gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]

Question

I followed few articles over the pretty attributes on Git 2.10 release note. Going through which upgraded the git to 2.10.0 and made changes to global .gitconfig resulting as follows -

[filter "lfs"]     clean = git-lfs clean %f     smudge = git-lfs smudge %f     required = true [user]     name = xyz     email = [email protected]     signingkey = AAAAAAA [core]     excludesfile = /Users/xyz/.gitignore_global     editor = 'subl' --wait [difftool "sourcetree"]     cmd = opendiff \"$LOCAL\" \"$REMOTE\"     path =  [mergetool "sourcetree"]     cmd = /Applications/SourceTree.app/Contents/Resources/opendiff-w.sh \"$LOCAL\" \"$REMOTE\" -ancestor \"$BASE\" -merge \"$MERGED\"     trustExitCode = true [alias]     lg = log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative [color "diff"]     old = red strike     new = green italic 

But now that I try to sign my commits using

git commit -a -S -m "message" 

I get to see the following error -

You need a passphrase to unlock the secret key for

user: "XYZ (Digitally Signed) "

2048-bit RSA key, ID AAAAAAAA, created 2016-07-01

error: gpg failed to sign the data fatal: failed to write commit object

Note - I can still commit changes using git commit -a -m "message"

Is there a way to overcome the same? Or any change required in gpg configs to get along with the upgradation of git?

---

Update 1

Also seeking further usefulness, following Is there a way to "autosign" commits in Git with a GPG key?. I've already configured the key using

git config --global user.signingkey ED5CDE14(with my key)  git config --global commit.gpgsign true 

and quite obviously getting the same error anyway.

Answer 1

I ran into this issue with OSX.

Original answer:

It seems like a gpg update (of brew) changed to location of gpg to gpg1, you can change the binary where git looks up the gpg:

git config --global gpg.program gpg1 

If you don't have gpg1: brew install gpg1.

Updated answer:

It looks like gpg1 is being deprecated/"gently nudged out of usage", so you probably should actually update to gpg2, unfortunately this involves quite a few more steps/a bit of time:

brew upgrade gnupg  # This has a make step which takes a while brew link --overwrite gnupg brew install pinentry-mac 

on old homebrew:

echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf killall gpg-agent 

On more recent systems like M1 macs:

echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf  killall gpg-agent 

The first part installs gpg2, and latter is a hack required to use it. For troubleshooting, see this answer (though that is about linux not brew), it suggests a good test:

echo "test" | gpg --clearsign  # on linux it's gpg2 but brew stays as gpg 

If this test is successful (no error/output includes PGP signature), you have successfully updated to the latest gpg version.

You should now be able to use git signing again!
It's worth noting you'll need to have:

git config --global gpg.program gpg  # perhaps you had this already? On linux maybe gpg2 git config --global commit.gpgsign true  # if you want to sign every commit 

Note: After you've run a signed commit, you can verify it signed with:

git log --show-signature -1 

which will include gpg info for the last commit.

Answer 2

If gnupg2 and gpg-agent 2.x are used, be sure to set the environment variable GPG_TTY.

export GPG_TTY=$(tty) 

See GPG’s documentation about common problems.