When using gpg-agent with git tag -u, I'm getting the following error immediately:
gpg: cancelled by user
gpg: skipped "my@email.com": bad passphrase
gpg: signing failed: bad passphrase
error: gpg failed to sign the data
error: unable to sign the tag
gpg-agent.conf:
pinentry-program /usr/bin/pinentry-curses
When I unlock the key first (via a gpg -e -s test.txt
), then the git tag -u
command picks up the key and signs the tag as expected.
This is on ubuntu 13.10, using i3 wm. I'd be suspicious that gnome-keyring is somehow hampering…something, but on an raspberry pi, running archlinux-arm, it works the same way, but with a slightly different issue — After running the git tag -u
command, it asks for a password to unlock, but no pinentry or prompt appears. After a time (about 30 seconds), it fails with the following:
gpg: problem with the agent: Line passed to IPC too long
gpg: skipped "my@email.com": Operation cancelled
gpg: signing failed: Operation cancelled
error: gpg failed to sign the data
error: unable to sign the tag
Again, once I unlock the key with a straight gpg -s
to an arbitrary file to cache the credentials in gpg-agent, the tag is signed without issue.
My assumption is that something is weird with my useage of pinentry-curses. I have already updated /usr/bin/pinentry to point to /usr/bin/pinentry-curses, but the problem persists.
What am I doing wrong, and how do I get git to play nice with gpg/pinentry?
- ubuntu gpg version: 1.4.14
- archlinux-arm gpg version: gnupg-2.0.22-1
EDIT: running zsh. Here is the relevant bit sourced for the gpg agent:
if [ $EUID -ne 0 ] ; then
envfile="$HOME/.gnupg/gpg-agent.env"
if [[ -e "$envfile" ]] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
eval "$(cat "$envfile")"
else
eval "$(gpg-agent --daemon --write-env-file "$envfile")"
fi
export GPG_AGENT_INFO # the env file does not contain the export statement
fi
when I follow $(tty) (eg: /dev/pts/16
) the ownsership is already user:tty
.
Best Answer
You will also need to export the GPG_TTY variable every time when you start a new TTY (could also be done from bash/zsh rc files):