 trace: built-in: git commit -m 'add readme file'
08:55:55.060693 run-command.c:655 trace: run_command: gpg --status-fd=2 -bsau hi@shahinism.com
error: gpg failed to sign the data
fatal: failed to write commit object
So I run
gpg --status-fd=2 -bsau hi@shahinism.com
Add some text and then Ctrl+d
, I got:
[GNUPG:] KEY_CONSIDERED CE5EB6D33A20B12CE310127322C5F425D323FD70 0
[GNUPG:] BEGIN_SIGNING H10
test
gpg: signing failed: No pinentry
[GNUPG:] FAILURE sign 67108949
gpg: signing failed: No pinentry
No pinentry
, what is pinentry
? Here:
pinentry, a collection of simple PIN or passphrase entry dialogs which GnuPG uses for passphrase entry. The shell script
/usr/bin/pinentry
determines which pinentry dialog is used, in the order described at...
Where is this configured? According to the same doc, it should be at ~/.gnupg/gpg-agent.conf
. Opened the file and the content was:
pinentry-program /usr/bin/pinentry-gtk2
Which I don't have, it's pinentry-gtk-2
which also doesn't work. There are a few other commands in the same path prefixed with pinentry
which some work (says hi when I run it directly), so I picked up /usr/bin/pinentry-qt
and updated the config. Running the commit command again, and the same result. Ok, wait, maybe the agent is running, let's kill it:
gpgconf -kill gpg-agen
And voila! I also tried to set it to /usr/bin/pinentry
which according to Arch wiki should be a script that picks the right tool automatically, but it ended up with the same No pinentry
error. Apparently, this error shows up in both cases which:
- the
pinentry-*
variant doesn't exist. - the
pinentry-*
variant exists but fails to run.
References
- There are some useful tips for other possible scenarios suggested over this gist.