gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]

git github gpg-signature

I ran into this issue with OSX.

Original answer:

It seems like a gpg update (of brew) changed to location of gpg to gpg1, you can change the binary where git looks up the gpg:

git config --global gpg.program gpg1

If you don't have gpg1: brew install gpg1.

Updated answer:

It looks like gpg1 is being deprecated/"gently nudged out of usage", so you probably should actually update to gpg2, unfortunately this involves quite a few more steps/a bit of time:

brew upgrade gnupg  # This has a make step which takes a while
brew link --overwrite gnupg
brew install pinentry-mac

on old homebrew:

echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

On more rencent one like M1 macs:

echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf 
killall gpg-agent

The first part installs gpg2, and latter is a hack required to use it. For troubleshooting, see this answer (though that is about linux not brew), it suggests a good test:

echo "test" | gpg --clearsign  # on linux it's gpg2 but brew stays as gpg

If this test is successful (no error/output includes PGP signature), you have successfully updated to the latest gpg version.

You should now be able to use git signing again!
It's worth noting you'll need to have:

git config --global gpg.program gpg  # perhaps you had this already? On linux maybe gpg2
git config --global commit.gpgsign true  # if you want to sign every commit

Note: After you've ran a signed commit, you can verify it signed with:

git log --show-signature -1

which will include gpg info for the last commit.


If gnupg2 and gpg-agent 2.x are used, be sure to set the environment variable GPG_TTY.

export GPG_TTY=$(tty)

See GPG’s documentation about common problems.


If everything fails, use GIT_TRACE=1 to try and see what git is actually doing:

$ GIT_TRACE=1 git commit -m "Add page that always requires a logged-in user"
20:52:58.902766 git.c:328               trace: built-in: git 'commit' '-vvv' '-m' 'Add page that always requires a logged-in user'
20:52:58.918467 run-command.c:626       trace: run_command: 'gpg' '--status-fd=2' '-bsau' '23810377252EF4C2'
error: gpg failed to sign the data
fatal: failed to write commit object

Now run the failing command manually:

$ gpg -bsau 23810377252EF4C2
gpg: skipped "23810377252EF4C2": Unusable secret key
gpg: signing failed: Unusable secret key

Turns out, my key was expired, git was not to blame.


I've DONE it through this short and easy recipe:

Auto-sign commits on macOS (Globally and with different IDEs):

Get your signingkey in this way.

brew install gnupg gnupg2 pinentry-mac
git config --global user.signingkey <YOUR_SIGNING_KEY>
git config --global commit.gpgsign true
git config --global gpg.program gpg

Put the following in gpg.conf file (edit file with nano ~/.gnupg/gpg.conf command):

no-tty

Put the following in gpg-agent.conf file (edit file with nano ~/.gnupg/gpg-agent.conf command):

pinentry-program /usr/local/bin/pinentry-mac

Update:

You might need to execute killall gpg-agent command after editing the configurations file, gpg.conf, according to the comments. As the self-explanatory command says, this command will terminate the GPG (Gnu Privacy Guard) agent.

Related

How to handle screen orientation change when progress dialog and background thread active?
Managing large binary files with Git
java.util.Date vs java.sql.Date
What is "runtime"?
What does an exclamation mark mean in the Swift language?
What is "stdafx.h" used for in Visual Studio?
How do I correctly clean up a Python object?
How do I install a NuGet package .nupkg file locally?
How to get the last char of a string in PHP?
NOW() function in PHP
performing HTTP requests with cURL (using PROXY)
How to remove CocoaPods from a project?