-
-
Save schoenkaft/e56cb56cc5ebe065c09eafc2e9f189c6 to your computer and use it in GitHub Desktop.
Automatic Git signing with gpg/GnuPG 2.1.x on OSX/MacOS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Set GPG_TTY environment variable | |
| export GPG_TTY=$(tty) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Connects gpg-agent to the OSX keychain via the brew-installed | |
| # pinentry program from GPGtools. This is the OSX 'magic sauce', | |
| # allowing the gpg key's passphrase to be stored in the login | |
| # keychain, enabling automatic key signing. | |
| pinentry-program /usr/local/bin/pinentry-mac |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Uncomment within config (or add this line) | |
| use-agent |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A quick outline of what must be done to get everything working. | |
| # 1) Install the dependencies. | |
| brew install gnupg pinentry-mac | |
| # 2a) Configure git to use gpg2 and your signing key ID. | |
| git config --global user.signingkey <YOUR-SIGNING-KEY-PUB-ID> | |
| git config --global gpg.program gpg2 | |
| # 2b) Configure git to automatically sign commits, merges and interactive rebases | |
| git config --global commit.gpgsign true | |
| git config --global merge.gpgsign true | |
| git config --global rebase.gpgsign true | |
| # 2c) If you're using git-flow(-avh), configure git to automatically sign hotfixes, features and releases | |
| git config --global gitflow.hotfix.finish.gpgsign true | |
| git config --global gitflow.feature.finish.gpgsign true | |
| git config --global gitflow.release.finish.gpgsign true | |
| # 3) Configure the GPG components (see above for relevant examples): | |
| # ~/.gnupg/gpg.conf | |
| # ~/.gnupg/gpg-agent.conf | |
| # 4) Configure your shell (see above for example in .profile). | |
| # ~/.bash_profile | ~/.zshrc | |
| # Don't forget to upload your public key to Github! | |
| # https://github.com/blog/2144-gpg-signature-verification | |
| # Note: There needs to be a three-way match on your email for Github to show | |
| # the commit as 'verified': The commit email, github email, & the email associated with the public key | |
| # Learn about creating a GPG key and the knowledge behind these commands here: | |
| # https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment