I used to have my commits signed by gpg which worked all fine, but I suddenly got this message instead:
gpg: keyblock resource '/c/Users/username/path/to/project/C:\Users\username\.gnupg/pubring.kbx': No such file or directory
gpg: skipped "my_key": No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object
Note the path of the keyblock resource, it consists of two paths and is indeed not valid.
Information about my setup
I had my commits automatically signed, my setup is from this answer, in summary: I set up gpg like normal, then installed gpg2 and pipe my passphrase into gpg every time using a shell file. And no, I didn't get gpg-agent to do this, though if you know how to do it please answer this question: The key whose key-id is in the signature did not sign this commit
I have an environment variable GNUPGHOME which points to C:\Users\username\.gnupg. I tried changing it to C:/Users/username/.gnupg but the slashes just changed in the error as well. I tried changing it to /c/Users/username/.gnupg but the error message became
gpg: Fatal: can't create directory '/c/Users/username/path/to/project/C:/Users/username/.gnupg': No such file or directory
I also don't know what changed on my system that caused this problem.
Related issues
This question is very similar with a different path but it was not solved: Git commit signing GPG issue
The comment is to check a path in a gitconfig, but I don't have a path to the gnupg directory in any gitconfig and it wouldn't be prefixed with the path to the repo anyway, I think. I have this in my main ~\.gitconfig:
[user]
signingkey = my_key
[commit]
gpgsign = true
[gpg]
program = C:\\Users\\username\\gpg-no-tty.sh
Also found someone with the same problem here: https://jira.atlassian.com/browse/SRCTREEWIN-8527
From the tag description of gnupg I can't figure out whether this question belongs here or on Super User, because I'm not sure if this is programmatic or direct use (both?).
I had the same issue. To fix it I just had to specify the gpg.program variable in my .gitconfig file to point to my installation of Gpg4win like so:
git config --global gpg.program "%PROGRAMFILES(x86)%\GnuPG\bin\gpg.exe"
or
git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"
Obviously the path depends on where your gpg binary is located. Once I did this, it was able to use my GNUPGHOME environment variable and found my system keyring to use for signing. This will use pinentry to prompt you for your secret key password though.
I believe the issue occurs because Git for Windows ships with a version of gpg, which it uses by default. For whatever reason it seems to prefix the local repo path to the gpg home directory path when it executes the command to sign your commit.
Hopefully this helps