github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Gitea fails to sign commits - cannot find secret key #12068

New Issue
Closed
opened 2025-11-02 09:56:44 -06:00 by GiteaMirror · 1 comment
GiteaMirror commented 2025-11-02 09:56:44 -06:00
Owner
Copy Link

Originally created by @belliash on GitHub (Nov 22, 2023).

Description

I have signingkey = CA??????? in ~/.gitconfig and I am able to successfully sign commits.
I wanted to use this in Gitea to sign PR squashed commits. I was following https://docs.gitea.com/administration/signing and if I specify SIGNING_KEY it all looks good, but merge fails with the following error:

Merge, git commit [repo1:branch -> repo2:master]: exit status 128

error: gpg failed to sign the data:
gpg: skipped "CA???": No secret key
[GNUPG:] INV_SGNR 9 CA???
[GNUPG:] FAILURE sign 17
gpg: signing failed: No secret key

fatal: failed to write commit object

I also tried to set SIGNING_KEY to 'default', thus key set in .gitconfig should be used, but then it prevents merging due to the same reason.

I have tried signing commits using same user as Gitea service is running as.
Gitea is installed on the system (not running as container) and running from a dedicated user. When I login as this user (regardless I login on this account directly, or with su) , I can sign commits as well as I can encrypt any data with GPG using this key.

$ gpg -k
/path/to/.gnupg/pubring.kbx
---------------------------------
pub   rsa4096 2022-07-25 [SCE]
      CA??????
uid           [ultimate] Signing Team <signing@domain.com>

$ gpg -K
/path/to/.gnupg/pubring.kbx
---------------------------------
sec   rsa4096 2022-07-25 [SCE]
      CA??????
uid           [ultimate] Signing Team <signing@domain.com>

Actually, Gitea is the only service failing on this. I use GPG with webmail client successfully.

Gitea Version

1.21.0

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

2.41.0

Operating System

Gentoo Linux

How are you running Gitea?

# /etc/init.d/gitea status
 * status: started


gitea       5689  0.0  0.0 379400  3348 ?        Ssl  Nov21   0:01 gpg-agent --homedir /path/to/.gnupg --use-standard-socket --daemon
gitea       9069  3.0  0.8 3326460 268392 ?      Ssl  13:57   7:33 /usr/bin/gitea web --config /etc/gitea/app.ini

Database

MySQL/MariaDB

Originally created by @belliash on GitHub (Nov 22, 2023). ### Description I have `signingkey = CA???????` in ~/.gitconfig and I am able to successfully sign commits. I wanted to use this in Gitea to sign PR squashed commits. I was following https://docs.gitea.com/administration/signing and if I specify SIGNING_KEY it all looks good, but merge fails with the following error: ``` Merge, git commit [repo1:branch -> repo2:master]: exit status 128 error: gpg failed to sign the data: gpg: skipped "CA???": No secret key [GNUPG:] INV_SGNR 9 CA??? [GNUPG:] FAILURE sign 17 gpg: signing failed: No secret key fatal: failed to write commit object ``` I also tried to set SIGNING_KEY to 'default', thus key set in .gitconfig should be used, but then it prevents merging due to the same reason. I have tried signing commits using same user as Gitea service is running as. Gitea is installed on the system (not running as container) and running from a dedicated user. When I login as this user (regardless I login on this account directly, or with su) , I can sign commits as well as I can encrypt any data with GPG using this key. ``` $ gpg -k /path/to/.gnupg/pubring.kbx --------------------------------- pub rsa4096 2022-07-25 [SCE] CA?????? uid [ultimate] Signing Team <signing@domain.com> $ gpg -K /path/to/.gnupg/pubring.kbx --------------------------------- sec rsa4096 2022-07-25 [SCE] CA?????? uid [ultimate] Signing Team <signing@domain.com> ``` Actually, Gitea is the only service failing on this. I use GPG with webmail client successfully. ### Gitea Version 1.21.0 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version 2.41.0 ### Operating System Gentoo Linux ### How are you running Gitea? ``` # /etc/init.d/gitea status * status: started gitea 5689 0.0 0.0 379400 3348 ? Ssl Nov21 0:01 gpg-agent --homedir /path/to/.gnupg --use-standard-socket --daemon gitea 9069 3.0 0.8 3326460 268392 ? Ssl 13:57 7:33 /usr/bin/gitea web --config /etc/gitea/app.ini ``` ### Database MySQL/MariaDB
GiteaMirror added the issue/needs-feedback label 2025-11-02 09:56:44 -06:00
GiteaMirror commented 2025-11-02 09:56:44 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Nov 22, 2023):

Gitea doesn't use ~/.gitconfig

https://docs.gitea.com/administration/signing

Since 1.17, Gitea runs git in its own home directory [git].HOME_PATH (default to %(APP_DATA_PATH)/home) and uses its own config {[git].HOME_PATH}/.gitconfig. If you have your own customized git config for Gitea, you should set these configs in system git config (aka /etc/gitconfig) or the Gitea internal git config {[git].HOME_PATH}/.gitconfig. Related home files for git command (like .gnupg) should also be put in Gitea's git home directory [git].HOME_PATH. If you like to keep the .gnupg directory outside of {[git].HOME_PATH}/, consider setting the $GNUPGHOME environment variable to your preferred location.

@wxiaoguang commented on GitHub (Nov 22, 2023): Gitea doesn't use `~/.gitconfig` https://docs.gitea.com/administration/signing > Since 1.17, Gitea runs git in its own home directory [git].HOME_PATH (default to %(APP_DATA_PATH)/home) and uses its own config {[git].HOME_PATH}/.gitconfig. If you have your own customized git config for Gitea, you should set these configs in system git config (aka /etc/gitconfig) or the Gitea internal git config {[git].HOME_PATH}/.gitconfig. Related home files for git command (like .gnupg) should also be put in Gitea's git home directory [git].HOME_PATH. If you like to keep the .gnupg directory outside of {[git].HOME_PATH}/, consider setting the $GNUPGHOME environment variable to your preferred location.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#12068
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?