Stephan Hugel venit, vidit, dixit 05.10.2010 15:28: > On 5 October 2010 09:00, Michael J Gruber <git@xxxxxxxxxxxxxxxxxxxx> wrote: >> Stephan Hugel venit, vidit, dixit 05.10.2010 02:17: >>> On 5 October 2010 00:59, Daniel Johnson <computerdruid@xxxxxxxxx> wrote: >>>> On Monday 04 October 2010 19:04:51 Stephan Hugel wrote: >>>>> Daniel, >>>>> Those are the exact steps I'm using. >>>>> >>>>> When I run tag -v on existing tags, I don't see the >>>>> >>>>> -----BEGIN PGP MESSAGE----- >>>>> Version: GnuPG v1.4.9 (Darwin) >>>>> >>>>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A >>>>> yZeXw/EddYrfdad/VvOrL1o= >>>>> =/0PJ >>>>> -----END PGP MESSAGEââ >>>>> >>>>> block. It's only present on tags created using the current version. >>>>> I've also just upgraded to GnuPG 1.4.10, but the result is the same. >>>>> I'm not sure how else I can determine where the problem arises; I'm >>>>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG >>>>> is happy to use the same key for en/decryption and signing. I've also >>>>> verified that none of the subkeys are expired, and that the trust db >>>>> is OK. >>>> >>>> If you have the tests available, can you try running t7004 to see if it fails >>>> there too? >>>> >>> I rebuilt and installed from source >>> Passed all 105 tests in t7004-tag.sh >>> Problem remains with tags I create >>> >>> This would seem to imply a problem with my key, even though nothing >>> else is complaining about it. >> >> Here's a very basic way to check: If foo is your tag, do >> >> git cat-file tag foo > a >> git cat-file tag foo > a.sig >> >> From the file "a", delete the signature (everything lines between and >> including "-----BEGIN/END PGP SIGNATURE-----"), invoking an editor or >> your favorite sed/awk/perl magic. >> >> a is the data on which git invoked gpg for signing the tag. (I'm not >> sure why gpg can't notice the inline sig directly but that doesn't >> matter; maybe because it is none ;)) >> >> Now, gpg --verify a.sig should check the signature a.sig for a. Doing >> that, maybe with --verbose, you may find out whether the tag object is >> bogus or git misunderstands gpg's response. If your key is on a key >> server you can also share the file a.sig with us so that we can check. >> >> Michael >> > Michael, > When I do this, gpg is able to verify the signature. So does this mean > that gnupg is failing to ignore the PGP block (possibly because it > expects "SIGNATURE", not "MESSAGE"?) Do you have "MESSAGE" in there??? Can you share the output of "git verify-tag --verbose yourtag" with us? In any case, this command should give the same as the edited "a" above on stdout, and gpg's repsonse on stderr. It should not contain any "----BEGIN/END...". You haven't tinkered with your gpg options lately, have you? ;) Michael -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html