Skip to content

Instantly share code, notes, and snippets.

@mort3za

mort3za/git-auto-sign-commits.sh

Last active February 5, 2025 18:58
Show Gist options
  • Save mort3za/ad545d47dd2b54970c102fe39912f305 to your computer and use it in GitHub Desktop.
Save mort3za/ad545d47dd2b54970c102fe39912f305 to your computer and use it in GitHub Desktop.
Download ZIP
Auto sign your git commits
Raw
git-auto-sign-commits.sh
# Generate a new pgp key: (better to use gpg2 instead of gpg in all below commands)
gpg --gen-key
# maybe you need some random work in your OS to generate a key. so run this command: `find ./* /home/username -type d | xargs grep some_random_string > /dev/null`
# check current keys:
gpg --list-secret-keys --keyid-format LONG
# See your gpg public key:
gpg --armor --export YOUR_KEY_ID
# YOUR_KEY_ID is the hash in front of `sec` in previous command. (for example sec 4096R/234FAA343232333 => key id is: 234FAA343232333)
# Set a gpg key for git:
git config --global user.signingkey your_key_id
# To sign a single commit:
git commit -S -a -m "Test a signed commit"
# Auto-sign all commits globaly
git config --global commit.gpgsign true
@mort3za
Copy link
Author

mort3za commented Jan 13, 2018
edited
Loading

Thanks. Also it's better to use gpg2 instead of gpg in above commands. In this case, you should set gpg2 as default program for gpg in git, To do this:

sudo apt-get install gnupg2
git config --global gpg.program gpg2

@slmg
Copy link

slmg commented Oct 8, 2019

Thanks. It can also be useful to generate your key interactively using gpg --full-generate-key --allow-freeform-uid instead of gpg --gen-key.

@rsjethani
Copy link

rsjethani commented Apr 17, 2020
edited
Loading

If you do not want to sign local commits as you might be rebasing etc. a lot, use following to auto sign only commits that you push out:
git config --global push.gpgSign true
Remove --global to make it a per project configuration

@mort3za
Copy link
Author

mort3za commented Apr 30, 2020
edited
Loading

In case of error gpg: signing failed: Inappropriate ioctl for device while signing a commit

use export GPG_TTY=$(tty) in your ~/.bashrc or ~/.zshrc file. source

Cache your password for 1 day (86400 seconds)

~/.gnupg/gpg-agent.conf (for gpg 2)

default-cache-ttl 86400
max-cache-ttl 86400

Reload gpg agent:
gpgconf --reload gpg-agent

@konsumer
Copy link

konsumer commented May 19, 2020
edited
Loading

Very helpful. thank you!

As a sidenote, I wanted to sign with my keybase key:

keybase pgp export | gpg --import
keybase pgp export -q KEYID --secret | gpg --import --allow-secret-key-import
git config --global user.signingkey KEYID

@tkotosz
Copy link

tkotosz commented Sep 8, 2020

Thanks,

I also had to do the following:

git config --global gpg.program gpg2

And also needed this in my bashrc otherwise it fails when asking for password (see keybase/keybase-issues#2798):

export GPG_TTY=$(tty)

@ciphersweet
Copy link

gpg --list-keys

you always digitally sign with your private key not the public.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment