Signing git commits on macOS keeps asking for passphrase

Question

I've set up Git commit signing on two other Macs in the past, I'm trying to set it up on a new one and failing for reasons that I don't understand. All machines are running High Sierra 10.13.6 (17G65)

1) Installed packages via Homebrew

brew install gnupg gpg-agent pinentry-mac gpg1

In ~/.gnupg/gpg.conf I have a keyserver defined, and

use-agent

In ~/.gnupg/gpg-agent.conf

pinentry-program /usr/local/bin/pinentry-mac

2) Added my private key (it shows up correctly running gpg -K)

3) If I run gpg, for example with echo "test" | gpg --clearsign, I see the pinentry prompt, with a checkbox to store the passphrase in Keychain. At that point, running the same command again won't ask for a password again.

If I try to sign a commit, I don't get the pinentry prompt, but a prompt in the terminal (you need to provide a passphrase to unlock, etc.). I can enter my password and signing works, but I need to enter the passphrase every single time.

I've tried uninstalling the packages and starting from scratch multiple times, but no luck.

Answer 1

After at least three hours fighting with this, I realized that Git wasn't using gpg (which I was testing with echo), but gpg1. echo "test" | gpg1 --clearsign was behaving like git commit -S.

Had to change my .gitconfig a while ago when it broke after an Homebrew update

[gpg]
     program = /usr/local/bin/gpg1

For some reason this config works on older Macs, but not on the new one. Removed this line, signing works as expected using gpg, and no requests for password.

Also uninstalled gpg1 at this point

brew uninstall gpg1