Git signs with gpg-key whose email matching author email instead of gpg-key that matches user.signingkey?

45 views
Skip to first unread message

x10an14

unread,
Jun 26, 2021, 6:18:38 PM6/26/21
to Git for human beings
As the subject describes, yesterday I experienced my git client attempting to sign my commits with gpg-key X, when I had specified gpg-key Z as such;
`git config user.signinkey <key id of gpg-key Z>`

I am using the email associated with gpg-key X as my `git config user.email`, and not the email that my gpg-client has associated with gpg-key Z.

Using `GIT_TRACE=1`, I get output like this;
`<snip> trace: run_command: gpg --status-fd=2 -bsau <email associated with gpg-key X>`

Does git ignore `git config user.signingkey` when it finds a gpg-key in the local gpg-agent whose email matches `git config author.email`?

I'd be grateful for any experience or pointers here. I was really hoping the `GPG_TRACE=1` output show the `gpg --status-fd=2` command to reference the key-id, not the email.

x10an14

unread,
Jun 29, 2021, 1:00:12 PM6/29/21
to Git for human beings
Example of bug:

```
[2021-06-28 11:45:09] 0 x10an14@x10-laptop:~/.password-store
-> $ gpg -k 40342E76F04C8890B58CB9FA321FC44B567B28FA
pub   ed25519 2021-06-22 [C]
      40342E76F04C8890B58CB9FA321FC44B567B28FA
uid           [ultimate] x10an14 <x10...@email1.example>
sub   ed25519 2021-06-22 [S] [expires: 2023-01-01]
sub   cv25519 2021-06-22 [E] [expires: 2023-01-01]
sub   ed25519 2021-06-22 [A] [expires: 2023-01-01]
[2021-06-28 11:45:18] 0 x10an14@x10-laptop:~/.password-store
-> $ bat ~/.config/git/config
   1   [user]
   2       signinkey = 40342E76F04C8890B58CB9FA321FC44B567B28FA
   3       email = x10...@users.noreply.github.com
   4       name = x10an14
   5   [gpg]
   6       program = gpg
   7   [commit]
   8       gpgsign = true
   9   [tag]
  10       gpgsign = true
[2021-06-28 11:46:30] 0 x10an14@x10-laptop:~/.password-store
-> $ git config --list | grep user
user.signinkey=40342E76F04C8890B58CB9FA321FC44B567B28FA
user.email=x10...@users.noreply.github.com
user.name=x10an14
[2021-06-28 11:46:45] 0 x10an14@x10-laptop:~/.password-store
-> $ git config --list | grep gpg
gpg.program=gpg
commit.gpgsign=true
tag.gpgsign=true
[2021-06-28 11:46:50] 0 x10an14@x10-laptop:~/.password-store
-> $ pwd
/home/x10an14/.password-store
[2021-06-28 11:46:58] 0 x10an14@x10-laptop:~/.password-store
-> $ GIT_TRACE=1 git commit -S -m "Add given password for x10...@email1.example/password to store." --amend
11:47:04.657284 git.c:442               trace: built-in: git commit -S -m 'Add given password for x10...@email1.example/password to store.' --amend
11:47:04.658591 run-command.c:663       trace: run_command: gpg --status-fd=2 -bsau 'x10an14 <x10...@users.noreply.github.com>'
error: gpg failed to sign the data
fatal: failed to write commit object
[2021-06-28 11:47:04] 128 x10an14@x10-laptop:~/.password-store
-> $
```
Reply all
Reply to author
Forward
0 new messages