I'm trying to enable commit signing on OS X Mojave.
git commit -S -am "Test"
The error is:
error: gpg failed to sign the data
fatal: failed to write commit object
What I tried:
gpg works fine (see below), did not install gpg1 or gpg2
Installed GPG KeyChain and added a new key (even added a separate sign-only subkey whithin)
Installed pinentry
gpg2 --clearsign works fine (generates a new .asc file for files, outputs text for plain text)
Questions I looked into and tried every option:
gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]
Git error - gpg failed to sign data
What am I doing wrong?
I also had this problem. I found a good solution.
Just try to sign a file before you commit.
$ touch a.txt
$ gpg --sign a.txt
Then, the OS will let you input the password.
If this step is OK, now you can commit by signing correctly.
I just added the key ID to the global config
list all keys:
gpg --list-keys
Select the one you added to github and set it.
git config --global user.signingkey [public key ID]
Heh, of course, right after I posted this question, I found the solution.
So my problem was that I followed this doc: https://help.github.com/en/articles/telling-git-about-your-signing-key
And set up both GPG and smimesign, when I have Git < 2.19 and no proper X.509 keys.
So I just removed the part with smimesign from global ~/.gitconfig
Try with echo "foobar" | gpg --clearsign. It should ask for your key's passphrase and return the signature.
If instead you see the following error message:
error: gpg failed to sign the data
fatal: failed to write commit object
You might want to try running export GPG_TTY=$(tty). If after testing again you're prompted for the password and it works, run this everytime on startup, adding it to ~/.bashrc, which is actually required according to gpg-agent's documentation, as mentioned in this dev.gnupg thread and which you can verify with man gpg-agent.
I also found this gitHub gist very useful.
To prompt you to enter a PIN or passphrase when required, install pinentry-mac
$ brew install pinentry-mac
$ echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
$ killall gpg-agent
Related
So I'm trying to sign my commits so that I can eventually send a merge request for the changes I've made.
It requires a gpg key so I downloaded Gpg4Win and generated the public gpg key I needed using Kleopatra and linked that to my GitLab. All the normal steps needed.
I configured git to my key as follows:
git config --global user.signingkey 0B613778C578
And then tried to commit, signing with the new key:
git commit -S -m "Google Tag Manager installed onto 404 error page"
Where I receive the following error:
gpg: skipped "0B613778C578": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object
GitLab advises to use the following when receiving this message:
git config --global gpg.program gpg2
But that generates the following error:
error: cannot spawn gpg2: No such file or directory
error: gpg failed to sign the data
fatal: failed to write commit object
And this is basically where I am at. I have now idea how to get git to point to my gpg properly
This is the version of gpg I have installed:
gpg (GnuPG) 2.2.19
Any help is greatly appreciated.
I am trying to run the following commands on Heroku to import and trust a PGP public key which I need to use to encrypt a file before sending it via SFTP:
heroku run gpg --import key.asc
heroku run gpg --edit-key email#example.com
The first command seems to work, but when I run the second command it fails to find the key. I get the following output when running heroku run gpg --list-keys:
gpg: directory '/app/.gnupg' created
gpg: keybox '/app/.gnupg/pubring.kbx' created
gpg: /app/.gnupg/trustdb.gpg: trustdb created
This may be due to the fact that Heroku does not allow writing to the file system, but I wanted to see if anyone knows what is going on and can help me figure out how to use this public key for encryption. It works locally using the iostreams gem to run something similar to the third example here
I guess that the problem is in the first command.The key.asc file in not in the dyno, it is on your computer. So, it is not importing anything.
You can run: heroku run bash and play directly inside the dyno.
Hope it helps!!!
I have a git repo on BitBucket for a utility project and i use it as a git submodule in other projects. I wrote an Xcode Build Phase script that clones, initializes and updates the submodule but it fails cloning with this error:
Cloning into '[Location of my working copy]'...
ssh_askpass: exec(/usr/X11R6/bin/ssh-askpass): No such file or directory
Permission denied (publickey).
fatal: Could not read from remote repository.
I can do a checkout from Xcode's interface, i can do a checkout from the command line, and i can even run the same script from the command line myself, and everything works, i get prompted for my passphrase. Except when the script is run by Xcode.
I contacted BitBucket support and they pointed it out that according to the error Xcode is trying to use /usr/X11R6/bin/ssh-askpass to prompt me for the passphrase of my private key but it can't find the file (i also found that /usr/X11R6 is just a symlink to /opt/X11). They suggested that i check the following links:
https://support.rstudio.com/hc/en-us/community/posts/200660237-Using-Git-with-password-authentication-on-OS-X
https://github.com/markcarver/mac-ssh-askpass
https://github.com/theseal/ssh-askpass
I installed the missing binary from the last link using Homebrew, symlinked it to the location Xcode needs it to be and got a seemingly broken dialog box:
I also tried copying the binary instead of symlinking but it didn't make a difference.
Any ideas?
Just to make sure i ran this test to see if there's a problem with my SSH configs...
$ ssh -vT git#bitbucket.org
...but according to the results everything is OK.
The guys over at https://github.com/theseal/ssh-askpass/ helped me figure this out.
I had to install the missing ssh-askpass then add my SSH key to the agent with ssh-add -c before Xcode was launched. Adding the key while Xcode was running resulted in the Build Phase script always returning an error:
sign_and_send_pubkey: signing failed: agent refused operation
You can read the troubleshooting details here.
According to this link, I simply need to include the -S switch to sign my commit using my GPG key, but I don't see how I can use that in Android Studio.
How do I sign my commits in Android Studio?
EDIT: I appreciate that OSX solutions are coming along, but I'd really like to see an answer that works with Windows. I only use my Mac for documents and stuff.
As I mentioned in "Sign git commits with GPG", with Git 2.0:
If you want to GPG sign all your commits, you have to add the -S option all the time.
The commit.gpgsign config option allows to sign all commits automatically.
This doesn't fully work though, and is followed by issue 127802, with the following workarounds:
Created a helper script with that content:
/usr/bin/gpg –batch –no-tty "$#"
and set gpg.program to that script
Or:
Adding "no-tty" to "~/.gnupg/gpg.conf" solved the problem for me.
You might still get the error message:
Commit failed with error:
gpg: problem with the agent - disabling agent use
gpg: Sorry, no terminal at all requested - can't get input
error: gpg failed to sign the data
fatal: failed to write commit object
Again: bug in progress, also followed by issue 110261:
resolve it with this in addition to the previous solution (OS X):
1) brew install gnupg gnupg2 pinentry-mac
2) nano ~/.gnupg/gpg-agent.conf ->
pinentry-program /usr/local/bin/pinentry-mac
3) git config -–global gpg.program gpg2
After make some test I follow this steps and it works
Please remember to restart the Android Studio after follow this steps:
Are you tired off write the password for each commit???
Follow the link:
https://github.com/pstadler/keybase-gpg-github
after that edit the gpg.conf
nano ~/.gnupg/gpg.conf
add the following lines
use-agent
no-tty
default-key <your key id>
after made all the configuration and if you use MacOS. You should:
ln -s /usr/local/Cellar/libgcrypt/1.7.0_1 /usr/local/opt/libgcrypt
ln -s /usr/local/Cellar/libgpg-error/1.22 /usr/local/opt/libgpg-error
ln -s /usr/local/Cellar/libassuan/2.4.2 /usr/local/opt/libassuan
ln -s /usr/local/Cellar/pth/2.0.7 /usr/local/opt/pth
execute
source ~/.profile
make one commit using the option -S
git commit -am "my commit message" -S
you should get a password promp.
-- put your password
Thats it!!!
If you have git for Windows installed, and selected MingGW option during setup, this is what I used to get Android Studio working with signing commits.
Programs mentioned/used with links for those who don't have them yet.
Android Studio 2.2.2
Gpg4win 2.3.3 (https://www.gpg4win.org/download.html)
Using variant "Gpg4win with GnuPG component only"
Git for Windows 2.10.1
For those who wants to read the article I used to get gpg signing working in my Windows environment (The bottom half of the page starting with the git config lines are what we're more concerned with):
https://jamesmckay.net/2016/02/signing-git-commits-with-gpg-on-windows/
I'll briefly walk through the process for doing the gpg portion via command line - presuming that all three programs are installed already from here on in.
Check Git setting in Android Studio
If you haven't specified where git is in Android Studio, here's where you do it in Settings:
NOTE: This can be done either in File > Project Settings for one project or File > Other Settings > Default Settings...
Version Control > Git > Path to Git Executable
Since I was using the MinGW version, it's set to:
C:\Program Files\Git\mingw64\bin\git.exe
Export existing public and secret keys from MinGW version (git bash)
NOTE: Execute using MinGW prompt program
gpg --export > ~/gpg-public
gpg --export-secret-keys > ~/gpg-secret
NOTE: For those who don't know, ~/ is by default set to your user's home directory. (e.g. Windows 10: C:/Users/%USERNAME%)
Import exported keys into Gpg4win
NOTE: Execute using Windows Command Prompt.
gpg --import < "C:/Users/%USERNAME%/gpg-public"
gpg --import < "C:/Users/%USERNAME%/gpg-secret"
Replace the location with wherever your gpg-public and gpg-secret files are.
Make git use gpg from Gpg4win
As mentioned in the article. It's reposted here if you didn't open it.
NOTE: Execute using MinGW prompt program
git config --global gpg.program "C:/Program Files (x86)/GNU/GnuPG/gpg2.exe"
Replace the gpg.program value (keeping the gpg2.exe) above with wherever you specified the gpg4win installer to install it to.
(OPTIONAL) While you're at it, you can configure your git to auto sign your commits with a default key (git version >= 2.0 required)
git config --global user.name <name>
git config --global user.email <email>
git config --global user.signingkey <your-key-ID>
git config --global commit.gpgsign true
Replace the values in < > with your own. You can get the key ID by running gpg --list-keys and taking the ID from the line starting with pub and after the /.
Now you should be able to commit using Android Studio and see a prompt come up for the password entry.
When doing a git pull on a project with GIT tags, I get the error below.
I use msysgit on Win8, versions:
git-gui version 0.19.GITGUI
git version 1.9.5.msysgit.1
Tcl/Tk version 8.5.13
The error I get is:
$ git pull --tags
Enter passphrase for key '/c/Users/Me/.ssh/id_rsa':
fatal: Unable to create 'c:/Users/Me/someproject/.git/refs/remotes/origin/lpt1.2-support.lock': No such file or directory
fatal: The remote end hung up unexpectedly
Any clues?
I think the ssh couldn't find your keys. Make sure they are in the default location.
Try to clone the remote. If you are not able to clone and you get the message "The remote end hung up unexpectedly". We can suspect that the your ssh key is not in the default location.
If you are able to clone, and couldn't pull check if you have any locks and the directory exist on your local. c:/Users/Me/someproject/.git/refs/remotes/origin/lpt1.2-support.lock
On msysgit, check if the variable HOME is set. HOME can be set to any directory you want, you only have to make sure you have the right to write in it (and that the directory exists and a .ssh under it exists too).
ssh-keygen -t rsa
And follow the prompts there.
If the problem is solved could you please let me know which of the three cases above helped you.