Git Error: Gpg Failed to Sign The Data on Linux

Git error: gpg failed to sign the data on Linux

I was told to include only the first eight characters of the secret key.

The value of user.signingkey is a key id identifying which key git should use when generating the signature.

There's a complete example in the official documentation that shows how this should work. If gpg --list-keys shows something like:

/Users/schacon/.gnupg/pubring.gpg
---------------------------------
pub   2048R/0A46826A 2014-06-04
uid                  Scott Chacon (Git signing key) <schacon@gmail.com>
sub   2048R/874529A9 2014-06-04

Then the key id is 0A46826A:

git config --global user.signingkey 0A46826A

gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]

I ran into this issue with OSX.

Original answer:

It seems like a gpg update (of brew) changed to location of gpg to gpg1, you can change the binary where git looks up the gpg:

git config --global gpg.program gpg1

If you don't have gpg1: brew install gpg1.

Updated answer:

It looks like gpg1 is being deprecated/"gently nudged out of usage", so you probably should actually update to gpg2, unfortunately this involves quite a few more steps/a bit of time:

brew upgrade gnupg  # This has a make step which takes a while
brew link --overwrite gnupg
brew install pinentry-mac

on old homebrew:

echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

On more recent systems like M1 macs:

echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf 
killall gpg-agent

The first part installs gpg2, and latter is a hack required to use it. For troubleshooting, see this answer (though that is about linux not brew), it suggests a good test:

echo "test" | gpg --clearsign  # on linux it's gpg2 but brew stays as gpg

If this test is successful (no error/output includes PGP signature), you have successfully updated to the latest gpg version.

You should now be able to use git signing again!

It's worth noting you'll need to have:

git config --global gpg.program gpg  # perhaps you had this already? On linux maybe gpg2
git config --global commit.gpgsign true  # if you want to sign every commit

Note: After you've run a signed commit, you can verify it signed with:

git log --show-signature -1

which will include gpg info for the last commit.

Git error - gpg failed to sign data

For troubleshooting, two things to first try:

  • run gpg --version, and make sure you have GnuPG version 2+ (not version 1) installed
  • run echo "test" | gpg --clearsign, to make sure gpg itself is working

If that all looks all right, one next thing to try:

  • run brew install pinentry to ensure you have a good tool installed for passphrase entry

If after that install, you re-try git commit and still get a "failed to sign the data" error, do:

  • run gpgconf --kill gpg-agent to kill any running agent that might be hung

Otherwise, some basic steps to run to check you’ve got a working GnuPG environment:

  • run gpg -K --keyid-format SHORT, to check that you have at least one key pair that is not expired

If the output of that shows you have no secret key for GnuPG to use, you need to create one:

  • run gpg --gen-key, to have GnuPG walk you through the steps for creating a key pair

If you get an error message saying “Inappropriate ioctl for device”, do this:

  • run export GPG_TTY=$(tty) and/or add that to your ~/.bashrc or ˜/.bash_profile

git commit - gpg failed to sign the data, but works from console

Thanks to Alvin Tang for giving me the solution that was so simple!

I just had to add these two line:

GPG_TTY=$(tty)
export GPG_TTY

at the bottom of the file located at ~/.bashrc.

error: gpg failed to sign the data fatal: failed to write commit object

Setting gpg.program config to the gpg path helped me.

To find out gpg path run:

$ which gpg

In my case the git-bash tells it is in path /usr/bin/gpg so I ran:

$ git config --global gpg.program /usr/bin/gpg

gpg failed to write commit object

Heh, of course, right after I posted this question, I found the solution.

So my problem was that I followed this doc: https://help.github.com/en/articles/telling-git-about-your-signing-key

And set up both GPG and smimesign, when I have Git < 2.19 and no proper X.509 keys.

So I just removed the part with smimesign from global ~/.gitconfig


Related Topics

Window Placement: Winsplit Revolution -Like Application for Linux (Kde)

Change The Default Find-Grep Command in Emacs

Exploiting a String-Based Overflow on X86-64 with Nx (Dep) and Aslr Enabled

When Will Send() Return Less Than The Length Argument

Driver Ch341 Usb Adapter Serial Port or Qserialport Not Works in Linux

Gnu Find: When Does The Default Action Apply

How Does This Perl One Liner in The Bash Works

Exit from Bash Script But Keep The Process Running

Undefined Reference to Symbol 'Timer_Settime@@Glibc_2.3.3

Interprocess Communication via Pipes

Understanding The Getting of Task_Struct Pointer from Process Kernel Stack

How to Use Performance Counters Inside of The Kernel

Snmp Devices Emulation

User-Space Memory Editing Programs

Using Dma Memory Transfer in User-Space

Does Each Unix File Description Have Its Own Read/Write Buffers

How to Change Default Number of Max Process Per User in Linux

How to Run a Cron Job with Arguments and Pass Results to a Log


Leave a reply



Submit