On 5 October 2010 09:00, Michael J Gruber <git@xxxxxxxxxxxxxxxxxxxx> wrote: > Stephan Hugel venit, vidit, dixit 05.10.2010 02:17: >> On 5 October 2010 00:59, Daniel Johnson <computerdruid@xxxxxxxxx> wrote: >>> On Monday 04 October 2010 19:04:51 Stephan Hugel wrote: >>>> Daniel, >>>> Those are the exact steps I'm using. >>>> >>>> When I run tag -v on existing tags, I don't see the >>>> >>>> -----BEGIN PGP MESSAGE----- >>>> Version: GnuPG v1.4.9 (Darwin) >>>> >>>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A >>>> yZeXw/EddYrfdad/VvOrL1o= >>>> =/0PJ >>>> -----END PGP MESSAGEââ >>>> >>>> block. It's only present on tags created using the current version. >>>> I've also just upgraded to GnuPG 1.4.10, but the result is the same. >>>> I'm not sure how else I can determine where the problem arises; I'm >>>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG >>>> is happy to use the same key for en/decryption and signing. I've also >>>> verified that none of the subkeys are expired, and that the trust db >>>> is OK. >>> >>> If you have the tests available, can you try running t7004 to see if it fails >>> there too? >>> >> I rebuilt and installed from source >> Passed all 105 tests in t7004-tag.sh >> Problem remains with tags I create >> >> This would seem to imply a problem with my key, even though nothing >> else is complaining about it. > > Here's a very basic way to check: If foo is your tag, do > > git cat-file tag foo > a > git cat-file tag foo > a.sig > > From the file "a", delete the signature (everything lines between and > including "-----BEGIN/END PGP SIGNATURE-----"), invoking an editor or > your favorite sed/awk/perl magic. > > a is the data on which git invoked gpg for signing the tag. (I'm not > sure why gpg can't notice the inline sig directly but that doesn't > matter; maybe because it is none ;)) > > Now, gpg --verify a.sig should check the signature a.sig for a. Doing > that, maybe with --verbose, you may find out whether the tag object is > bogus or git misunderstands gpg's response. If your key is on a key > server you can also share the file a.sig with us so that we can check. > > Michael > Michael, When I do this, gpg is able to verify the signature. So does this mean that gnupg is failing to ignore the PGP block (possibly because it expects "SIGNATURE", not "MESSAGE"?) -- steph -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html