Web lists-archives.com

signing commits using gpg2




tl;dr - how do I get git to use gpg2 to sign things?

I'm using gpg2 (so no agent options are configured but an agent is
running) which is configured w/ a Nitrokey (Pro if it matters):

 % git commit -m "Initial."

                                 gits/bash-libs (master ⚡) localhost
gpg: detected reader `Nitrokey Nitrokey Pro (000034670000000000000000) 00 00'
gpg: pcsc_connect failed: sharing violation (0x8010000b)
gpg: apdu_send_simple(0) failed: locking failed
Please insert the card and hit return or enter 'c' to cancel:
gpg: pcsc_connect failed: sharing violation (0x8010000b)
gpg: pcsc_connect failed: sharing violation (0x8010000b)
gpg: apdu_send_simple(0) failed: locking failed
Please insert the card and hit return or enter 'c' to cancel: c
gpg: selecting openpgp failed: general error
gpg: signing failed: general error
gpg: signing failed: general error
error: gpg failed to sign the data
fatal: failed to write commit object

This works with gpg and ssh:
 % touch foo

                                                         ~ localhost
 % gpg2 --sign foo

                                                         ~ localhost
gpg: using "846FF490" as default secret key for signing
 % cat foo*

                                                         ~ localhost
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

owEBuQFG/pANAwAKAYwdY7SEb/SQAcsJYgNmb29ZqxfviQGcBAABCgAGBQJZqxfv
AAoJEIwdY7SEb/SQAcEL/jonw+HymnlmfebtEwlvfx2Gl1Sbuw0xWWPpQ2Dtjljz
HtpD+LWczjpOSMTHFNK9xPR2kcs1WNY+mO8M45QI7iDgFkKRzaxEqeNUJkoyF/+I
81VMmXDQMXFs4+8jy00b+UxTdvwdXaHMsOtu+6YCtmCR5Bzohg07ADsnXnGGn3Sd
WTjVMzV6Dlh8LRF+coGJ8JuErBsRAI6vdNgJRVHYBULGNXci4uF/4a+58uiTL4/U
PvC4ruXCNxCKi89nMERhwlnOvglseX3TDR5ldrc4Hzb+pLsj/l6N4sBW0Zmb8UcE
9BG3WjOs4eZvnLmk5XHrwisD2CXuHvyWMl0yH7LTrg+m4Itj0PJ4Px4H9E5t/zfs
C1vcB/okcigeIyXnO06um02a5oZAYOKadB+6NRnBjULz5GvP2yxj/AO1VPmZprpt
budMuHZcA0zNE3uBmcnQY5+1tdkyTrlTxsL58lQrn/U3wvgah3AXMEvjRGqbYWHj
jDikQVJ7ESoevNqlfLPj8Q==
=hV6v
-----END PGP MESSAGE-----

However, if I try this w/ the old gpg:

 % gpg -ae -o foo.gpg foo

                                                         ~ localhost
 % gpg -d foo.gpg

                                                         ~ localhost
gpg: detected reader `Nitrokey Nitrokey Pro (000034670000000000000000) 00 00'
gpg: pcsc_connect failed: sharing violation (0x8010000b)
gpg: apdu_send_simple(0) failed: locking failed
Please insert the card and hit return or enter 'c' to cancel: c
gpg: selecting openpgp failed: general error
gpg: encrypted with 3072-bit RSA key, ID 41826CFB, created 2017-03-13
      "Shawn Wilson <ag4ve.us@xxxxxxxxx>"
gpg: public key decryption failed: general error
gpg: decryption failed: secret key not available
 % gpg2 -d foo.gpg

                                                         ~ localhost
gpg: encrypted with 3072-bit RSA key, ID E27FA0B841826CFB, created 2017-03-13
      "Shawn Wilson <ag4ve.us@xxxxxxxxx>"
foo

(yeah I added data to the file)

And just to prove basic competency checking:

 % git config --global -l | grep sign

                                                         ~ localhost
user.signingkey=846FF490
filter.gitconfig-rmuser.clean=sed -e "s/^\( *email =\).*/\1 <email
address>/" -e "s/^\( *name =\).*/\1 <real name>/" -e "s/^\(
*signingkey =\).*/\1 <gpg key>/"
filter.gitconfig-rmuser.smudge=egrep "^ *(email|name|signingkey) = "
commit.gpgsign=true