Steps to enable GPG signing of git commits.
source link: https://gist.github.com/alopresto/b8d940197b4c314e27188a6852198d2d
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Steps to enable GPG signing of git commits. · GitHub
Instantly share code, notes, and snippets.
If anyone is interested in setting up their system to automatically (or manually) sign their git commits with their GPG key, here are the steps:
- Generate and add your key to GitHub
$ git config --global commit.gpgsign true
([OPTIONAL] every commit will now be signed)$ git config --global user.signingkey ABCDEF01
(whereABCDEF01
is the fingerprint of the key to use)$ git config --global alias.logs "log --show-signature"
(now available as$ git logs
)$ git config --global alias.cis "commit -S"
(optional if global signing is false)$ echo "Some content" >> example.txt
$ git add example.txt
$ git cis -m "This commit is signed by a GPG key."
(regularcommit
will work if global signing is enabled)$ git logs
IntelliJ IDEA Integration
If you perform git commits through IntelliJ and want them to be signed, add the following line to your ~/.gnupg/gpg.conf
file:
# This option tells gpg not to expect a TTY interface and allows IntelliJ to sign commits
no-tty
Atlassian SourceTree Integration
If you perform git commits through SourceTree and want them to be signed, open Preferences > General
and ensure that the GPG Program
field has the value set to the directory containing the gpg2
executable, for example /usr/local/MacGPG2/bin
. Even if your gpg
executable is version 2, the gpg2
executable must be present.
Then click the Settings
icon at the top right of a repository window, click the Security
icon, and check "Enable GPG key signing for commits" and select the desired key. If you have a default-key
setting in ~/.gnupg/gpg.conf
, this should be correctly populated already.
Resources
pulkitsinghal commented Mar 15, 2017 •
Found another issue with sourcetree:
git -c diff.mnemonicprefix=false -c core.quotepath=false -c credential.helper=sourcetree \
-c "gpg.program=/Applications/SourceTree\ (1.8.1).app/Contents/Resources/bin/stgpg.sh" commit \
-q --no-verify --gpg-sign=9B192B5379B13B73 \
-F /var/folders/bl/hw7sxsj97vjdqvtjqn1707wh0000gr/T/SourceTreeTemp.fsKguB
error: cannot run /Applications/SourceTree\ (1.8.1).app/Contents/Resources/bin/stgpg.sh: No such file or directory
error: could not run gpg.
fatal: failed to write commit object
Completed with errors, see above
The path is malformed:-c "gpg.program=/Applications/SourceTree\ (1.8.1).app/Contents/Resources/bin/stgpg.sh"
it should be without the escape since it is inside double quotes:-c "gpg.program=/Applications/SourceTree (1.8.1).app/Contents/Resources/bin/stgpg.sh"
Notice the extra escape symbols! Not sure where to fix this :(
No wait, found out where to fix it:
$ git config --list | grep gpg
commit.gpgsign=true
gpg.program=/Applications/SourceTree (1.8.1).app/Contents/Resources/bin/stgpg.sh
Tried various things but they all failed it with:
git config --global gpg.program "/Applications/SourceTree\ \(1.8.1\).app/Contents/Resources/bin/stgpg.sh"
git config --global gpg.program "/Applications/SourceTree (1.8.1).app/Contents/Resources/bin/stgpg.sh"
i. then shutdown sourcetree
ii. then restarted it from the terminal in which above fix was made in order for it to be loaded into the sourcetree env
iii. and tried my commits again, no luck :(
What i need to happen is for sourcetree to NOT put the extra escape so I ran it from cmd-line but it sortof defeats the purpose of using sourcetree :(
git -c diff.mnemonicprefix=false -c core.quotepath=false -c credential.helper=sourcetree \
-c "gpg.program=/Applications/SourceTree (1.8.1).app/Contents/Resources/bin/stgpg.sh" commit \
q --no-verify --gpg-sign=9B192B5379B13B73 \
-F /var/folders/bl/hw7sxsj97vjdqvtjqn1707wh0000gr/T/SourceTreeTemp.XrZtn7
worked.
RMSD commented Nov 14, 2017
Don't forget to hit the sign commit
button under commit options
when going to commit or tag on SourceTree.
ghost commented Sep 19, 2018
Thanks for this!
Dont forget to restart the gpg-agent so the changes to ~/.gnupg/gpg.conf
will take affect. The agent will start next time it is needed.gpgconf --kill gpg-agent
lvarallo commented Feb 18, 2020 •
Wondering if you have an example of commit via API to avoid the
"verification": {
"verified": false,
"reason": "unsigned",
"signature": null,
"payload": null
}
}
example via curl (-S does not seems to work)
git config --global commit.gpgsign true
git config --global user.signingkey ABCDEF01
curl --silent -u (user):(secret) -S -X PUT "https://api.github.com/repos//GPG_commit_test/contents/P3.txt" -d '{ "branch":"master","message":"1234 -Test","author": {"name": "(github id)","email": "[email protected]"},"content":"VGVzdCBUZXN0" }'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK