Howto Fix Yubikey GPG Signing Failed
I use YubiKey to sign commits and I had been seeing this error for like a year, until my patience ended and I really searched the error this time. As a workaround I signed plaintext in a console with (copy pasted) gpg --status-fd=2 -bsau 4E3FCA343AE82643 and then no PIN was asked while calling git commands.
Debug logs are turned on with GIT_TRACE=1.
Here I wanted to rebase which changes hashes of commits = a new signature is required. But the same is happening also with git commit:
$ GIT_TRACE=1 git rebase origin/master
03:40:27.852928 git.c:463 trace: built-in: git rebase origin/master
03:40:27.861349 run-command.c:659 trace: run_command: gpg --status-fd=2 -bsau 4E3FCA343AE82643
error: gpg failed to sign the data:
[GNUPG:] KEY_CONSIDERED 72607E0BE06B1C14C9FD9A234E3FCA343AE82643 2
[GNUPG:] BEGIN_SIGNING H10
[GNUPG:] PINENTRY_LAUNCHED 8991 tty 1.2.1 - xterm-256color :0 - 1000/1000 -
gpg: podpisovanie zlyhalo: Operation cancelled
[GNUPG:] FAILURE sign 83886179
gpg: signing failed: Operation cancelled
error: failed to write commit object
hint: Could not execute the todo command
hint:
hint: pick 5f0331d207b919c24e0630b64d4289aedfd77b28 Add integration test for mysql
hint:
hint: It has been rescheduled; To edit the command before continuing, please
hint: edit the todo list first:
hint:
hint: git rebase --edit-todo
hint: git rebase --continue
First be sure you have pinentry installed, either GUI or TUI version. GPG in true GNU way throws some really obscure and cryptic errors. Also I assume you have valid setup.
As the source of advise I used https://stackoverflow.com/questions/41052538/git-error-gpg-failed-to-sign-data.
You need to tell GPG to use pinentry even if it writes ‘PINENTRY_LAUNCHED….’
In ~/.gnupg/gpg-agent.conf add:
pinentry-program /usr/bin/pinentry-tty
allow-loopback-pinentry
In ~/.gnupg/gpg.conf add:
pinentry-mode loopback
Now it should work just fine and ask for PIN.
Add Comment