git commit not signing properly with GPG on OSX

Question

I've been attempting to get git working with a gpg key and after lots of searching and reading of posts, the only thing that works for me is this:

sudo rm /usr/local/bin/gpgsm
ln -s /usr/local/bin/gpg /usr/local/bin/gpgsm

This tricks git into running a gpg command instead of a gpgsm command as seen here:

GIT_TRACE=1 git commit -S -m"test"
21:24:25.489158 git.c:418               trace: built-in: git commit -S -mtest
21:24:25.493338 run-command.c:643       trace: run_command: gpgsm --status-fd=2 -bsau myKey
error: gpg failed to sign the data
fatal: failed to write commit object

I can't find any additional information on why git is running a gpgsm command, as running the command by itself yields:

gpgsm --status-fd=2 -bsau myKey
gpgsm: can't sign using 'myKey': No public key
[GNUPG:] INV_SGNR 1 myKey
[GNUPG:] INV_RECP 1 myKey

Which seems to make sense as I read gpg and gpgsm's DBs are seperate.

gpgsm keys don't appear to be what git wants to use either, based on their need for CN and DNS entries. Happy to be shown wrong here as I'd rather not use my symlink hack.

Environment details:

• gpg install via homebrew, version 2.2.11
• Adding no-tty to ~/.gnupg/gpg.conf actually made things worse for me.
• I've restarted after changes to ensure gpg agents die.
• The contents of ~/.gnupg/gpg-agent.conf is: pinentry-program /usr/local/bin/pinentry

Answer 1

I was able to find the problem when I stumbled upon this explanation of git's gpg.format config. Apparently it supports both "opengpg" which runs gpg and "x509" which runs gpgsm. Running the following command resulted in git commit -S using gpg instead of gpgsm.

git config --global gpg.format openpgp

you can confirm the format is what you expect by looking at the full config via

git config -l --show-origin | grep gpg.format