On 5 October 2010 16:07, Michael J Gruber <git@xxxxxxxxxxxxxxxxxxxx> wrote: > Stephan Hugel venit, vidit, dixit 05.10.2010 15:28: >> On 5 October 2010 09:00, Michael J Gruber <git@xxxxxxxxxxxxxxxxxxxx> wrote: >>> Stephan Hugel venit, vidit, dixit 05.10.2010 02:17: >>>> On 5 October 2010 00:59, Daniel Johnson <computerdruid@xxxxxxxxx> wrote: >>>>> On Monday 04 October 2010 19:04:51 Stephan Hugel wrote: >>>>>> Daniel, >>>>>> Those are the exact steps I'm using. >>>>>> >>>>>> When I run tag -v on existing tags, I don't see the >>>>>> >>>>>> -----BEGIN PGP MESSAGE----- >>>>>> Version: GnuPG v1.4.9 (Darwin) >>>>>> >>>>>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A >>>>>> yZeXw/EddYrfdad/VvOrL1o= >>>>>> =/0PJ >>>>>> -----END PGP MESSAGEââ >>>>>> >>>>>> block. It's only present on tags created using the current version. >>>>>> I've also just upgraded to GnuPG 1.4.10, but the result is the same. >>>>>> I'm not sure how else I can determine where the problem arises; I'm >>>>>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG >>>>>> is happy to use the same key for en/decryption and signing. I've also >>>>>> verified that none of the subkeys are expired, and that the trust db >>>>>> is OK. >>>>> >>>>> If you have the tests available, can you try running t7004 to see if it fails >>>>> there too? >>>>> >>>> I rebuilt and installed from source >>>> Passed all 105 tests in t7004-tag.sh >>>> Problem remains with tags I create >>>> >>>> This would seem to imply a problem with my key, even though nothing >>>> else is complaining about it. >>> >>> Here's a very basic way to check: If foo is your tag, do >>> >>> git cat-file tag foo > a >>> git cat-file tag foo > a.sig >>> >>> From the file "a", delete the signature (everything lines between and >>> including "-----BEGIN/END PGP SIGNATURE-----"), invoking an editor or >>> your favorite sed/awk/perl magic. >>> >>> a is the data on which git invoked gpg for signing the tag. (I'm not >>> sure why gpg can't notice the inline sig directly but that doesn't >>> matter; maybe because it is none ;)) >>> >>> Now, gpg --verify a.sig should check the signature a.sig for a. Doing >>> that, maybe with --verbose, you may find out whether the tag object is >>> bogus or git misunderstands gpg's response. If your key is on a key >>> server you can also share the file a.sig with us so that we can check. >>> >>> Michael >>> >> Michael, >> When I do this, gpg is able to verify the signature. So does this mean >> that gnupg is failing to ignore the PGP block (possibly because it >> expects "SIGNATURE", not "MESSAGE"?) > > Do you have "MESSAGE" in there??? > > Can you share the output of "git verify-tag --verbose yourtag" with us? > In any case, this command should give the same as the edited "a" above > on stdout, and gpg's repsonse on stderr. It should not contain any > "----BEGIN/END...". > > You haven't tinkered with your gpg options lately, have you? ;) > > Michael > Michael, Yes, it's "MESSAGE". Here's the complete process: $ git --version git version 1.7.3.1 $ git tag -s test_tag [editor opens, I enter message, save, close] You need a passphrase to unlock the secret key for user: "Stephan Hugel <urschrei@xxxxxxxxx>" 1024-bit DSA key, ID 9B10D690, created 2008-09-06 [I enter passphrase] [process completes] $ git verify-tag --verbose test_tag object 791abd4848d86ea98071f35bbce4d4b274ef0788 type commit tag test_tag tagger Stephan HÃgel <urschrei@xxxxxxxxx> 1286291263 +0100 Test tag -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.10 (Darwin) iD8DBQBMqz9G8Y2TgZsQ1pARAh2bAJ0WuNWsNa+eJq3aYMlwvOFX5eRUngCfZAcM hnt1Aomaz5SY0yofv9BwGWg= =+AKs -----END PGP MESSAGE----- gpg: Signature made Tue 5 Oct 16:07:50 2010 IST using DSA key ID 9B10D690 gpg: BAD signature from "Stephan Hugel <urschrei@xxxxxxxxx>" Now, if I manually append the tag contents to a file: $ git cat-file tag test_tag > a $ git cat-file tag test_tag > a.sig $ less a.sig object 791abd4848d86ea98071f35bbce4d4b274ef0788 type commit tag test_tag tagger Stephan HÃgel <urschrei@xxxxxxxxx> 1286291263 +0100 Test tag -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.10 (Darwin) iD8DBQBMqz9G8Y2TgZsQ1pARAh2bAJ0WuNWsNa+eJq3aYMlwvOFX5eRUngCfZAcM hnt1Aomaz5SY0yofv9BwGWg= =+AKs -----END PGP MESSAGEââ [remove PGP block (identical to the above block) from a] $ gpg --verify a.sig gpg: Signature made Tue 5 Oct 16:07:50 2010 IST using DSA key ID 9B10D690 gpg: Good signature from "Stephan Hugel <urschrei@xxxxxxxxx>" I've also just had a look at my gnupg.conf: the only options in it are: default-key 9B10D690 charset utf8 keyserver hkp://keyserver.ubuntu.com auto-key-locate hkp://keyserver.ubuntu.com utf8-strings rfc1991 Nothing else. -- steph -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html