Brew: bump-formula-pr fails when attempting to sign commit
- [x] Confirmed this is a problem with running a
brewcommand and notbrew installing or the post-install behaviour of one or more formulae? If it's a formulae-specific problem please file this issue at the relevant tap e.g. for Homebrew/homebrew-core https://github.com/Homebrew/homebrew-core/issues/new - [x] Ran
brew updateand retried your prior step? - [x] Ran
brew doctor, fixed all issues and retried your prior step? - [x] Ran
brew configandbrew doctorand included their output with your issue?
$ brew doctor
Your system is ready to brew.
To help us debug your issue please explain:
- What you were trying to do (and why)
attempting to bump a formula with bump-formula-pr - What happened (include command output)
Error when it attempting to git-commit.
$ HOMEBREW_DEVELOPER=true brew bump-formula-pr --url=https://github.com/nodenv/node-build/archive/v2.6.20.tar.gz --sha256=af89b9eb0086324a78674d31e7d74e750d30ac8565b27058431b1b854b068b9a node-build
Already up-to-date.
==> replace "https://github.com/nodenv/node-build/archive/v2.6.19.tar.gz" with "https://github.com/nodenv/node-build/archive/v2.6.20.tar.gz"
==> replace "ed4b5aa3e5d6c474f7e53e9a78b6080bb7e57497ff1d2c67ddbc2700d0c5c2d0" with "af89b9eb0086324a78674d31e7d74e750d30ac8565b27058431b1b854b068b9a"
M Formula/node-build.rb
Switched to a new branch 'node-build-2.6.20'
error: gpg failed to sign the data
fatal: failed to write commit object
Error: Failure while executing: git commit --no-edit --verbose --message=node-build\ 2.6.20 -- /usr/local/Homebrew/Library/Taps/homebrew/homebrew-core/Formula/node-build.rb
- What you expected to happen
expected it to commit and open a PR - Step-by-step reproduction instructions (by running
brewcommands)
My git configuration has user.signingkey set and commit.gpgsign=true.
Failed on: HOMEBREW_DEVELOPER=true brew bump-formula-pr --url=https://github.com/nodenv/node-build/archive/v2.6.20.tar.gz --sha256=af89b9eb0086324a78674d31e7d74e750d30ac8565b27058431b1b854b068b9a node-build
The commit succeeded when executed manually (by just re-running the exact command that was echoed in the failure output: git commit --no-edit --verbose --message=node-build\ 2.6.20 -- /usr/local/Homebrew/Library/Taps/homebrew/homebrew-core/Formula/node-build.rb). So I'm presuming the issue is that the brew process is running under a different user so it doesn't have access to gpg-agent, thus it's unable to sign the commit. However, I'm not sure what the remedy should be here. (This isn't the first issue I've encountered with homebrew respecting the user's gitconfig, but then failing due to some configuration therein.)
Is there some configuration that other homebrew devs use? I assume I'm not the only one who has git configured to sign commits.
jasonkarns
All 27 comments
We now filter environment variables by default in your configuration. It's likely we may want to passthrough some GPG variables to enable signing to work.
MikeMcQuaid
on 8 Dec 2017
I couldn't reproduce this today, FWIW. I'm not immediately sure why, I expected it to fail based on your report and failures seen with brew pull.
Relevant section of config:
[commit]
gpgsign = true
[gpg]
program = gpg
DomT4
on 15 Dec 2017
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 5 Jan 2018
I just did another automatic PR for nodenv and the issue still manifests. Unsure what additional digging on my end that would be helpful here...
jasonkarns
on 5 Jan 2018
What's the full readout if you run the command with the --debug flag? I _think_ --debug is supported on that command.
DomT4
on 5 Jan 2018
$ brew bump-formula-pr --debug --url=https://github.com/nodenv/node-build-update-defs/archive/v2.2.0.tar.gz --sha256=e1a0b5e5c68d48cd5cff46dc6e196dfbb04369ff711ae1287679a580449ee30d node-build-update-defs
/usr/local/Homebrew/Library/Homebrew/brew.rb (Formulary::FormulaLoader): loading /usr/local/Homebrew/Library/Taps/nodenv/homebrew-nodenv/node-build-update-defs.rb
Already up-to-date.
==> replace "https://github.com/nodenv/node-build-update-defs/archive/v2.1.2.tar.gz" with "https://github.com/nodenv/node-build-update-defs/archive/v2.
==> replace "00cc679a286d66a47cf75c2f150142d4907f25526e841d1048b98a2b118b8cab" with "e1a0b5e5c68d48cd5cff46dc6e196dfbb04369ff711ae1287679a580449ee30d"
/usr/local/Homebrew/Library/Homebrew/brew.rb (Formulary::FormulaContentsLoader): loading /usr/local/Homebrew/Library/Taps/nodenv/homebrew-nodenv/node-build-update-defs.rb
/usr/local/Homebrew/Library/Homebrew/brew.rb (Formulary::FormulaLoader): loading /usr/local/Homebrew/Library/Taps/homebrew/homebrew-core/Formula/hub.rb
M node-build-update-defs.rb
Switched to a new branch 'node-build-update-defs-2.2.0'
error: gpg failed to sign the data
fatal: failed to write commit object
Error: Failure while executing: git commit --no-edit --verbose --message=node-build-update-defs\ 2.2.0 -- /usr/local/Homebrew/Library/Taps/nodenv/homebrew-nodenv/node-build-update-defs.rb
/usr/local/Homebrew/Library/Homebrew/utils.rb:291:in `safe_system'
/usr/local/Homebrew/Library/Homebrew/dev-cmd/bump-formula-pr.rb:362:in `block in bump_formula_pr'
/usr/local/Homebrew/Library/Homebrew/extend/pathname.rb:340:in `block in cd'
/usr/local/Homebrew/Library/Homebrew/extend/pathname.rb:340:in `chdir'
/usr/local/Homebrew/Library/Homebrew/extend/pathname.rb:340:in `cd'
/usr/local/Homebrew/Library/Homebrew/dev-cmd/bump-formula-pr.rb:310:in `bump_formula_pr'
/usr/local/Homebrew/Library/Homebrew/brew.rb:100:in `<main>'
(this one happens to be a formula in a tap, but getting the same error in core formula as well. will post the next one that i run for core)
jasonkarns
on 12 Jan 2018
Could you post ~/.gnupg/gpg.conf and ~/.gnupg/gpg-agent.conf?
alyssais
on 12 Jan 2018
gpg configs: https://gist.github.com/jasonkarns/345a089e59b49f574b091acd7844b215
and here's a core formula failure:
$ brew bump-formula-pr --debug --url=https://github.com/nodenv/node-build/archive/v2.6.23.tar.gz --sha256=a2b867d3f86ed8996871976fa17ecd8db5c6145dadae728a50279a74b0d33bd5 node-build
/usr/local/Homebrew/Library/Homebrew/brew.rb (Formulary::FormulaLoader): loading /usr/local/Homebrew/Library/Taps/homebrew/homebrew-core/Formula/node-build.rb
Already up-to-date.
==> replace "https://github.com/nodenv/node-build/archive/v2.6.22.tar.gz" with "https://github.com/nodenv/node-build/archive/v2.6.23.tar.gz"
==> replace "3c3bee29e1680bd9fd5bd7bc8d849d151b28392fe518091c865734a13dba06e2" with "a2b867d3f86ed8996871976fa17ecd8db5c6145dadae728a50279a74b0d33bd5"
/usr/local/Homebrew/Library/Homebrew/brew.rb (Formulary::FormulaContentsLoader): loading /usr/local/Homebrew/Library/Taps/homebrew/homebrew-core/Formula/node-build.rb
/usr/local/Homebrew/Library/Homebrew/brew.rb (Formulary::FormulaLoader): loading /usr/local/Homebrew/Library/Taps/homebrew/homebrew-core/Formula/hub.rb
M Formula/node-build.rb
Switched to a new branch 'node-build-2.6.23'
error: gpg failed to sign the data
fatal: failed to write commit object
Error: Failure while executing: git commit --no-edit --verbose --message=node-build\ 2.6.23 -- /usr/local/Homebrew/Library/Taps/homebrew/homebrew-core/Formula/node-build.rb
/usr/local/Homebrew/Library/Homebrew/utils.rb:291:in `safe_system'
/usr/local/Homebrew/Library/Homebrew/dev-cmd/bump-formula-pr.rb:362:in `block in bump_formula_pr'
/usr/local/Homebrew/Library/Homebrew/extend/pathname.rb:340:in `block in cd'
/usr/local/Homebrew/Library/Homebrew/extend/pathname.rb:340:in `chdir'
/usr/local/Homebrew/Library/Homebrew/extend/pathname.rb:340:in `cd'
/usr/local/Homebrew/Library/Homebrew/dev-cmd/bump-formula-pr.rb:310:in `bump_formula_pr'
/usr/local/Homebrew/Library/Homebrew/brew.rb:100:in `<main>'
Is the result any different if you do HOMEBREW_NO_ENV_FILTERING="1" brew bump-formula-pr <blah>?
DomT4
on 12 Jan 2018
@DomT4 that worked!
It failed immediately before without, then when adding the no-env-filtering, it worked:
HOMEBREW_NO_ENV_FILTERING="1" brew bump-formula-pr --url=https://github.com/nodenv/node-build/archive/v3.0.0.tar.gz --sha256=7ff81f56147b55227eac57e3060c481884a160fa2f647091583826ea3d7f2335 node-build
generated: https://github.com/Homebrew/homebrew-core/pull/22839
(side question, is the HOMEBREW_DEVELOPER=true no longer necessary?)
jasonkarns
on 14 Jan 2018
Yeah, I thought that might be it, based on the timing of this Issue being created & my own experiences locally.
(side question, is the HOMEBREW_DEVELOPER=true no longer necessary?)
Once you've run any developer command once it should stick, IIRC.
DomT4
on 14 Jan 2018
And yet still the mystery remains given https://github.com/Homebrew/brew/commit/e88fd4a86821a4cfe4d8d37cb3f5ce432531e5ff
ilovezfs
on 14 Jan 2018
I can't reproduce this precise issue but I can reproduce it when I use brew pull, so I'll play with that later and see if I can fix that, and by extension fix this.
DomT4
on 14 Jan 2018
@DomT4 you're also using https://gpgtools.org/ ?
ilovezfs
on 14 Jan 2018
No, Homebrew's gnupg formula. If necessary I'll go VM creating but I'm hoping both are the same fundamental issue. Hoping possibly being the important word there.
DomT4
on 14 Jan 2018
No, Homebrew's gnupg formula.
Oh good. You had me worried about your well being for a moment there.
ilovezfs
on 14 Jan 2018
Amusingly the same thing completely fixed brew pull under env filtering:
diff --git a/Library/Homebrew/dev-cmd/pull.rb b/Library/Homebrew/dev-cmd/pull.rb
index 5979d87b8..d982e410b 100644
--- a/Library/Homebrew/dev-cmd/pull.rb
+++ b/Library/Homebrew/dev-cmd/pull.rb
@@ -87,6 +87,8 @@ module Homebrew
if ENV["HOMEBREW_GIT_EMAIL"]
ENV["GIT_COMMITTER_EMAIL"] = ENV["HOMEBREW_GIT_EMAIL"]
end
+ # Permit finding/using GPG for commit signing/etc.
+ ENV["PATH"] = ENV["HOMEBREW_PATH"]
do_bump = ARGV.include?("--bump") && !ARGV.include?("--clean")
So I guess I'll be setting up a VM to poke around with GPGTools later 馃檲.
DomT4
on 15 Jan 2018
I ran into a similar issue a few weeks ago, and was able to "fix" it with export GPG_TTY=$(tty).
If the above works for you @jasonkarns, we should probably add it to the environment whitelist.
woodruffw
on 15 Jan 2018
That could well be it, to be fair. That鈥檚 quite a well-known piece of joy with GnuPG 馃槗.
DomT4
on 15 Jan 2018
Although I still can't get this specific failure to reproduce if I unset GPG_TTY locally before running the command. What fun. I'll wait for @jasonkarns to check it out before I poke around anymore but feel with some regret this is heading into create a VM territory 馃槅.
DomT4
on 16 Jan 2018
@jasonkarns did you have a chance to test that?
ilovezfs
on 22 Jan 2018
@ilovezfs not yet, haven't had any releases recently. Will try to fake one tonight. Though I just checked and GPG_TTY isn't set in my local env.
jasonkarns
on 22 Jan 2018
@jasonkarns FWIW you can lie to the command. Something like:
brew bump-formula-pr --debug --url=https://github.com/nodenv/node-build/archive/v3.0.1.tar.gz --sha256=a2b867d3f86ed8996871976fa17ecd8db5c6145dadae728a50279a74b0d33bd5 node-build
Will still generate a valid PR.
DomT4
on 22 Jan 2018
@DomT4 still failed with unset GPG_TTY (which I rather expected because it isn't normally set in my environment, anyway)
jasonkarns
on 6 Feb 2018
I tried @woodruffw 's workaround (export GPG_TTY=$(tty))... same error.
jasonkarns
on 6 Feb 2018
Keep discussing this here but given the issue is affecting one person and others can't reproduce this: it warrants closing, sorry.
MikeMcQuaid
on 16 Feb 2018
I'm not really sure how to keep debugging this. For anyone else who encounters this:
to work around the issue, I just disabled commit signing in homebrew-core's repo (tap):
$ pwd
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core
$ git config commit.gpgsign
false
Related issues
rtobrien
路
3Comments
MikeMcQuaid
路
3Comments
mislav
路
3Comments
JustinTArthur
路
3Comments
kirk86
路
3Comments
Most helpful comment
Oh good. You had me worried about your well being for a moment there.