Apparently you need to set the GPG_TTY for git to work (I also set the gpg.program so I know it shouldn't /need/ that variable set) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840687#10 I'm not sure if there's anything that has or can be done upstream to make this easier (I feel this was a bigger PITA than it needed to be), I'm on git 2.7.5 from Fedira. On Tue, Sep 5, 2017 at 9:40 AM, Michael J Gruber <git@xxxxxxxxx> wrote: > shawn wilson venit, vidit, dixit 02.09.2017 23:11: >> tl;dr - how do I get git to use gpg2 to sign things? >> >> I'm using gpg2 (so no agent options are configured but an agent is >> running) which is configured w/ a Nitrokey (Pro if it matters): >> >> % git commit -m "Initial." >> >> gits/bash-libs (master ⚡) localhost >> gpg: detected reader `Nitrokey Nitrokey Pro (000034670000000000000000) 00 00' >> gpg: pcsc_connect failed: sharing violation (0x8010000b) >> gpg: apdu_send_simple(0) failed: locking failed >> Please insert the card and hit return or enter 'c' to cancel: >> gpg: pcsc_connect failed: sharing violation (0x8010000b) >> gpg: pcsc_connect failed: sharing violation (0x8010000b) >> gpg: apdu_send_simple(0) failed: locking failed >> Please insert the card and hit return or enter 'c' to cancel: c >> gpg: selecting openpgp failed: general error >> gpg: signing failed: general error >> gpg: signing failed: general error >> error: gpg failed to sign the data >> fatal: failed to write commit object >> >> This works with gpg and ssh: > > Not really... > >> % touch foo >> >> ~ localhost >> % gpg2 --sign foo > > ... because you're using gpg2, not gpg. > >> >> ~ localhost >> gpg: using "846FF490" as default secret key for signing >> % cat foo* >> >> ~ localhost >> -----BEGIN PGP MESSAGE----- >> Version: GnuPG v2 >> >> owEBuQFG/pANAwAKAYwdY7SEb/SQAcsJYgNmb29ZqxfviQGcBAABCgAGBQJZqxfv >> AAoJEIwdY7SEb/SQAcEL/jonw+HymnlmfebtEwlvfx2Gl1Sbuw0xWWPpQ2Dtjljz >> HtpD+LWczjpOSMTHFNK9xPR2kcs1WNY+mO8M45QI7iDgFkKRzaxEqeNUJkoyF/+I >> 81VMmXDQMXFs4+8jy00b+UxTdvwdXaHMsOtu+6YCtmCR5Bzohg07ADsnXnGGn3Sd >> WTjVMzV6Dlh8LRF+coGJ8JuErBsRAI6vdNgJRVHYBULGNXci4uF/4a+58uiTL4/U >> PvC4ruXCNxCKi89nMERhwlnOvglseX3TDR5ldrc4Hzb+pLsj/l6N4sBW0Zmb8UcE >> 9BG3WjOs4eZvnLmk5XHrwisD2CXuHvyWMl0yH7LTrg+m4Itj0PJ4Px4H9E5t/zfs >> C1vcB/okcigeIyXnO06um02a5oZAYOKadB+6NRnBjULz5GvP2yxj/AO1VPmZprpt >> budMuHZcA0zNE3uBmcnQY5+1tdkyTrlTxsL58lQrn/U3wvgah3AXMEvjRGqbYWHj >> jDikQVJ7ESoevNqlfLPj8Q== >> =hV6v >> -----END PGP MESSAGE----- >> >> However, if I try this w/ the old gpg: >> >> % gpg -ae -o foo.gpg foo >> >> ~ localhost >> % gpg -d foo.gpg >> >> ~ localhost >> gpg: detected reader `Nitrokey Nitrokey Pro (000034670000000000000000) 00 00' >> gpg: pcsc_connect failed: sharing violation (0x8010000b) >> gpg: apdu_send_simple(0) failed: locking failed >> Please insert the card and hit return or enter 'c' to cancel: c >> gpg: selecting openpgp failed: general error >> gpg: encrypted with 3072-bit RSA key, ID 41826CFB, created 2017-03-13 >> "Shawn Wilson <ag4ve.us@xxxxxxxxx>" >> gpg: public key decryption failed: general error >> gpg: decryption failed: secret key not available >> % gpg2 -d foo.gpg >> >> ~ localhost >> gpg: encrypted with 3072-bit RSA key, ID E27FA0B841826CFB, created 2017-03-13 >> "Shawn Wilson <ag4ve.us@xxxxxxxxx>" >> foo >> >> (yeah I added data to the file) >> >> And just to prove basic competency checking: >> >> % git config --global -l | grep sign >> >> ~ localhost >> user.signingkey=846FF490 >> filter.gitconfig-rmuser.clean=sed -e "s/^\( *email =\).*/\1 <email >> address>/" -e "s/^\( *name =\).*/\1 <real name>/" -e "s/^\( >> *signingkey =\).*/\1 <gpg key>/" >> filter.gitconfig-rmuser.smudge=egrep "^ *(email|name|signingkey) = " >> commit.gpgsign=true >> > > So, gpg2 works and gpg does not. This is typical for the way in which > the gpg upgrade path is broken, and your distro installs gpg because it > still relies on it. > > git sees two executables gpg and gpg2 and uses the first, so as to not > migrate your secrete key store inadvertently. > > Short answer: Use > > git config --global gpg.program gpg2 > > to make git use gpg2 which apparantly is your working gnupg setup. > > Michael
