GitFourchette shows “Unable to verify signature” for valid SSH-signed commits despite Git reporting “Good git signature”

[Basklem]

I’m using SSH commit signing (gpg.format ssh) with Git, and my commits are properly signed and verified outside of GitFourchette.

In GitFourchette’s commit history, SSH-signed commits display the orange warning icon and popup title says:

Unable to verify signature

However, clicking details shows the correct Git output:

Good "git" signature for ...

It seems that once I make a current commit (not closing GitFourchette) the badge shows properly. However, if I close the program and re-open it, I run into the issue I mentioned. I hope this is helpful or useful information.

Thanks for making this software!

[jorio]

Hi @Basklem, thank you for reporting this! It is useful info, and I'm interested in reproducing this scenario.

Can you please post the output of these commands, where "COMMIT" is a commit that is correctly signed by you:

1. git show --no-patch --format=raw COMMIT
2. git verify-commit --raw COMMIT

Feel free to redact info in the output if you like, but please make sure that the overall structure remains intact so I can check that my regexes are correct.

[Basklem]

Of course, here is the output of git show --no-patch --format=raw 4db5d24

commit 4db5d24607db697fbc1776ada36abd40f9f51769
tree 06130f60079ccc637ec53624237e72cdc3d2cf0b
parent 095d946ca6380b84e908e6b6088f66083f4e2a75
author Basklem <REDACTED@example.com> 1778706624 -0400
committer Basklem <REDACTED@example.com> 1778706624 -0400
gpgsig -----BEGIN SSH SIGNATURE-----
REDACTED
 -----END SSH SIGNATURE-----

    Completed Fractional Numbers lesson.

and here is the output of git verify-commit --raw 4db5d24
Good "git" signature for Basklem <REDACTED@example.com> with ED25519 key SHA256:REDACTED

Hope this is what you were looking for @jorio, thanks.