I am trying to sign git commits with a X.509 certificate I got from DFN (Deutsches Forschungs Netz). I can sign emails/odt/docx/pdf just fine and can also sign git commits with my personal GPG key.
I have imported my key into
gpgsm and it appears under
$ gpgsm --list-secret-keys
I have setup git with
[user] signingkey = ... [commit] gpgsign = true [gpg] format = x509
Git commit fails with
$ git commit -S -m "test" error: gpg failed to sign the data fatal: failed to write commit object $ GIT_TRACE=1 git commit -S -m "test" 10:29:29.906544 git.c:459 trace: built-in: git commit -S -m test 10:29:29.907024 run-command.c:654 trace: run_command: gpgsm --status-fd=2 -bsau 0xXXXXXXXX error: gpg failed to sign the data fatal: failed to write commit object
digging a bit deeper I get the following:
$ gpgsm --status-fd=2 -bsau 0xXXXXXXXXXXX gpgsm: Note: non-critical certificate policy not allowed [GNUPG:] PROGRESS tick ? 0 0 .... gpgsm: no CRL found for certificate gpgsm: Note: non-critical certificate policy not allowed
gpgsm cannot find the revocation list. Is this expected or a configuration error?
UPDATE: Not sure if this is important information, but when importing the certificate into
gpgsm, I ran into  and solved it by re-exporting the certificate from Thunderbird.