Signing git commits with PGP fails

  • Done
  • quality assurance status badge
Details
3 participants
  • Jonathan Brielmaier
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Submitted by
Jonathan Brielmaier
Severity
normal
J
J
Jonathan Brielmaier wrote on 19 Jun 2020 00:35
(name . bug-guix)(address . bug-guix@gnu.org)
b3455d79-29cf-b381-45d0-ccb2deab9ccd@web.de
I have a strange error/problem with signing git commits with PGP.

Following situation

`git` is installed via system configuration
`git:send-email` via `guix install` into the user profile

~/.gitconfig has
```
[commit]
gpgsign = true
```

but trying to sign a git commit fails:
```
git commit -m "test"
error: gpg failed to sign the data
fatal: failed to write commit object
```

`guix remove git:send-email` does not help, still the same.
`guix install git` also doesn't help.

What is wrong here?

P.S: As long as commit signing is not working I cannot become a commiter
to the repo. Marius and Ricardo already pledged their support :P
L
L
Leo Famulari wrote on 19 Jun 2020 03:52
(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)
20200619015247.GA1458@jasmine.lan
On Fri, Jun 19, 2020 at 12:35:09AM +0200, Jonathan Brielmaier wrote:
Toggle quote (2 lines)
> I have a strange error/problem with signing git commits with PGP.

The setup can be complicated...

Toggle quote (11 lines)
> Following situation
>
> `git` is installed via system configuration
> `git:send-email` via `guix install` into the user profile
>
> ~/.gitconfig has
> ```
> [commit]
> gpgsign = true
> ```

I also have:

------
[gpg]
program = gpg
[user]
signingkey = B0515948F1E7D3C1B98038A02646FA30BACA7F08
------

Toggle quote (7 lines)
> but trying to sign a git commit fails:
> ```
> git commit -m "test"
> error: gpg failed to sign the data
> fatal: failed to write commit object
> ```

Do you also have a GPG pinentry program installed? Are you able to sign
an arbitrary file with GPG, outside of Git? For example:

$ gpg --output test.sig --sign file
J
J
Jonathan Brielmaier wrote on 19 Jun 2020 16:43
(name . Leo Famulari)(address . leo@famulari.name)(address . 41941@debbugs.gnu.org)
2036f2a5-4ec9-0e44-3e71-e6860f5979fa@web.de
On 19.06.20 03:52, Leo Famulari wrote:
Toggle quote (25 lines)
> On Fri, Jun 19, 2020 at 12:35:09AM +0200, Jonathan Brielmaier wrote:
>> I have a strange error/problem with signing git commits with PGP.
>
> The setup can be complicated...
>
>> Following situation
>>
>> `git` is installed via system configuration
>> `git:send-email` via `guix install` into the user profile
>>
>> ~/.gitconfig has
>> ```
>> [commit]
>> gpgsign = true
>> ```
>
> I also have:
>
> ------
> [gpg]
> program = gpg
> [user]
> signingkey = B0515948F1E7D3C1B98038A02646FA30BACA7F08
> ------

Oke, the signingkey parameter is also present in my config.

Toggle quote (12 lines)
>> but trying to sign a git commit fails:
>> ```
>> git commit -m "test"
>> error: gpg failed to sign the data
>> fatal: failed to write commit object
>> ```
>
> Do you also have a GPG pinentry program installed? Are you able to sign
> an arbitrary file with GPG, outside of Git? For example:
>
> $ gpg --output test.sig --sign file

I have pinentry installed from the config.scm, but it's still
```
gpg --output test.sig --sign TODO.md
gpg: signing failed: No pinentry
gpg: signing failed: No pinentry
```
Do I need an additional service?
L
L
Leo Famulari wrote on 19 Jun 2020 18:17
(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)
20200619161754.GA1614@jasmine.lan
On Fri, Jun 19, 2020 at 04:43:10PM +0200, Jonathan Brielmaier wrote:
Toggle quote (4 lines)
> I have pinentry installed from the config.scm, but it's still
> [...]
> gpg: signing failed: No pinentry

I think the root of the problem is that GPG can't find pinentry.

With Guix, it should work automatically if you install GPG and a
pinentry to your user's profile. [0]

When installed via config.scm, you should set "pinentry-program" with
the right path, either on gpg-agent's command line or in
~/.gnupg/gpg-agent.conf.

[0] See 'gnu/packages/patches/gnupg-default-pinentry.patch' of commit
e5b44b06b3f, which fixed a longstanding UX bug
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl7s5S8ACgkQJkb6MLrK
fwjN9BAA4xSyhD5LGsvAz0DywuWE8NtoTg18npIrm1xZHuRe4ITNtqZSgej47IBD
8S/Z6+oPsxzx2vNjh4Dgmp1koFVtxl9lYXLC0B20FWsXK1JvM5ME0ic85pwH//2D
GzBHuugbOEQCGbrnGvuGmoPX5V2eceU5uLfoVZtPllfqGXWaqWZ1Fn0S9gvZoC5O
5HFxJg6QI8xESEwnUwKPm4XWc3JNQJ+bT8eO7Jz3EZ0CL+afxX23WjTNw46fj2k7
aoktwvLfD8WSWYnBDH7b9la+UMwFTk3R+TU5xw8wfJSu0BOhDvZHLg2lVXAYYqPZ
pAn/+2BDYJIL+XUXHZPozss+nkYxmx48/sgO/5mbJqTED+iQRdFCqM7FStBvXZCw
9hIPYwxH2jZsOYwvnhWeLe95HVfcOJErP/KlBxcRSc2iPkVl3fnYDweohG7YFQxG
0i04DSiX5687ziCCRB6X7eySMYpai7zL4QWyl1RHCJ4/6Ml0G/Z2r8QMCQG6nx+r
pNW7JS/xxMwbRa5nTM7WiEVocjv/QKiUF6ZqzyfBdrEwC/7+lI3PUncisiR+sZD/
ZR3UqD/j2NWBLSkGeYHGo+CoBoEPpA1tanOsegD1YwB30X2Ze+CV6+7LpGN+Bdq7
XyiSDTA3EIo+N56MckeKtt72SwBX6/9gWUqTCDZ9etAMBsx02Bc=
=7Rua
-----END PGP SIGNATURE-----


J
J
Jonathan Brielmaier wrote on 19 Jun 2020 18:42
(name . Leo Famulari)(address . leo@famulari.name)(address . 41941@debbugs.gnu.org)
a4d52ae2-ed00-c1bf-ffd8-874a1d6647ea@web.de
On 19.06.20 18:17, Leo Famulari wrote:
Toggle quote (17 lines)
> On Fri, Jun 19, 2020 at 04:43:10PM +0200, Jonathan Brielmaier wrote:
>> I have pinentry installed from the config.scm, but it's still
>> [...]
>> gpg: signing failed: No pinentry
>
> I think the root of the problem is that GPG can't find pinentry.
>
> With Guix, it should work automatically if you install GPG and a
> pinentry to your user's profile. [0]
>
> When installed via config.scm, you should set "pinentry-program" with
> the right path, either on gpg-agent's command line or in
> ~/.gnupg/gpg-agent.conf.
>
> [0] See 'gnu/packages/patches/gnupg-default-pinentry.patch' of commit
> e5b44b06b3f, which fixed a longstanding UX bug

A already tried that but had a typo
So
```
pinentry-program /run/current-system/profile/bin/pinentry
``` in ~/.gnupg/gpg-agent.conf

I wonder if we can do better here?
L
L
Leo Famulari wrote on 19 Jun 2020 20:13
(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 41941@debbugs.gnu.org)
20200619181327.GA6617@jasmine.lan
On Fri, Jun 19, 2020 at 06:42:21PM +0200, Jonathan Brielmaier wrote:
Toggle quote (8 lines)
> A already tried that but had a typo
> So
> ```
> pinentry-program /run/current-system/profile/bin/pinentry
> ``` in ~/.gnupg/gpg-agent.conf
>
> I wonder if we can do better here?

Let us know if you have a suggestion :)
L
L
Ludovic Courtès wrote on 21 Jun 2020 15:28
control message for bug #41941
(address . control@debbugs.gnu.org)
87pn9sa6pl.fsf@gnu.org
tags 41941 notabug
close 41941
quit
?