gpg "failed to write commit object"

Question

I'm trying to enable commit signing on OS X Mojave.

git commit -S -am "Test"

The error is:

error: gpg failed to sign the data
fatal: failed to write commit object

What I tried:

• gpg works fine (see below), did not install gpg1 or gpg2
• Installed GPG KeyChain and added a new key (even added a separate sign-only subkey whithin)
• Installed pinentry
• gpg2 --clearsign works fine (generates a new .asc file for files, outputs text for plain text)

Questions I looked into and tried every option:

• gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]
• Git error - gpg failed to sign data

What am I doing wrong?

Answer 1

At least, that error message will be clearer:

Error messages given upon a signature verification failure used to discard the errors from underlying gpg program, which has been corrected with Git 2.40 (Q1 2023).

See commit ad6b320, commit 8300d15 (15 Feb 2023) by Johannes Schindelin (dscho).
^{(Merged by Junio C Hamano -- gitster -- in commit 38a227b, 24 Feb 2023)}

gpg: do show gpg's error message upon failure

^{Signed-off-by: Johannes Schindelin}

There are few things more frustrating when signing a commit fails than reading a terse "error: gpg failed to sign the data" message followed by the unsurprising "fatal: failed to write commit object" message.

In many cases where signing a commit or tag fails, gpg actually said something helpful, on its stderr, and Git even consumed that, but then keeps mum about it.

Teach Git to stop withholding that rather important information.

Answer 2

To prompt you to enter a PIN or passphrase when required, install pinentry-mac

$ brew install pinentry-mac
$ echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf
$ killall gpg-agent

Answer 3

Try with echo "foobar" | gpg --clearsign. It should ask for your key's passphrase and return the signature. If instead you see the following error message:

error: gpg failed to sign the data
fatal: failed to write commit object

You might want to try running export GPG_TTY=$(tty). If after testing again you're prompted for the password and it works, run this everytime on startup, adding it to ~/.bashrc, which is actually required according to gpg-agent's documentation, as mentioned in this dev.gnupg thread and which you can verify with man gpg-agent.

I also found this gitHub gist very useful.

Answer 4

I just added the key ID to the global config

list all keys:

gpg --list-keys

Select the one you added to github and set it.

git config --global user.signingkey [public key ID]

Answer 5

I also had this problem. I found a good solution. Just try to sign a file before you commit.

$ touch a.txt
$ gpg --sign a.txt

Then, the OS will let you input the password. If this step is OK, now you can commit by signing correctly.

Answer 6

Heh, of course, right after I posted this question, I found the solution.

So my problem was that I followed this doc: https://help.github.com/en/articles/telling-git-about-your-signing-key

And set up both GPG and smimesign, when I have Git < 2.19 and no proper X.509 keys.

So I just removed the part with smimesign from global ~/.gitconfig