On Fri, Dec 13, 2024 at 09:23:29PM +0100, Carlos Maiolino wrote:
> the git-tag manpage states:
>
> "
> CONFIGURATION
> By default, git tag in sign-with-default mode (-s) will use your committer
> identity (of the form Your Name <your@email.address>) to find a key. If you
> want to use a different default key, you can specify it in the repository
> configuration as follows:
>
> [user]
> signingKey = <gpg-key-id>
> "
>
>
> I do have my $HOME/.gitconfig configured to always sign tags with a specific key
> per above documentation, and I just take it for granted.
> Today I had two smartcards connected, and when signing a tag, git-tag used the
> wrong key to sign the tag, instead of the specified in the .gitconfig.
>
> I believe this might be a bug or some expected behavior that doesn't match the
> manpage. Or perhaps I misinterpreted the manpage?
No, I'd expect it to sign with the key that you configured. Two things
I'd check:
1. Try "git config --list --show-origin" to make sure you do not
accidentally have incorrect config somewhere overriding what you
expect.
2. Try signing with "GIT_TRACE=1" set in the environment, which will
show the gpg command we run. E.g.:
$ GIT_TRACE=1 git -c user.signingkey=foobar tag -s -m foo bar
[...]trace: built-in: git tag -s -m foo bar
[...]trace: run_command: gpg --status-fd=2 -bsau foobar
[...]trace: start_command: /usr/bin/gpg --status-fd=2 -bsau foobar
If git is passing the correct "-u" option to gpg, then the bug (or
misconfiguration) may be in gpg.
-Peff
