I followed the instructions on https://wiki.gentoo.org/wiki/Project:GURU/Information_for_Contributors to contribute to GURU. After running `pkgdev commit`, I got the following error: ``` error: gpg failed to sign the data fatal: failed to write commit object ``` Previously, I ran the command `git config --local user.signingkey CCB9E48A5803353D1704C3B83F7A9180DA814844`. I also put the following two lines in `/etc/portage/make.conf`: ``` PORTAGE_GPG_KEY="CCB9E48A5803353D1704C3B83F7A9180DA814844" SIGNED_OFF_BY="Amar Al-Zubaidi <amar.al-zubaidi45@tutanota.com>" ``` Here is the output of `gpg --list-keys`: ``` /home/amarakon/.local/share/gnupg/pubring.kbx --------------------------------------------- pub rsa4096 2022-08-23 [C] CCB9E48A5803353D1704C3B83F7A9180DA814844 uid [ultimate] Amar Al-Zubaidi <amar.al-zubaidi45@tutanota.com> sub rsa2048 2022-08-23 [S] [expires: 2023-08-23] sub rsa2048 2022-08-23 [E] [expires: 2023-08-23] ```
This command can help you identify the root of the problem: GIT_TRACE=1 pkgdev commit To me it looks like you copied the wrong id, you need the one from: gpg --list-secret-keys --keyid-format LONG As described here: https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key
(In reply to Andrew Ammerlaan from comment #1) > This command can help you identify the root of the problem: GIT_TRACE=1 > pkgdev commit > > To me it looks like you copied the wrong id, you need the one from: gpg > --list-secret-keys --keyid-format LONG > As described here: > https://docs.github.com/en/authentication/managing-commit-signature- > verification/telling-git-about-your-signing-key Here is the output of `GIT_TRACE=1 pkgdev commit`: ``` 18:58:51.233604 git.c:458 trace: built-in: git rev-parse --show-toplevel 18:58:51.236115 git.c:458 trace: built-in: git diff-index --diff-filter=ARMD --find-renames --name-status --cached -z HEAD 18:58:51.245745 git.c:458 trace: built-in: git status --porcelain=v1 -u -z '*.ebuild' 18:58:51.843397 git.c:458 trace: built-in: git add /home/amarakon/.local/src/guru/media-gfx/blender-bin/Manifest 18:58:51.857878 git.c:458 trace: built-in: git commit -F /tmp/tmpip1go2sg --gpg-sign 18:58:51.886989 run-command.c:654 trace: run_command: gpg --status-fd=2 -bsau CCB9E48A5803353D1704C3B83F7A9180DA814844 error: gpg failed to sign the data fatal: failed to write commit object ``` Here is the output of `gpg --list-secret-keys --keyid-format LONG`: ``` /home/amarakon/.local/share/gnupg/pubring.kbx --------------------------------------------- sec rsa4096/3F7A9180DA814844 2022-08-23 [C] CCB9E48A5803353D1704C3B83F7A9180DA814844 uid [ultimate] Amar Al-Zubaidi <amar.al-zubaidi45@tutanota.com> ssb rsa2048/E94F61DDAF7D6C04 2022-08-23 [S] [expires: 2023-08-23] ssb rsa2048/3BC558B466989B64 2022-08-23 [E] [expires: 2023-08-23] ``` I'm not sure which one it should be, so I also tried using the `3F7A9180DA814844` key, but I still got the same error. By the way, I cloned with `git clone -b dev https://gitweb.gentoo.org/repo/proj/guru.git` instead of `git clone -b dev git@git.gentoo.org:repo/proj/guru.git` because the latter gave me this error: ``` Cloning into 'guru'... git@git.gentoo.org: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. ``` This happened even though my access request was accepted.
Try running directly: gpg -bsau CCB9E48A5803353D1704C3B83F7A9180DA814844 <<<foo If it works, it should output a signature. If it doesn't, it should give "somewhat human-readable" error.
(In reply to Michał Górny from comment #3) > Try running directly: > > gpg -bsau CCB9E48A5803353D1704C3B83F7A9180DA814844 <<<foo > > If it works, it should output a signature. If it doesn't, it should give > "somewhat human-readable" error. Here is the output: ``` gpg: signing failed: Operation cancelled gpg: signing failed: Operation cancelled ``` This exact error occurred for every single key that was listed from `gpg --list-secret-keys --keyid-format LONG`, even though I followed the Gentoo Wiki's instructions on generating a GPG key. Maybe I messed up somewhere? Should I delete this key and try generating a GPG key again according to the Gentoo Wiki, but this time pay more attention to not make any mistakes in the process?
How about: echo foo | gpg -bsau CCB9E48A5803353D1704C3B83F7A9180DA81484?
Could you give us a bit more information about your system? Specifically the output off: - eix -I app-crypt/gnupg - eix -I app-crypt/pinentry - eselect pinentry list - cat ~/.gnupg/gpg.conf - cat ~/.gnupg/gpg-agent.conf - Are you running a graphical session, if so, which one? Please check if eselect-pinentry matches with the session you are running. (qt5 for kde, gnome3 for gnome, tty for non-graphical session)
I think the key is fine, and pinentry is the problem. You're probably trying to use pinentry-tty or pinentry-curses but it can't access your pty for some reason. My suggestion would be to try a graphical pinentry frontend instead.
(In reply to Andrew Ammerlaan from comment #6) > Could you give us a bit more information about your system? Specifically the > output off: > - eix -I app-crypt/gnupg > - eix -I app-crypt/pinentry > - eselect pinentry list > - cat ~/.gnupg/gpg.conf > - cat ~/.gnupg/gpg-agent.conf > - Are you running a graphical session, if so, which one? Please check if > eselect-pinentry matches with the session you are running. (qt5 for kde, > gnome3 for gnome, tty for non-graphical session) ``` $ eix -I app-crypt/gnupg [U] app-crypt/gnupg Available versions: 2.2.35^t 2.2.35-r1^t (~)2.2.36^t (~)2.3.6^t{tbz2} (~)2.3.6-r1^t{tbz2} (~)2.3.7-r1^t {bzip2 doc ldap nls readline selinux +smartcard ssl test (+)tofu tools tpm usb user-socket verify-sig wks-server} Installed versions: 2.3.6-r1^t{tbz2}(02:48:06 AM 2022-07-09)(ssl tofu -bzip2 -doc -ldap -nls -readline -selinux -smartcard -test -tools -tpm -usb -user-socket -verify-sig -wks-server) Homepage: https://gnupg.org/ Description: The GNU Privacy Guard, a GPL OpenPGP implementation ``` ``` $ eix -I app-crypt/pinentry [I] app-crypt/pinentry Available versions: 1.2.0{tbz2} (~)1.2.0-r1{tbz2} {caps efl emacs gnome-keyring gtk ncurses qt5} Installed versions: 1.2.0-r1{tbz2}(08:34:05 PM 2022-07-07)(-caps -efl -emacs -gnome-keyring -gtk -ncurses -qt5) Homepage: https://gnupg.org/aegypten2 Description: Simple passphrase entry dialogs which utilize the Assuan protocol ``` ``` $ eselect pinentry list Available pinentry binary implementations: [1] pinentry-tty * ``` Disclaimer: my $GPGHOME is set to ~/.local/share/gpg instead of ~/.gpg. ``` $ cat ~/.local/share/gnupg/gpg.conf cat: /home/amarakon/.local/share/gnupg/gpg.conf: No such file or directory ``` ``` $ cat ~/.local/share/gnupg/gpg-agent.conf cat: /home/amarakon/.local/share/gnupg/gpg-agent.conf: No such file or directory ``` Here is everything inside ~/.local/share/gnupg: ``` /home/amarakon/.local/share/gnupg/ ├── openpgp-revocs.d/ │ └── CCB9E48A5803353D1704C3B83F7A9180DA814844.rev ├── private-keys-v1.d/ │ ├── 03EBB0299D170E03257180C349F7FC0D3F07C883.key │ ├── 6E91A2DA8C58D4D4F48AF33A32C676395F5D04A5.key │ └── A0F18EEA8AF5C2A6C4D3F4A74C1A0E8CDAADB523.key ├── .#lk0x0000562d1a241a60.genpad.11436 ├── tofu.db ├── trustdb.gpg ├── pubring.kbx └── pubring.kbx~ ``` I do not use KDE or Gnome. I am running DWM. My default pinentry in `eselect pinentry list` is `pinentry-tty` Could this issue be because I do not have some USE flags set for those packages you listed?
(In reply to Michał Górny from comment #7) > I think the key is fine, and pinentry is the problem. You're probably > trying to use pinentry-tty or pinentry-curses but it can't access your pty > for some reason. My suggestion would be to try a graphical pinentry > frontend instead. Maybe it can't access my pty because I set my $GPGHOME to be ~/.local/share/gnupg instead of ~/.gpg. Could that be the issue?
(In reply to Amar Al-Zubaidi from comment #9) > Maybe it can't access my pty because I set my $GPGHOME to be > ~/.local/share/gnupg instead of ~/.gpg. Could that be the issue? I don't think that's it. Console versions of pinentry are very fragile to tty permissions, so you may be missing some magic that sets these or using screen/tmux/etc., or doing one of other 1000 things that break this PoS. For a start, check your tty/pty permissions: $ ls -l $(tty) To confirm, you could try logging in from text console (e.g. ctrl-alt-f1) and seeing if it works on plain tty. My suggestion would be to enable USE=gtk or USE=qt5 (or maybe USE=efl but I've never used that) on app-crypt/pinentry, and switching to a graphical entry. It shouldn't matter which WM you use, it's just which UI you prefer (pinentry-gnome3 is GTK+3).
(In reply to Michał Górny from comment #10) > (In reply to Amar Al-Zubaidi from comment #9) > > Maybe it can't access my pty because I set my $GPGHOME to be > > ~/.local/share/gnupg instead of ~/.gpg. Could that be the issue? > > I don't think that's it. Console versions of pinentry are very fragile to > tty permissions, so you may be missing some magic that sets these or using > screen/tmux/etc., or doing one of other 1000 things that break this PoS. > > For a start, check your tty/pty permissions: > > $ ls -l $(tty) > > To confirm, you could try logging in from text console (e.g. ctrl-alt-f1) > and seeing if it works on plain tty. > > My suggestion would be to enable USE=gtk or USE=qt5 (or maybe USE=efl but > I've never used that) on app-crypt/pinentry, and switching to a graphical > entry. It shouldn't matter which WM you use, it's just which UI you prefer > (pinentry-gnome3 is GTK+3). ``` ls -l $(tty) crw--w---- 1 amarakon tty 136, 0 Aug 27 09:13 /dev/pts/0 ``` Are those permissions correct? If not, can I manually fix them with `chmod`? Or is it better to just enable USE=gtk?
I don't see anything wrong with them but I'm not an expert on this. I'm sorry but I have no more ideas. I think using the GUI version would be the simplest solution, or at least trying it to make sure it's this and not something else entirely.
(In reply to Amar Al-Zubaidi from comment #0) > I followed the instructions on > https://wiki.gentoo.org/wiki/Project:GURU/Information_for_Contributors to > contribute to GURU. After running `pkgdev commit`, I got the following error: > > ``` > error: gpg failed to sign the data > fatal: failed to write commit object > ``` Have you tried this? https://wiki.gentoo.org/wiki/GitHub_Pull_Requests#Possible_issues_with_signing