August 21, 2022

WTF: Weird error when setting up GnuPG to sign commits

Short post because now I can blog again. And I haven’t in a while, so I am a little rusty.

I want to sign my commits

So you have a job (nice) and they say

Hey, it’s company policy that you have to sign your commits.

OK. I can do that.

So I go and I start furiously typing into my console. I accept all the defaults (of course) and then we get to the part that says:

So far, so good. This key is only for the purposes of signing my commits for work purposes, so I don’t really want to upload it to any key servers. The only place that needs to know about this key really is my organisation’s GitHub server (at least, at this stage).

In the line above, we can see importantly the USER-ID says

Carlos The Programmer (My Work GPG Key) <carlos@some-company.example>

Then I configure my git so that this key is used to sign my commits:

All looks good so far?

But I get this error

OK. This is weird?

But a Google Search (TM) says that this is a rather common error? I may have missed some steps, so let me go back and retrace my steps.

The Internet recommends!

Typical stuff from Stack Overflow and other sites.

Some of them suggest that I did not configure git to use the gpg.program:

https://stackoverflow.com/questions/61849061/no-secret-key-error-when-signing-git-commit-on-windows

I am not on Windows but whatevever?

Other results seem to suggest that the key expired, or that I did not set the correct signing key (I may have confused some other value?)

https://gist.github.com/paolocarrasco/18ca8fe6e63490ae1be23e84a7039374

Others just straight up recommend that I export the key I just created and reimport it?

This sounds weird to me so I don’t even attempt it.

The internet is wrong, wtf

Ok so maybe they are not entirely wrong. I’m sure that for their intended audience things worked fine with their suggestion. However they did not work out for me.

Debug git

So there is a pretty cool GIT_TRACE environment variable that can let me read what git is trying to do:

So there seems to be something in the gpp2 command that simply doesn’t like something in the command:

A misconfigured name

As it turns out, when I created my GPG key I said that my name was

Carlos The Programmer

But git is saying that my name is

Carlos D

See the problem here?

It’s weird to me because I would have thought that my email would have been enough, however it seems that it was not.

So went to gpg and I told it to please recognise not only my name but also my name without my very long last name:

Now I can sign my commits. Yay, I am compliant with my company’s security policies! I assume this is worth celebrating.

Conclusion

So it turns out that not everything on the Internet is correct. Who would have thought?

Perhaps I need to read debug logs more 😄

Listening to

This album is like 30 years old, and yet it’s better than most of the stuff out there today.

Ok maybe not this one specifically because this one is the 20th Anniversary Special Edition but you get what I mean.

WTF: Weird error tying to sign commits