Git error: gpg failed to sign the data on Linux
I was told to include only the first eight characters of the secret key.
The value of user.signingkey
is a key id identifying which key git should use when generating the signature.
There's a complete example in the official documentation that shows how this should work. If gpg --list-keys
shows something like:
/Users/schacon/.gnupg/pubring.gpg
---------------------------------
pub 2048R/0A46826A 2014-06-04
uid Scott Chacon (Git signing key) <schacon@gmail.com>
sub 2048R/874529A9 2014-06-04
Then the key id is 0A46826A
:
git config --global user.signingkey 0A46826A
gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]
I ran into this issue with OSX.
Original answer:
It seems like a gpg update (of brew) changed to location of gpg
to gpg1
, you can change the binary where git looks up the gpg:
git config --global gpg.program gpg1
If you don't have gpg1: brew install gpg1
.
Updated answer:
It looks like gpg1 is being deprecated/"gently nudged out of usage", so you probably should actually update to gpg2, unfortunately this involves quite a few more steps/a bit of time:
brew upgrade gnupg # This has a make step which takes a while
brew link --overwrite gnupg
brew install pinentry-mac
on old homebrew:
echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent
On more recent systems like M1 macs:
echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent
The first part installs gpg2, and latter is a hack required to use it. For troubleshooting, see this answer (though that is about linux not brew), it suggests a good test:
echo "test" | gpg --clearsign # on linux it's gpg2 but brew stays as gpg
If this test is successful (no error/output includes PGP signature), you have successfully updated to the latest gpg version.
You should now be able to use git signing again!
It's worth noting you'll need to have:
git config --global gpg.program gpg # perhaps you had this already? On linux maybe gpg2
git config --global commit.gpgsign true # if you want to sign every commit
Note: After you've run a signed commit, you can verify it signed with:
git log --show-signature -1
which will include gpg info for the last commit.
Git error - gpg failed to sign data
For troubleshooting, two things to first try:
- run
gpg --version
, and make sure you have GnuPG version 2+ (not version 1) installed - run
echo "test" | gpg --clearsign
, to make suregpg
itself is working
If that all looks all right, one next thing to try:
- run
brew install pinentry
to ensure you have a good tool installed for passphrase entry
If after that install, you re-try git commit
and still get a "failed to sign the data
" error, do:
- run
gpgconf --kill gpg-agent
to kill any running agent that might be hung
Otherwise, some basic steps to run to check you’ve got a working GnuPG environment:
- run
gpg -K --keyid-format SHORT
, to check that you have at least one key pair that is not expired
If the output of that shows you have no secret key for GnuPG to use, you need to create one:
- run
gpg --gen-key
, to have GnuPG walk you through the steps for creating a key pair
If you get an error message saying “Inappropriate ioctl for device”, do this:
- run
export GPG_TTY=$(tty)
and/or add that to your~/.bashrc
or˜/.bash_profile
git commit - gpg failed to sign the data, but works from console
Thanks to Alvin Tang for giving me the solution that was so simple!
I just had to add these two line:
GPG_TTY=$(tty)
export GPG_TTY
at the bottom of the file located at ~/.bashrc
.
error: gpg failed to sign the data fatal: failed to write commit object
Setting gpg.program
config to the gpg
path helped me.
To find out gpg
path run:
$ which gpg
In my case the git-bash tells it is in path /usr/bin/gpg
so I ran:
$ git config --global gpg.program /usr/bin/gpg
gpg failed to write commit object
Heh, of course, right after I posted this question, I found the solution.
So my problem was that I followed this doc: https://help.github.com/en/articles/telling-git-about-your-signing-key
And set up both GPG
and smimesign
, when I have Git < 2.19 and no proper X.509 keys.
So I just removed the part with smimesign
from global ~/.gitconfig
Related Topics
Window Placement: Winsplit Revolution -Like Application for Linux (Kde)
Change The Default Find-Grep Command in Emacs
Exploiting a String-Based Overflow on X86-64 with Nx (Dep) and Aslr Enabled
When Will Send() Return Less Than The Length Argument
Driver Ch341 Usb Adapter Serial Port or Qserialport Not Works in Linux
Gnu Find: When Does The Default Action Apply
How Does This Perl One Liner in The Bash Works
Exit from Bash Script But Keep The Process Running
Undefined Reference to Symbol 'Timer_Settime@@Glibc_2.3.3
Interprocess Communication via Pipes
Understanding The Getting of Task_Struct Pointer from Process Kernel Stack
How to Use Performance Counters Inside of The Kernel
User-Space Memory Editing Programs
Using Dma Memory Transfer in User-Space
Does Each Unix File Description Have Its Own Read/Write Buffers
How to Change Default Number of Max Process Per User in Linux
How to Run a Cron Job with Arguments and Pass Results to a Log