我使用git version 2.20.1
和官方guide运行以下命令来生成pgp密钥
$ gpg --full-generate-key
...
$ gpg --list-secret-keys --keyid-format LONG
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/mahmood/.gnupg/pubring.kbx
--------------------------------
sec rsa4096/CFEFE6D58A392624 2020-09-08 [SC]
26XX594XXXE2BAXXXE40AXXXCFXXX6D5XXXXX624
uid [ultimate] mahmood <EMAIL>
ssb rsa4096/3B138A448B277FD9 2020-09-08 [E]
现在我可以通过以下命令看到公钥:
$ gpg --armor --export CFEFE6D58A392624
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF9XdKoBEACyQjVUlBYjOLSqv7YRIIq0+iJ9A0UzkItUoWBnDrHmTdnH+UeK
...
=WCOk
-----END PGP PUBLIC KEY BLOCK-----
然后我根据此官方page将密钥复制到了网站中。
现在,当我要提交时,出现一个密钥签名错误:
$ git commit -S -m "...."
error: gpg failed to sign the data
fatal: failed to write commit object
我该如何解决?
更新:
导出以下变量将解决此问题。
export GPG_TTY=$(tty)
我是怎么做到的?首先,我检查了~/.gitconfig
,以确保[user]
部分正确。然后我运行了以下测试命令,该命令给了我一个ioctl错误
$ echo "test" | gpg --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
test
gpg: signing failed: Inappropriate ioctl for device
gpg: [stdin]: clear-sign failed: Inappropriate ioctl for device
搜索该错误导致export GPG_TTY=$(tty)
,然后测试命令正常。因此,commit命令现在可以了。
答案 0 :(得分:2)
man gpg-agent
,
You should always add the following lines to your .bashrc or whatever
initialization file is used for all shell invocations:
GPG_TTY=$(tty)
export GPG_TTY
It is important that this environment variable always reflects the out-
put of the tty command. For W32 systems this option is not required.
根据我的使用经验,GPG_TTY
需要使用环境变量gpg-agent
来检测哪个tty / window / shell是活动的,并弹出一个密码输入提示。 / p>
您还需要定期更新此信息。否则,密码短语提示可能不会在您的工作外壳中弹出,而是在另一个外壳中弹出。
大多数情况下,导出GPG_TTY
就足够了。如果您还将gpg-agent用作ssh代理。还需要更新tty信息以获得gpg-agent的 ssh支持。这是我在ZSH中为gpg-agent的ssh支持所做的工作。
# Updates the gpg-agent TTY before every command since
# there's no way to detect this info in the ssh-agent protocol
function _gpg-agent-update-tty {
gpg-connect-agent UPDATESTARTUPTTY /bye &>/dev/null
}
autoload -Uz add-zsh-hook
add-zsh-hook preexec _gpg-agent-update-tty
答案 1 :(得分:0)
如果您仍然在macOS中遇到问题,请打开~/.gitconfig
并将[gpg]
下的所有内容更改为program = /usr/local/bin/gpg