gpg failed to sign the data fatal: failed to write commit object [Git 2.10.0]

Question

I followed few articles over the pretty attributes on Git 2.10 release note. Going through which upgraded the git to 2.10.0 and made changes to global .gitconfig

Answer 1

Might be a hanging gpg-agent.

Try gpgconf --kill gpg-agent as discussed here

Answer 2

If gnupg2 and gpg-agent 2.x are used, be sure to set the environment variable GPG_TTY.

export GPG_TTY=$(tty)

See GPG’s documentation about common problems.

Answer 3

I ran into this issue with OSX.

Original answer:

It seems like a gpg update (of brew) changed to location of gpg to gpg1, you can change the binary where git looks up the gpg:

git config --global gpg.program gpg1

If you don't have gpg1: brew install gpg1.

Updated answer:

It looks like gpg1 is being deprecated/"gently nudged out of usage", so you probably should actually update to gpg2, unfortunately this involves quite a few more steps/a bit of time:

brew upgrade gnupg  # This has a make step which takes a while
brew link --overwrite gnupg
brew install pinentry-mac
echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent

The first part installs gpg2, and latter is a hack required to use it. For troubleshooting, see this answer (though that is about linux not brew), it suggests a good test:

echo "test" | gpg --clearsign  # on linux it's gpg2 but brew stays as gpg

If this test is successful (no error/output includes PGP signature), you have successfully updated to the latest gpg version.

You should now be able to use git signing again!
It's worth noting you'll need to have:

git config --global gpg.program gpg  # perhaps you had this already? On linux maybe gpg2
git config --global commit.gpgsign true  # if you want to sign every commit

Note: After you've ran a signed commit, you can verify it signed with:

git log --show-signature -1

which will include gpg info for the last commit.

Answer 4

May help killing process gpg-agent that might stuck with old data. So new gpg-agent started would ask for password.

Answer 5

I got this error on Ubuntu 18.04 and it turned out that my key was expired.

To see this, I ran this and it confirmed that my keys were expired:

gpg --list-keys

To correct this, I ran (using the ID displayed in the previous command):

gpg --edit-key <ID>

From there, I extended the expiration of key 0 and key 1 following these instructions which boiled down to typing key 0 then expire and following the prompts. Then repeating for key 1.

Afterward, to test this, I ran:

echo test | gpg --clearsign

And before the fix, it failed with the error:

gpg: no default secret key: No secret key
gpg: [stdin]: clear-sign failed: No secret key

But after the fix, the same command successfully signed the message so I knew things were working again!

Answer 6

I ran into the same problem. I'm happy to report that the issue lies not with git 2.10.0 but with gnupg 1.4.21.

Temporarily downgrading gnupg to 1.4.20 fixed the issue for me.

If you're using homebrew and you upgraded your packages like I did, you can probably just run brew switch gnupg 1.4.20 to revert back.