I followed few articles over the pretty attributes on Git 2.10 release note. Going through which upgraded the git to 2.10.0 and made changes to global
.gitconfig resulting as follows -
clean = git-lfs clean %f
smudge = git-lfs smudge %f
required = true
name = xyz
email = [email protected]
signingkey = AAAAAAA
excludesfile = /Users/xyz/.gitignore_global
editor = 'subl' --wait
cmd = opendiff \"$LOCAL\" \"$REMOTE\"
cmd = /Applications/SourceTree.app/Contents/Resources/opendiff-w.sh \"$LOCAL\" \"$REMOTE\" -ancestor \"$BASE\" -merge \"$MERGED\"
trustExitCode = true
lg = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative
old = red strike
new = green italic
But now that I try to sign my commits using
git commit -a -S -m "message"
I get to see the following error -
You need a passphrase to unlock the secret key for
user: "XYZ (Digitally Signed) "
2048-bit RSA key, ID AAAAAAAA, created 2016-07-01
error: gpg failed to sign the data fatal: failed to write commit
Note - I can still commit changes using
git commit -a -m "message"
Is there a way to overcome the same? Or any change required in
gpg configs to get along with the upgradation of git?
Also seeking further usefulness, following Is there a way to "autosign" commits in Git with a GPG key?. I've already configured the key using
git config --global user.signingkey ED5CDE14(with my key)
git config --global commit.gpgsign true
and quite obviously getting the same error anyway.
I ran into this issue with macOS.
It seems like a gpg update (of brew) changed to location of
gpg1, you can change the binary where git looks up the gpg:
git config --global gpg.program gpg1
If you don't have gpg1:
brew install gpg1.
It looks like gpg1 is being deprecated/"gently nudged out of usage", so you probably should actually update to gpg2, unfortunately this involves quite a few more steps/a bit of time:
brew upgrade gnupg # This has a make step which takes a while
brew link --overwrite gnupg
brew install pinentry-mac
echo "pinentry-program $(brew --prefix)/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
The first part installs gpg2, and latter is a hack required to use it. For troubleshooting, see this answer (though that is about linux not brew), it suggests a good test:
echo "test" | gpg --clearsign # on linux it's gpg2 but brew stays as gpg
If this test is successful (no error/output includes PGP signature), you have successfully updated to the latest gpg version.
You should now be able to use git signing again!
It's worth noting you'll need to have:
git config --global gpg.program gpg # perhaps you had this already? On linux maybe gpg2
git config --global commit.gpgsign true # if you want to sign every commit
Note: After you've run a signed commit, you can verify it signed with:
git log --show-signature -1
which will include gpg info for the last commit.