Skip to content

Instantly share code, notes, and snippets.

@mort3za

mort3za/git-auto-sign-commits.sh

Last active May 28, 2024 20:51
Show Gist options
  • Save mort3za/ad545d47dd2b54970c102fe39912f305 to your computer and use it in GitHub Desktop.
Save mort3za/ad545d47dd2b54970c102fe39912f305 to your computer and use it in GitHub Desktop.
Download ZIP
Auto sign your git commits
Raw
git-auto-sign-commits.sh
# Generate a new pgp key: (better to use gpg2 instead of gpg in all below commands)
gpg --gen-key
# maybe you need some random work in your OS to generate a key. so run this command: `find ./* /home/username -type d | xargs grep some_random_string > /dev/null`
# check current keys:
gpg --list-secret-keys --keyid-format LONG
# See your gpg public key:
gpg --armor --export YOUR_KEY_ID
# YOUR_KEY_ID is the hash in front of `sec` in previous command. (for example sec 4096R/234FAA343232333 => key id is: 234FAA343232333)
# Set a gpg key for git:
git config --global user.signingkey your_key_id
# To sign a single commit:
git commit -S -a -m "Test a signed commit"
# Auto-sign all commits globaly
git config --global commit.gpgsign true
@mjavadhpour
Copy link

mjavadhpour commented Oct 11, 2017
edited
Loading

Nice. but it can more clearly if we say what is the your_key_id

When you execute this command:

gpg --list-secret-keys --keyid-format LONG

You must to see this result if you have previously generated code:

$ gpg --list-keys
/Users/schacon/.gnupg/pubring.gpg
---------------------------------
pub   2048R/0A46826A 2014-06-04
uid                  Scott Chacon (Git signing key) <[email protected]>
sub   2048R/874529A9 2014-06-04

And export key like this:

git config --global user.signingkey 0A46826A

@mort3za
Copy link
Author

mort3za commented Jan 13, 2018
edited
Loading

Thanks. Also it's better to use gpg2 instead of gpg in above commands. In this case, you should set gpg2 as default program for gpg in git, To do this:

sudo apt-get install gnupg2
git config --global gpg.program gpg2

@slmg
Copy link

slmg commented Oct 8, 2019

Thanks. It can also be useful to generate your key interactively using gpg --full-generate-key --allow-freeform-uid instead of gpg --gen-key.

@rsjethani
Copy link

rsjethani commented Apr 17, 2020
edited
Loading

If you do not want to sign local commits as you might be rebasing etc. a lot, use following to auto sign only commits that you push out:
git config --global push.gpgSign true
Remove --global to make it a per project configuration

@mort3za
Copy link
Author

mort3za commented Apr 30, 2020
edited
Loading

In case of error gpg: signing failed: Inappropriate ioctl for device while signing a commit

use export GPG_TTY=$(tty) in your ~/.bashrc or ~/.zshrc file. source

Cache your password for 1 day (86400 seconds)

~/.gnupg/gpg-agent.conf (for gpg 2)

default-cache-ttl 86400
max-cache-ttl 86400

Reload gpg agent:
gpgconf --reload gpg-agent

@konsumer
Copy link

konsumer commented May 19, 2020
edited
Loading

Very helpful. thank you!

As a sidenote, I wanted to sign with my keybase key:

keybase pgp export | gpg --import
keybase pgp export -q KEYID --secret | gpg --import --allow-secret-key-import
git config --global user.signingkey KEYID

@tkotosz
Copy link

tkotosz commented Sep 8, 2020

Thanks,

I also had to do the following:

git config --global gpg.program gpg2

And also needed this in my bashrc otherwise it fails when asking for password (see keybase/keybase-issues#2798):

export GPG_TTY=$(tty)

@ciphersweet
Copy link

gpg --list-keys

you always digitally sign with your private key not the public.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment