[pkg-gnupg-maint] Bug#840687: Bug#840687: gnupg: Fails to sign git commits

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Oct 13 23:05:57 UTC 2016 

Control: tags 840687 + unreproducible moreinfo

Hi Josef--

thanks for your report!  sorry to hear you're having this problem.
hopefully we can get it sorted out!

I tried to replicate this with a test directory:

    workdir=$(mktemp -d)
    export GNUPGHOME="$workdir/gpg"
    mkdir -m 0700 $GNUPGHOME
    gpg --batch --passphrase-fd 3 3<<<test --quick-gen-key 'test account <test at example.org>'
    fpr=$(gpg --with-colons --with-fingerprint --list-secret-keys  | awk -F: '/^fpr:/{print $10}' | head -n1)
    git init "$workdir/test"
    cd "$workdir/test"
    echo test > test.txt
    git add test.txt
    git commit -S"$fpr" -m 'test commit'

and it worked for me, using a pinentry-gnome3 :/

I did *not* get the responses you got:

On Thu 2016-10-13 16:44:38 -0400, Josef Vitu wrote:

> after upgrading from 1.4.20-6 to 2.1.15-4, signing a git commit fails with
> the following errors:
>
> gpg: signing failed: No data callback in IPC
> gpg: signing failed: No data callback in IPC
> error: gpg failed to sign the data
> fatal: failed to write commit object
>
> The password input into the pinentry-gnome3 (or pinentry-gtk-2) dialog is
> 100% correct.

Then i tried using pinentry-tty manually, with:

    echo pinentry-program pinentry-tty >> "$workdir/gpg/gpg-agent.conf"
    gpg-connect-agent killagent /bye

And i got the same errors you did:

> Attempts to use pinentry-tty failed with:
>
> gpg: signing failed: Invalid IPC response

with pinentry-tty, i saw:

    gpg: signing failed: Invalid IPC response
    gpg: signing failed: Invalid IPC response
    error: gpg failed to sign the data
    fatal: failed to write commit object

However, if i set GPG_TTY before trying to sign, the signature worked
with pinentry-tty as well:

    export GPG_TTY=$(tty)
    git commit -S"$fpr" -m 'test commit'

that worked fine.

So something is different about your setup.  Can you start by trying the
same sequence i tried (with 2.1.15-4) and letting me know whether it
works independent of your homedir?



With your own homedir where this stuff is failing, can you turn up the
logging in gpg-agent and see what's going on there?  add the following
lines to ~/.gnupg/gpg-agent.conf :

    debug-pinentry
    log-file /home/YOURUSER/gpg-agent.log
 
and then kill off the agent so it can be restarted:

     gpg-connect-agent killagent /bye

and try to sign again.

Let me know what you find!

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20161013/fe77dfa7/attachment.sig>

More information about the pkg-gnupg-maint mailing list