Geek Answers Handbook

`git -S -m commit` does not request a password - Signing after switching from GPG mac to GPG shell

I am creating a new machine (macOS Sierra) for web development, and I did brew install gpg , which installed gpg2 and gpg-agent . I copied my keys from ~.gnupg on my old mac. I do not install the Mac GPG Suite that I had on the old machine, as I really prefer to use only the command line.

I set the global git variables with the appropriate settings.

  git config --global user.name "Christopher Allen" git config --global user.email " ChristopherA@LifeWithAlacrity.com " git config --global user.mail " ChristopherA@LifeWithAlacrity.com " git config --global user.signingKey F8D36C91357405ED

When I try to commit changes to the git repository where git config commit.gpgsign=true is required, in my old GPG Suite I get a popup where it asks for my password. However, only with GPG, it really finds my public key, but it does not ask for a password for signing.

  $ git commit -S -m "changed code" You need a passphrase to unlock the secret key for user: "Christopher Allen < ChristopherA@LifeWithAlacrity.com >" 4096-bit RSA key, ID 357405ED, created 2015-04-16 error: gpg failed to sign the data fatal: failed to write commit object $

The research here, the only mention that I see is " I can not get` git tag -s` to request my GPG password , where it suggests a problem with environment variables for gpg-agent (without a suggested solution) or use the gpg function -preset-passphrase (which I would rather not do).

Further, it turns out that gpg-agent does not work:

  $ gpg-agent gpg-agent: no gpg-agent running in this session

I found this page https://blog.chendry.org/2015/03/13/starting-gpg-agent-in-osx.html , which suggests adding this script to .bash_profile:

  [ -f ~/.gpg-agent-info ] && source ~/.gpg-agent-info if [ -S "${GPG_AGENT_INFO%%:*}" ]; then export GPG_AGENT_INFO else eval $( gpg-agent --daemon --write-env-file ~/.gpg-agent-info ) fi

After searching for this script, gpg-agent says:

  $ gpg-agent gpg-agent: gpg-agent running and available

However, I still have the same problem.

Any ideas on how to fix this? I would rather not use the old GPG Suite, revert to GPG 1.0 or use gpg-preset-passphrase.

Thanks!

- Christopher Allen

+7
git github gnupg macos pgp
source share
3 answers

It turns out the problem is that I copied all the files from ~.gnupg that were overwriting the files created by brew install gpg (possibly one of the .conf files.

I removed gpg and all its subpackages (there are many), copied only pubring.gpg , secring.gpg and trustdb.gpg to ~.gnupg FIRST, and then did brew install gpg . New gpg.conf and gpg-agent.conf were created.

- Christopher Allen

+4
source share

Actually, I decided to solve this problem:

Pin setting

brew install pinentry

If this fails, follow these steps:

Tell GPG which tty to use when it asks for a password

export GPG_TTY=$(tty)

It really fixed it for me.

You can also add this export to your ~/.bashrc so that it is automatically exported. Remember to reload the file or start a new session.

An easy way to do this: echo "export GPG_TTY=$(tty)" >> ~/.bashrc

If you get this error:

gpg-agent: no gpg-agent running in this session

Add the script mentioned in the question to the ~/.bashrc .

 [ -f ~/.gpg-agent-info ] && source ~/.gpg-agent-info if [ -S "${GPG_AGENT_INFO%%:*}" ]; then export GPG_AGENT_INFO else eval $( gpg-agent --daemon --write-env-file ~/.gpg-agent-info ) fi

Check if gpg works

echo "Hello" | gpg -s

In random order, it still does not request a passphrase

When git will not ask me for a passphrase, sometimes I use the above test command to get a request for it, which will be cached, and then I will try to commit my changes.

Increase frame phrase caching time

If you want to cache the passphrase for a longer period of time, you can add the following line to the configuration file: ~/.gnupg/gpg-agent.conf

 default-cache-ttl 86400
+3
source share

I was able to solve this by running gpg-agent in daemon mode and then applying the GPG_AGENT_INFO environment variable that he introduced.

 gpg-agent --daemon GPG_AGENT_INFO=/Users/.../.gnupg/S.gpg-agent:58895:1; export GPG_AGENT_INFO;

In the same session, I did a git tag -s (note the lower case), and I was asked to enter the GPG passphrase.

0
source share

More articles:


All Articles