无法使用gpg键错误提交git

时间:2020-09-08 12:21:27

标签: git gnupg gpg-agent

我使用git version 2.20.1和官方guide运行以下命令来生成pgp密钥

$ gpg --full-generate-key
...
$ gpg --list-secret-keys --keyid-format LONG
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/mahmood/.gnupg/pubring.kbx
--------------------------------
sec   rsa4096/CFEFE6D58A392624 2020-09-08 [SC]
      26XX594XXXE2BAXXXE40AXXXCFXXX6D5XXXXX624
uid                 [ultimate] mahmood <EMAIL>
ssb   rsa4096/3B138A448B277FD9 2020-09-08 [E]

现在我可以通过以下命令看到公钥:

$ gpg --armor --export CFEFE6D58A392624
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF9XdKoBEACyQjVUlBYjOLSqv7YRIIq0+iJ9A0UzkItUoWBnDrHmTdnH+UeK
...
=WCOk
-----END PGP PUBLIC KEY BLOCK-----

然后我根据此官方page将密钥复制到了网站中。

enter image description here

现在,当我要提交时,出现一个密钥签名错误:

$ git commit -S -m "...."
error: gpg failed to sign the data
fatal: failed to write commit object

我该如何解决?

更新:

导出以下变量将解决此问题。

export GPG_TTY=$(tty)

我是怎么做到的?首先,我检查了~/.gitconfig,以确保[user]部分正确。然后我运行了以下测试命令,该命令给了我一个ioctl错误

$ echo "test" | gpg --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

test
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device

搜索该错误导致export GPG_TTY=$(tty),然后测试命令正常。因此,commit命令现在可以了。

2 个答案:

答案 0 :(得分:2)

man gpg-agent

         You should always add the following lines to your .bashrc  or  whatever
         initialization file is used for all shell invocations:

           GPG_TTY=$(tty)
           export GPG_TTY


         It is important that this environment variable always reflects the out-
         put of the tty command.  For W32 systems this option is not required.

根据我的使用经验,GPG_TTY需要使用环境变量gpg-agent来检测哪个tty / window / shell是活动的,并弹出一个密码输入提示。 / p>

您还需要定期更新此信息。否则,密码短语提示可能不会在您的工作外壳中弹出,而是在另一个外壳中弹出。

大多数情况下,导出GPG_TTY就足够了。如果您还将gpg-agent用作ssh代理。还需要更新tty信息以获得gpg-agent的 ssh支持。这是我在ZSH中为gpg-agent的ssh支持所做的工作。

# Updates the gpg-agent TTY before every command since
# there's no way to detect this info in the ssh-agent protocol
function _gpg-agent-update-tty {
  gpg-connect-agent UPDATESTARTUPTTY /bye &>/dev/null
}

autoload -Uz add-zsh-hook
add-zsh-hook preexec _gpg-agent-update-tty

答案 1 :(得分:0)

如果您仍然在macOS中遇到问题,请打开~/.gitconfig并将[gpg]下的所有内容更改为program = /usr/local/bin/gpg

相关问题
最新问题