On Sat, Sep 02, 2017 at 05:11:50PM -0400, shawn wilson wrote:
> tl;dr - how do I get git to use gpg2 to sign things?
>
> I'm using gpg2 (so no agent options are configured but an agent is
> running) which is configured w/ a Nitrokey (Pro if it matters):
>
> % git commit -m "Initial."
>
> gits/bash-libs (master ⚡) localhost
> gpg: detected reader `Nitrokey Nitrokey Pro (000034670000000000000000) 00 00'
> gpg: pcsc_connect failed: sharing violation (0x8010000b)
> gpg: apdu_send_simple(0) failed: locking failed
> Please insert the card and hit return or enter 'c' to cancel:
> gpg: pcsc_connect failed: sharing violation (0x8010000b)
> gpg: pcsc_connect failed: sharing violation (0x8010000b)
> gpg: apdu_send_simple(0) failed: locking failed
> Please insert the card and hit return or enter 'c' to cancel: c
> gpg: selecting openpgp failed: general error
> gpg: signing failed: general error
> gpg: signing failed: general error
> error: gpg failed to sign the data
> fatal: failed to write commit object
This seems to be an issue with your gpg agent configuration (even if
there is none).
I can't seem to reproduce, although I don't have a nitrokey, so this is
most likely an issue with either:
- the PIV/CCID interface of the nitrokey using gpg2. I"m not familiar
enough with nitrokeys to debug this, but keys are usually super
paranoid when signing arbitrary buffers.
- the fork call within git on gpg2.
I think the second one is rather unlikely, but it's worth giving it a
try...
~ localhost
> -----BEGIN PGP MESSAGE-----
> Version: GnuPG v2
> [SNIPPED]
> -----END PGP MESSAGE-----
>
I noticed you didn't try gpg2 -d foo.gpg? Am I missing something?
> However, if I try this w/ the old gpg:
>
> % gpg -ae -o foo.gpg foo
>
> ~ localhost
> % gpg -d foo.gpg
>
> ~ localhost
> gpg: detected reader `Nitrokey Nitrokey Pro (000034670000000000000000) 00 00'
> gpg: pcsc_connect failed: sharing violation (0x8010000b)
> gpg: apdu_send_simple(0) failed: locking failed
> Please insert the card and hit return or enter 'c' to cancel: c
> gpg: selecting openpgp failed: general error
> gpg: encrypted with 3072-bit RSA key, ID 41826CFB, created 2017-03-13
> "Shawn Wilson <ag4ve.us@xxxxxxxxx>"
> gpg: public key decryption failed: general error
> gpg: decryption failed: secret key not available
This feels like an issue with the interface to the key itself. Can you
start a non-detached agent with --verbose to see exactly where it blows up?
We probably want to continue this offlist as this seems more of a gpg
issue rather than git. We can always come back if we figure out this is
something git related :)
Cheers!
-Santiago.
Attachment:
signature.asc
Description: PGP signature
