I was trying to sign my commits with the command git commit -S
but it fails without prompting my passphrase for my GPG key.
The error is:
error: gpg failed to sign the data
fatal: failed to write commit object
I noticed that if I run the following command before git commit -S
:
gpg -o /dev/null --local-user MY_KEY_ID -as <(echo 1234) && echo "The correct passphrase was entered for this key"
...everything works well and my commits are properly signed. I think it's because my passphrase is cached but this is not the behaviour that I expect.
I was hoping that Git would prompt for my passphrase everytime I want to sign commits or tags.
The command to "unlock my key" was found on this question: How to use gpg command-line to check passphrase is correct
The problem that commit signing solves is the same problem that digitally signing a document solves: the problem of verifying its author. Since only the author has their private key, only they can sign the commit as themselves.
By signing your commits you can prove that the commit actually came from you. This is needed because it is pretty easy to add anyone as the author of a commit. This is not a security vulnerability by itself. But it could be used to hide the real author of malicious code.
You likely need to tell pinentry
, the software gpg uses to prompt for your password, where to prompt you.
export GPG_TTY=$(tty)
git commit -S
If this works I would recommend exporting GPG_TTY
in your shell's 'rc' file.
gpg-agent documentation regarding GPG_TTY
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With