gpg failed to sign the data fatal failed to write commit object Git 2 10 0

Question

I followed few articles over the pretty attributes on Git 2 10 release note  Going through which upgraded the git to 2 10 0 and made changes to global  gitconfig resulting as follows -    filter  lfs       clean   git-lfs clean  f     smudge   git-lfs smudge  f     required   true  user      name   xyz     email   abc def gmail com     signingkey   AAAAAAA  core      excludesfile    Users xyz  gitignore global     editor    subl  --wait  difftool  sourcetree       cmd   opendiff    LOCAL      REMOTE       path     mergetool  sourcetree       cmd    Applications SourceTree app Contents Resources opendiff-w sh    LOCAL      REMOTE   -ancestor    BASE   -merge    MERGED       trustExitCode   true  alias      lg   log --graph --pretty format   Cred h Creset - C yellow  d Creset  s  Cgreen  cr   C bold blue  lt  an gt  Creset  --abbrev-commit --date relative  color  diff       old   red strike     new   green italic   But now that I try to sign my commits using   git commit -a -S -m  message    I get to see the following error -      You need a passphrase to unlock the secret key for       user   XYZ  Digitally Signed          2048-bit RSA key  ID AAAAAAAA  created 2016-07-01      error  gpg failed to sign the data fatal  failed to write commit   object   Note - I can still commit changes using git commit -a -m  message   Is there a way to overcome the same  Or any change required in gpg configs to get along with the upgradation of git     Update 1  Also seeking further usefulness  following Is there a way to  quot autosign quot  commits in Git with a GPG key   I ve already configured the key using   git config --global user signingkey ED5CDE14 with my key   git config --global commit gpgsign true   and quite obviously getting the same error anyway

User · Answer

None of the above answers seemed to match my problem. My gpg binary (/usr/local/bin/gpg -> /usr/local/MacGPG2/bin/gpg2) was installed as part of GPG Suite, rather than by brew.

Nevertheless, I felt that the advice boiled down to: "use whichever gpg binary is the latest available on brew". So I tried:

brew update
brew upgrade git
brew install gpg

# the following are suggestions from brew's Caveats, to make `/usr/local/bin/gpg`
# point to the brew binary:
rm '/usr/local/bin/gpg'
brew link --overwrite gnupg2

I verified that I had correctly changed the gpg upon my $PATH to point to the new executable from brew:

 which gpg
/usr/local/bin/gpg
 ls -l /usr/local/bin/gpg
lrwxr-xr-x  1 burger  admin  33 Feb 13 13:22 /usr/local/bin/gpg -> ../Cellar/gnupg2/2.0.30_3/bin/gpg

And I also explicitly told git which gpg binary to use:

git config --global gpg.program gpg

Well, maybe that's not completely watertight, as it's sensitive to path. I didn't actually go as far as confirming beyond doubt that git had switched to invoking the brew gpg.

In any case: none of this was sufficient to make git commit successfully sign my commits again.

The thing that worked for me ultimately was to update GPG Suite. I was running version 2016.7, and I found that updating to 2016.10 fixed the problem for me.

I opened GPG Keychain.app, and hit "Check for updates…". With the new version: signed commits worked correctly again.

User · Answer

In my case  none of the solutions mentioned in other answer worked  I found out that the problem was specific to one repository  Deleting and cloning the repo again solved the issue

User · Answer

This started happening all of a sudden for me on Ubuntu  not sure if some recent update did it  but none of the existing issues were applicable for me  I had GPG TTY set  tried killing the agent etc    The standalone gpg command was failing with this error     echo  test    gpg --clearsign -----BEGIN PGP SIGNED MESSAGE----- Hash  SHA512  test gpg  signing failed  Operation cancelled gpg   stdin   clear-sign failed  Operation cancelled   I tried running gpg with --debug-all option and noticed the below output   gpg  DBG  chan 3  lt - INQUIRE PINENTRY LAUNCHED 27472 gnome3 1 1 0  dev pts 6 screen-256color - gpg  DBG  chan 3 - gt  END gpg  DBG  chan 3  lt - ERR 83886179 Operation cancelled  lt Pinentry gt  gpg  signing failed  Operation cancelled   The above indicates that there is some issue with the pinentry program  Gpg normally runs pinentry-curses for me  so I changed it to pinentry-tty  I had to aptitude install it first  and the error went away  though I no longer get the fullscreen password entry  but I don t like that anyway   To make this change  I had to add the line pinentry-program  usr bin pinentry-tty to    gnupg gpg-agent conf and kill the agent with gpgconf --kill gpg-agent  it gets restarted the next time

User · Answer

I must have accidentally updated gpg somehow because I got this after trying to test if gpg works   gpg  WARNING  server  gpg-agent  is older than us  2 1 21  lt  2 2 10  gpg  Note  Outdated servers may lack important security fixes  gpg  Note  Use the command  gpgconf --kill all  to restart them    Running gpgconf --kill all fixed it for me   Hope this helps someone

User · Answer

I ran into this issue with OSX   Original answer   It seems like a gpg update  of brew  changed to location of gpg to gpg1  you can change the binary where git looks up the gpg   git config --global gpg program gpg1   If you don t have gpg1  brew install gpg1   Updated answer   It looks like gpg1 is being deprecated  gently nudged out of usage   so you probably should actually update to gpg2  unfortunately this involves quite a few more steps a bit of time   brew upgrade gnupg    This has a make step which takes a while brew link --overwrite gnupg brew install pinentry-mac echo  pinentry-program  usr local bin pinentry-mac   gt  gt     gnupg gpg-agent conf killall gpg-agent   The first part installs gpg2  and latter is a hack required to use it  For troubleshooting  see this answer  though that is about linux not brew   it suggests a good test   echo  test    gpg --clearsign    on linux it s gpg2 but brew stays as gpg   If this test is successful  no error output includes PGP signature   you have successfully updated to the latest gpg version   You should now be able to use git signing again  It s worth noting you ll need to have   git config --global gpg program gpg    perhaps you had this already  On linux maybe gpg2 git config --global commit gpgsign true    if you want to sign every commit   Note  After you ve ran a signed commit  you can verify it signed with   git log --show-signature -1   which will include gpg info for the last commit

User · Answer

If gnupg2 and gpg-agent 2 x are used  be sure to set the environment variable GPG TTY   export GPG TTY   tty    See GPG   s documentation about common problems

User · Answer

Kind of a weird one  but make sure your terminal is big enough  You can tell if it s too small by running echo test   gpg --clearsign -- it ll give you a pretty obvious error message letting you know  If it s not big enough  your GPG agent can t display its little ncurses box   This one won t apply if you use a GUI agent or something that doesn t use ncurses

User · Answer

If this just happened randomly and has been working perfectly in the past  as is my case  try logging out  cmd shift q  and logging back in  Worked for me

User · Answer

I am on Ubuntu 18 04 and got the same error  was worried for weeks too  Finally realized that gpg2 is not pointing towards anything  So simply run  git config --global gpg program gpg   And tada  it works like charm     Your commits will now have verified tag with them

User · Answer

Using cygwin  I recently switched to gpg2  Then I had the same problem for signing with git after setting git config gpg program gpg2   Try echo  test    gpg2 --clearsign to see whether gpg2 is working  I found it the easiest solution to just set git config gpg program gpg  because that works  But you will also get a better error this way - e g  that you need to install pinentry

User · Answer

Update Oct  2016  issue 871 did mention  Signing stopped working in Git 2 9 3   Git for Windows 2 10 1 released two days ago  Oct  4th  2016  has fixed Interactive GPG signing of commits and tag      the recent gpg-sign change in git  which introduces no problem on Linux  exposes a problem in the way in which  on Windows  non-MSYS2-git interacts with MSYS2-gpg      Original answer   Reading  7 4 Git Tools - Signing Your Work   I assume you have your  user signingkey  configuration set   The last big refactoring  before Git 2 10  around gpg was in commit 2f47eae2a  here that error message was moved to gpg-interface c  A log on that file reveals the recent change in commit af2b21e  Git 2 10      gpg2 already uses the long format by default  but most distributions seem to still have  gpg  be the older 1 x version due to compatibility reasons   And older versions of gpg only show the 32-bit short ID  which is quite insecure       This doesn t actually matter for the verification itself  if the   verification passes  the pgp signature is good    But if you don t   actually have the key yet  and want to fetch it  or you want to check   exactly which key was used for verification and want to check it  we   should specify the key with more precision    So check how you specified your user signingkey configuration  and the version of gpg you are using  gpg1 or gpg2   to see if those have any effect on the error message   There is also commit 0581b54 which changes the condition for the gpg failed to sign the data error message  in complement to commit 0d2b664       We don t read from stderr at all currently  However  we will want to in a future patch  so this also prepares us there  and in that case gpg does write before reading all of the input  though again  it is unlikely that a key uid will fill up a pipe buffer     Commit 4322353 shows gpg now uses a temporary file  so there could be right issues around that      Let s convert to using a tempfile object  which handles the   hard cases for us  and add the missing cleanup call

User · Answer

If you don t want to deal with brew to install gpg  which seems to run into problems from time to time  just download gpg tools from GPG Tools  As you go through the wizard  click on customize install and deselect the mail plugin  unless you want to use it   These tools seem to work without running into any problems  plus it remembers your passphrase after the first time you sign you commit  No extra configuration needed  other then telling git about which key to use  At least that has been my experience

User · Answer

Check if gpg is enabled using below command  git config -l   grep gpg   if it returns true  Run the below command to disable it  git config --global --unset commit gpgsign   After successfully running above command  You should be able to run git commit command

User · Answer

Very much like  birchlabs  after a lot of digging searching I found that it wasn t GPG  but rather GPG Suite   I did cask reinstall gpg-suite and it solved it for me

User · Answer

I stumbled upon this error not because of any configuration issue  but because my key was expired  The easiest way to extend its validity on OSX is to open the GPG Keychain app  if you have it installed  and it will automatically prompt you to extend it  Two clicks  and you re done  Hopefully this helps fellow Googlers

User · Answer

On OS X  using gnupg2 via brew I just had to kill the gpg agent  happens sometimes    pkill -9 gpg-agent   And set the env variable if needed    export GPG TTY   tty    See Common GPG problems also and this answer here too

User · Answer

To anybody who is facing this issue on MacOS machines  try this    brew uninstall gpg  brew install gpg2 brew install pinentry-mac  if needed  gpg --full-generate-key Create a key by using an algorithm  Get generated key by executing  gpg --list-keys Set the key here git config --global user signingkey  lt Key from your list gt   git config --global gpg program  usr local bin gpg git config --global commit gpgsign true If you want to export your Key to GitHub then  gpg --armor --export  lt key gt   and add this key to GitHub at GPG keys  https   github com settings keys  with START and END line included    If the issue still exists   test -r    bash profile  amp  amp  echo  export GPG TTY   tty    gt  gt     bash profile  echo  export GPG TTY   tty    gt  gt     profile  If the issue still exists   Install https   gpgtools org and sign the key that you used by pressing Sign from the menu bar  Key- Sign  If the issue still exists   Go to    your global  gitconfig file which in my case is at     Users gent  gitconfig And modify the  gitconfig file  please make sure Email and Name are the same with the one that you have created while generating the Key     x000D   x000D   user  x000D   email   gent youremail com x000D   name   Gent x000D   signingkey    lt YOURKEY gt  x000D   gpg  x000D   program    usr local bin gpg x000D   commit  x000D   gpsign   true x000D   gpgsign   true x000D   filter  lfs   x000D   process   git-lfs filter-process x000D   required   true x000D   clean   git-lfs clean --  f x000D   smudge   git-lfs smudge --  f x000D   credential  x000D   helper   osxkeychain x000D   x000D   x000D

User · Answer

The answers above are great but they did not work for me  What solved my issue was exporting both the public and secret keys   list the keys from machine where we are exporting from    gpg --list-keys  home user  gnupg pubring gpg -------------------------------- pub 1024D ABCDFE01 2008-04-13 uid firstname lastname  description   lt email example com gt  sub 2048g DEFABC01 2008-04-13   export the keys    gpg --output mygpgkey pub gpg --armor --export ABCDFE01   gpg --output mygpgkey sec gpg --armor --export-secret-key ABCDFE01   go to machine we are importing to and import    gpg --import   mygpgkey pub gpg   gpg --allow-secret-key-import --import   mygpgkey sec gpg   bingo bongo  you re done   reference  https   www debuntu org how-to-importexport-gpg-key-pair   ps  My keys were originally made on bootcamp windows 7 and I exported them onto my mac air  same physical machine  different virtually

User · Answer

My two cents here  When you create and add a key to gpg-agent you define something called passphrase  Now that passphrase at some point expires  and gpg needs you to enter it again to unlock your key so that you can start signing again  When you use any other program that interfaces with gpg  gpg s prompt to you to enter your passphrase does not appear  basically gpg-agent when daemonized cannot possibly show you the input dialog in stdin   One of the solutions is gpg --sign a file txt then enter the passphrase that you have entered when you created your key and then everything should be fine  gpg-agent should automatically sign  See this answer on how to set longer timeouts for your passphrase so that you do not have to do this all the time  Or you can completely remove the passphrase with ssh-keygen -p Edit  Do a man gpg-agent to read some stuff on how to have the above happen automatically and add the lines  GPG TTY   tty  export GPG TTY  on your  bashrc if you are using bash this is the correct answer but I am keeping my train of thought above as well  then source your  bashrc file or relogin

User · Answer

I ve DONE it through this short and easy recipe   Auto-sign commits on macOS  Globally and with different IDEs    Get your signingkey in this way   brew install gnupg gnupg2 pinentry-mac git config --global user signingkey  lt YOUR SIGNING KEY gt  git config --global commit gpgsign true git config --global gpg program gpg   Put the following in gpg conf file  edit file with nano    gnupg gpg conf command    no-tty   Put the following in gpg-agent conf file  edit file with nano    gnupg gpg-agent conf command    pinentry-program  usr local bin pinentry-mac   Update   You might need to execute killall gpg-agent command after editing the configurations file  gpg conf  according to the comments  As the self-explanatory command says  this command will terminate the GPG  Gnu Privacy Guard  agent

User · Answer

If everything fails  use GIT TRACE 1 to try and see what git is actually doing     GIT TRACE 1 git commit -m  Add page that always requires a logged-in user  20 52 58 902766 git c 328               trace  built-in  git  commit   -vvv   -m   Add page that always requires a logged-in user  20 52 58 918467 run-command c 626       trace  run command   gpg   --status-fd 2   -bsau   23810377252EF4C2  error  gpg failed to sign the data fatal  failed to write commit object   Now run the failing command manually     gpg -bsau 23810377252EF4C2 gpg  skipped  23810377252EF4C2   Unusable secret key gpg  signing failed  Unusable secret key   Turns out  my key was expired  git was not to blame

User · Answer

Might be a hanging gpg-agent   Try gpgconf --kill gpg-agent as discussed here

User · Answer

got it setup by simply    brew uninstall gpg   brew install gpg2

User · Answer

For me  brew had updated the gnupg or gpg so all I had to do to fix this is  brew link --overwrite gnupg  That linked the gpg to the right place  as I can confirm via which gpg and everything worked after that

User · Answer

Make sure you have your email set properly    git config --global user email  user example com

User · Answer

I ve seen similar answers  but nothing exactly like what worked for me  On Linux  I had to kill and restart my gpg-agent with     pkill gpg-agent   gpg-agent --daemon   git commit       This did the trick for me  It looks like you do need to have user signingkey set to your private key as well from what some other comments are saying     git config --global user signingkey  your key hash

User · Answer

The git trace was very revealing for my situation        GIT TRACE 1 git commit -m  a commit message       13 45 39 940081 git c 344               trace  built-in  git commit -m  a commit message     13 45 39 977999 run-command c 640       trace  run command  gpg --status-fd 2 -bsau  full name  lt your-email domain com gt      error  gpg failed to sign the data    fatal  failed to write commit object   I needed to generate an initial key per the format that git was checking against  It s best to copy the value passed to -bsau above in the logs as is and use below   So it becomes      gpg --quick-generate-key  full name  lt your-email domain com gt     Then it worked   Hope that helps

User · Answer

I got this error on Ubuntu 18 04 and it turned out that my key was expired   To see this  I ran this and it confirmed that my keys were expired   gpg --list-keys   To correct this  I ran  using the ID displayed in the previous command    gpg --edit-key  lt ID gt    From there  I extended the expiration of key 0 and key 1 following these instructions which boiled down to typing key 0 then expire and following the prompts  Then repeating for key 1   Afterward  to test this  I ran   echo test   gpg --clearsign   And before the fix  it failed with the error      gpg  no default secret key  No secret key   gpg   stdin   clear-sign failed  No secret key   But after the fix  the same command successfully signed the message so I knew things were working again

User · Answer

If the email assoicated to your GPG key s uid is different to the email you are using in git  you ll need to add another user id to your key OR use a key which email matches exactly   You can add another UID by using        gpg --edit-key    See for mo https   superuser com questions 293184 one-gnupg-pgp-key-pair-two-emails

User · Answer

I had a similar issue with the latest Git sources  2 12 2  built along with the latest sources of all its dependencies  Zlib  Bzip  cURL  PCRE  ReadLine  IDN2  iConv  Unistring  etc    It turns out libreadline was giving GnuPG problems     gpg --version gpg  symbol lookup error   usr local lib libreadline so 7  undefined symbol  UP   And of course  trying to get useful information from Git with -vvv failed  so the failure was a mystery   To resolve the PGP failure due to ReadLine  follow the instructions at Can t update or use package manager -- gpg error      In terminal   ls  usr local lib       there was a bunch of readline libs in there  libreadline so BLAH-BLAH    so i   su mkdir temp mv  usr local lib libreadline  temp ldconfig

User · Answer

In my case  none of the solutions were working because I did not manually go into my    gitconfig and remove the following as I created a new key that was no longer my older X 509 key so I removed the following and then my new key began to work   gpg      program   gpg     format   x509  gpg  quot x509 quot       program   smimesign

User · Answer

Follow the below url to setup signed commit  https   help github com en articles telling-git-about-your-signing-key  if still getting  gpg failed to sign the data fatal   failed to write commit object  this is not issue with git  this is with GPG follow below steps  1 gpg --version   echo  test    gpg --clearsign   if it is showing   gpg  signing failed  Inappropriate ioctl for device gpg   stdin   clear-sign failed  Inappropriate ioctl for device    then use export GPG TTY   tty    4 then again try echo  test    gpg --clearsign in which PGP signature is got    git config -l   grep gpg   gpg program gpg commit gpgsign true  6 apply git commit -S -m  commitMsz

User · Answer

I ran into the same problem  I m happy to report that the issue lies not with git 2 10 0 but with gnupg 1 4 21   Temporarily downgrading gnupg to 1 4 20 fixed the issue for me   If you re using homebrew and you upgraded your packages like I did  you can probably just run brew switch gnupg 1 4 20 to revert back

User · Answer

May help killing process gpg-agent that might stuck with old data  So new gpg-agent started would ask for password

User · Answer

Ran into this in prezto another zsh variant  There the issue was my git repo was new and did not have the node modules added to  gitignore  As soon as I added the node modules to  gitignore the issue was no more to be seen  So my assumption is git-info was taking time due to these large node modules

[git] gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]

Examples related to git

Examples related to github

Examples related to gpg-signature