gpg: keyblock resource pubring.kbx not found because the repo path is prefixed to the gnupg home

Question

I used to have my commits signed by gpg which worked all fine, but I suddenly got this message instead:

gpg: keyblock resource '/c/Users/username/path/to/project/C:\Users\username\.gnupg/pubring.kbx': No such file or directory
gpg: skipped "my_key": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object

Note the path of the keyblock resource, it consists of two paths and is indeed not valid.

Information about my setup

I had my commits automatically signed, my setup is from this answer, in summary: I set up gpg like normal, then installed gpg2 and pipe my passphrase into gpg every time using a shell file. And no, I didn't get gpg-agent to do this, though if you know how to do it please answer this question: The key whose key-id is in the signature did not sign this commit

I have an environment variable GNUPGHOME which points to C:\Users\username\.gnupg. I tried changing it to C:/Users/username/.gnupg but the slashes just changed in the error as well. I tried changing it to /c/Users/username/.gnupg but the error message became

gpg: Fatal: can't create directory '/c/Users/username/path/to/project/C:/Users/username/.gnupg': No such file or directory

I also don't know what changed on my system that caused this problem.

Related issues

This question is very similar with a different path but it was not solved: Git commit signing GPG issue The comment is to check a path in a gitconfig, but I don't have a path to the gnupg directory in any gitconfig and it wouldn't be prefixed with the path to the repo anyway, I think. I have this in my main ~\.gitconfig:

[user]
    signingkey = my_key
[commit]
    gpgsign = true
[gpg]
    program = C:\\Users\\username\\gpg-no-tty.sh

Also found someone with the same problem here: https://jira.atlassian.com/browse/SRCTREEWIN-8527

From the tag description of gnupg I can't figure out whether this question belongs here or on Super User, because I'm not sure if this is programmatic or direct use (both?).

Answer 1

I had the same issue. To fix it I just had to specify the gpg.program variable in my .gitconfig file to point to my installation of Gpg4win like so:

git config --global gpg.program "%PROGRAMFILES(x86)%\GnuPG\bin\gpg.exe"

or

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

Obviously the path depends on where your gpg binary is located. Once I did this, it was able to use my GNUPGHOME environment variable and found my system keyring to use for signing. This will use pinentry to prompt you for your secret key password though.

I believe the issue occurs because Git for Windows ships with a version of gpg, which it uses by default. For whatever reason it seems to prefix the local repo path to the gpg home directory path when it executes the command to sign your commit.

Hopefully this helps

Answer 2

(Note I just had this same problem again, but had to fix it in a different way)

Your gpg home directory is messed up, because that's where it tries to find the pubring.kbx file. It can happen that gpg thinks its homedir is the path from which you are executing gpg, hence you see the repo path prefixed - and no I have no idea why.

You can solve this using the --homedir option of gpg.

1. Tell bash to use it: in C:\Users\username\.bash_profile, add alias gpg="gpg --homedir=/c/Users/username/.gnupg"
2. Tell git to use it: create a file C:\Users\username\start-gpg.sh and put into it gpg --homedir=/c/Users/s156757/.gnupg "$@". Then run git config --global gpg.program C:\\Users\\username\\start-gpg.sh to tell git to use it.
3. Restart bash.

Note: to test this, I used the gpg2 which comes with git. That may be why the GNUPGHOME variable didn't do anything - I didn't install gnupg separately.