-
-
Save bmhatfield/cc21ec0a3a2df963bffa3c1f884b676b to your computer and use it in GitHub Desktop.
# In order for gpg to find gpg-agent, gpg-agent must be running, and there must be an env | |
# variable pointing GPG to the gpg-agent socket. This little script, which must be sourced | |
# in your shell's init script (ie, .bash_profile, .zshrc, whatever), will either start | |
# gpg-agent or set up the GPG_AGENT_INFO variable if it's already running. | |
# Add the following to your shell init to set up gpg-agent automatically for every shell | |
if [ -f ~/.gnupg/.gpg-agent-info ] && [ -n "$(pgrep gpg-agent)" ]; then | |
source ~/.gnupg/.gpg-agent-info | |
export GPG_AGENT_INFO | |
else | |
eval $(gpg-agent --daemon --write-env-file ~/.gnupg/.gpg-agent-info) | |
fi |
# Enables GPG to find gpg-agent | |
use-standard-socket | |
# Connects gpg-agent to the OSX keychain via the brew-installed | |
# pinentry program from GPGtools. This is the OSX 'magic sauce', | |
# allowing the gpg key's passphrase to be stored in the login | |
# keychain, enabling automatic key signing. | |
pinentry-program /usr/local/bin/pinentry-mac |
# Uncomment within config (or add this line) | |
use-agent | |
# This silences the "you need a passphrase" message once the passphrase handling is all set. | |
# Use at your own discretion - may prevent the successful interactive use of some operations. | |
# It is working fine for my use cases though. | |
batch |
# A quick outline of what must be done to get everything working. | |
# 1) Install the dependencies. | |
brew install gnupg gpg-agent pinentry-mac | |
# 2) Configure git to automatically gpgsign commits. This consists of | |
# pointing git to your signing key ID, and then enabling commit | |
# automatic signing. | |
git config --global user.signingkey <YOUR-SIGNING-KEY-PUB-ID> | |
git config --global commit.gpgsign true | |
# 3) Configure the GPG components (see above for relevant examples): | |
# ~/.gnupg/gpg.conf | |
# ~/.gnupg/gpg-agent.conf | |
# 4) Start the daemon and configure your shell (see above for example in .profile). | |
# ~/.bash_profile | ~/.zshrc | |
# Don't forget to upload your public key to Github! | |
# https://github.com/blog/2144-gpg-signature-verification | |
# Note: There needs to be a three-way match on your email for Github to show | |
# the commit as 'verified': The commit email, github email, & the email associated with the public key | |
# Learn about creating a GPG key and the knowledge behind these commands here: | |
# https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work |
For those who hit the error gpg: Sorry, no terminal at all requested - can't get input
I've left a solution for you on Stack.
From https://gist.github.com/danieleggert/b029d44d4a54b328c0bac65d46ba4c65
If you want annotated tags to be GPG signed:
git config --global tag.forceSignAnnotated true
Thanks. But, how can use it with Fish shell?
Fish setup is located in .config/fish/config.fish but does not support .profile (bash) syntax.
brew install gnupg pinentry-mac
Thanks, is it necessery to do anything este after install of pinetry? Config git or set GPG sign? I still have errors with commiting:
error: gpg failed to sign the data
fatal: failed to write commit object
For anyone else running into issues (especially if you use fish), make sure that the env variable GNUPGHOME
is set to your GPG config directory and that this environment variable is visible to Emacs. For instance, I use exec-path-from-shell
to copy that variable so that Emacs knows about it.
If you are having issues after trying a bunch of different things, make sure to restart the gpg-agent
daemon. It only reads new configurations on startup. Just run killall gpg-agent
. No need to start it up manually. Once you try to sign something it will start-up the agent automatically.
If you are having issues after trying a bunch of different things, make sure to restart the
gpg-agent
daemon. It only reads new configurations on startup. Just runkillall gpg-agent
. No need to start it up manually. Once you try to sign something it will start-up the agent automatically.
👍 this solved it for me
For those who are debugging why gpg failed to sign the data:
echo "test" | gpg --clearsign
Thank you for the guidance. For the changes to take effect I had to also restart the gpg-agent
by typing gpgconf --kill gpg-agent
into the shell.
The gpg-agent
formula is not needed anymore: https://stackoverflow.com/a/52456873/560382
@jakeNiemiec Echoing the comment from @swernerx:
I have pinentry-mac 0.9.4 and gnupg / gpg-agent 2.1.22 from Homebrew, and I don't need to start gpg-agent manually; pinentry-mac does it for me the first time I try to sign something. This means that I do not need
use-standard-socket
in.gpg-agent.conf
or the.profile
changes above. Also,use-agent
doesn't do anything any more (GPG Configuration Options).All I needed was:
* `brew install gnupg gpg-agent pinentry-mac` (same as above) * `pinentry-program /usr/local/bin/pinentry-mac` in `~/.gnupg/gpg-agent.conf` * The `git config` commands above.
Same gpg version, this plus restarting the gpg-agent solves my problem!
This is fantastic, thanks so much!
Great stuff! Worked a treat. I'm getting output that some of the flags included above are obsolote
gpg-agent[9074]: /Users/nick/.gnupg/gpg-agent.conf:6: obsolete option "use-standard-socket" - it has no effect
gpg-agent[9074]: WARNING: "--write-env-file" is an obsolete option - it has no effect
gpg-agent[9075]: gpg-agent (GnuPG) 2.2.21 started
gnupg
now includes the gpg-agent
so the new install command is
brew install gnupg pinentry-mac
- if install
gpg-suite-pinentry
~/.gnupg/gpg-agent.conf
pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
gpg-suite-pinentry is a tool in
gpg-suite
, replacing the originalpinentry-mac
.
- if install
gpg-suite
~/.gnupg/gpg-agent.conf
file does not need to be set manually
gpg-suite
contains a complete gpg tool for easy key management.
Here is how I got git commit signing working on my M1 Apple Silicon laptop without having Rosetta installed:
brew install gnupg
- Apply Homebrew/homebrew-core#68265 (e.g. using
brew edit pinentry-mac
) brew install --build-from-source pinentry-mac
- Edit
~/.gnupg/gpg-agent.conf
,
addpinentry-program /opt/homebrew/bin/pinentry-mac
export GPG_TTY=$(tty)
to work around bug (keybase/keybase-issues#2798)
Now I could import my gpg which I already had, and then tell git to use commit signing...
killall gpg-agent
On Big Sur, I need to run this every time I log out and log in again (without restarting). It seems like gpg-agent
hangs around and no longer works after logging in again, maybe related to this:
https://gpgtools.tenderapp.com/discussions/problems/1110-gpg-agent-isnt-quit-upon-logout
My patches for Homebrew have been merged 🎉
New instructions on how to get git commit singing working on M1 Apple Silicon computer without Rosetta:
brew install gnu-get pinentry-mac
echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
export GPG_TTY=$(tty)
to work around bug (keybase/keybase-issues#2798)
@LinusU nice! Do you also have the issue with gpg-agent
being in a broken state when going through a log-out + log-in cycle (like I mentioned above)?
I never log out of my computer hehe so I wouldn't have noticed. Can't try at the moment but can try later and see if it works
Ok thanks! Yeah I almost never log out as well, which made debugging this very frustrating!
How to check what is gpg key?.
My gpg failed to sign the data after git commit -m 'sample text'
I want to push my changes to GitHub in Git command, integrated terminal in VSC, and my profile is Bash, customized in ZSH. I'm deploying to Netlify through continuous deployment from Github.
Every time I do "git commit -m "xyz', I get error:
husky > pre-commit (node v14.17.5)
⚠ Some of your tasks use `git add` command. Please remove it from the config since all modifications made by tasks will be automatically added to the git commit index.
ℹ No staged files match any configured task.
error: gpg failed to sign the data
fatal: failed to write commit object
We think it is an authentication issue, related to gpg key. We're able to run gpg2, but not able to sign in with key. We're trying to set the program to gpg2, and we have upgraded to gpg2, but it says it is already installed gpg. How to check what is gpg key?
We are not sure where to look/what to do now.
Previously I had problems with visibility of my contributions to Gihub, so I have gained Netlify permission to access my repository code. Netlify does this by installing the Netlify GitHub App on my Github account. Everything worked perfect, until I have updated my Macbook Air from Mojave to Big Sur v11. In the same time I had to update my terminal, so I screwed Homebrew upgrade. Yet, my profile is just Bash. Not sure about the last one, sorry! Not least, but last, Netlify just announced Netlify API Authentication beta version to enable in my settings. I haven't enabled it yet, but I'm not sure if these are the source of my issue.
How to check what is gpg key?. My gpg failed to sign the data after git commit -m 'sample text'
I want to push my changes to GitHub in Git command, integrated terminal in VSC, and my profile is Bash, customized in ZSH. I'm deploying to Netlify through continuous deployment from Github. Every time I do "git commit -m "xyz', I get error:
husky > pre-commit (node v14.17.5) ⚠ Some of your tasks use `git add` command. Please remove it from the config since all modifications made by tasks will be automatically added to the git commit index. ℹ No staged files match any configured task. error: gpg failed to sign the data fatal: failed to write commit object
We think it is an authentication issue, related to gpg key. We're able to run gpg2, but not able to sign in with key. We're trying to set the program to gpg2, and we have upgraded to gpg2, but it says it is already installed gpg. How to check what is gpg key? We are not sure where to look/what to do now. Previously I had problems with visibility of my contributions to Gihub, so I have gained Netlify permission to access my repository code. Netlify does this by installing the Netlify GitHub App on my Github account. Everything worked perfect, until I have updated my Macbook Air from Mojave to Big Sur v11. In the same time I had to update my terminal, so I screwed Homebrew upgrade. Yet, my profile is just Bash. Not sure about the last one, sorry! Not least, but last, Netlify just announced Netlify API Authentication beta version to enable in my settings. I haven't enabled it yet, but I'm not sure if these are the source of my issue.
You can run gpg -k
to list all your keys
gunpg
2.1 ships with it's own gpg-agent
You just need to install gnupg
Follow LinusU comment above..
brew install gnupg pinentry-mac
echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
export GPG_TTY=$(tty)
You can try to gpgconf --kill gpg-agent
and gpgconf --kill dirmngr
Also as mentioned by Atejeda try debugging why gpg failed to sign the data
echo "test" | gpg --clearsign
@ewanmellor thanks for the more concise directions.. I'll add that you only need
brew install gnupg pinentry-mac
- gnupg 2.x+ comes with gpg-agent and actually if you just installgpg-agent
from homebrew it defaults to keg only (not linking in/usr/local
). Hope that helps someone else!