Menu
I am setting up new machine (macOS Sierra) for web development, and I have done brew install gpg which has installed gpg2 and gpg-agent. I have copied my keys from ~.gnupg on my old mac. I am not installing the mac interface GPG Suite which I had on the old machine as I really would prefer to use just command line.
I have set my git globals with the appropriate settings.
git config --global user.name "Christopher Allen"
git config --global user.email "[email protected]"
git config --global user.mail "[email protected]"
git config --global user.signingKey F8D36C91357405ED
When I try to commit change to a git repository where git config commit.gpgsign=true is required, on my old GPG Suite I get a popup window where it asks for my password. However, with GPG only, it does properly find my public key, but it does not prompt me for a password for signing.
$ git commit -S -m "changed code"
You need a passphrase to unlock the secret key for
user: "Christopher Allen <[email protected]>"
4096-bit RSA key, ID 357405ED, created 2015-04-16
error: gpg failed to sign the data
fatal: failed to write commit object
$
Researching here, the only mention I see is at "I can’t get `git tag -s` to ask for my GPG password" where it suggests the problem is with the environment variables for gpg-agent (with no suggested solution), or to use gpg-preset-passphrase function (which I'd prefer not to).
Checking further, it appears that gpg-agent isn't running:
$ gpg-agent
gpg-agent: no gpg-agent running in this session
I found this page https://blog.chendry.org/2015/03/13/starting-gpg-agent-in-osx.html that suggests to add this script to .bash_profile:
[ -f ~/.gpg-agent-info ] && source ~/.gpg-agent-info
if [ -S "${GPG_AGENT_INFO%%:*}" ]; then
export GPG_AGENT_INFO
else
eval $( gpg-agent --daemon --write-env-file ~/.gpg-agent-info )
fi
After sourcing this script, gpg-agent says:
$ gpg-agent
gpg-agent: gpg-agent running and available
However, I still have the same problem.
Any ideas on how to fix this? I'd prefer not use the old GPG Suite, revert to GPG 1.0, or use gpg-preset-passphrase.
Thanks!
-- Christopher Allen
459
What I actually did to solve this issue is:
brew install pinentry
If that doesn't do the job then:
export GPG_TTY=$(tty)
This actually fixed it for me.
You could also add this export to your ~/.bashrc so that it will be exported automatically
Don't forget to reload the file or launch a new session.
An easy way to do it: echo "export GPG_TTY=$(tty)" >> ~/.bashrc
If you get this error:
gpg-agent: no gpg-agent running in this sessionAdd the script mentioned in the question to ~/.bashrc file as well.
[ -f ~/.gpg-agent-info ] && source ~/.gpg-agent-info
if [ -S "${GPG_AGENT_INFO%%:*}" ]; then
export GPG_AGENT_INFO
else
eval $( gpg-agent --daemon --write-env-file ~/.gpg-agent-info )
fi
echo "Hello" | gpg -s
When git won't ask me for the passphrase, sometimes I use the above test command to get prompted for it, which will get cached and then, I try to commit my changes.
If you want to cache the passphrase for a longer period of time you can add the following line to the config file: ~/.gnupg/gpg-agent.conf
default-cache-ttl 86400
It turns out the problem is that I copied all the files from ~.gnupg, which overwrote files created by brew install gpg (probably one of the .conf files.
I uninstalled gpg and all the associated sub-packages (there are a lot of them), copied only pubring.gpg, secring.gpg and trustdb.gpg into ~.gnupg FIRST, then did brew install gpg. New gpg.conf and gpg-agent.conf were created.
-- Christopher Allen
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
