github/vim-ale
1
0
Fork 0
mirror of https://github.com/webinstall/webi-installers.git synced 2026-03-03 18:00:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2b37afbc94de76e3c58a28cafdaf9f1a5b9cc434
vim-ale/git-config-gpg/README.md
AJ ONeal 07cf1d25c2 refactor!: rename git-gpg-init => git-config-gpg
2021-11-19 09:33:58 +00:00

193 lines
4.5 KiB
Markdown
Raw Blame History

---
title: git-config-gpg
homepage: https://webinstall.dev/git-config-gpg
tagline: |
Get your GnuPG Public Key.
---
## Cheat Sheet
> Although the latest git release allows you to sign with SSH Keys (and GitHub
> will implement this shortly if it hasn't already), most systems do not have
> the latest git release, and most verification systems are not updated with the
> newest verification techniques, so you may wish to sign your commits with GPG,
> as has been done for the last 20 years...
Here we'll cover
- How to [add a GPG key to Github](https://github.com/settings/gpg/new)
- How to cache the passphrase longer
- How to [create a GPG key](./gpg-pubkey)
- How to configure git with GPG signing
- Troubleshooting 'gpg failed to sign the data'
Usage:
```bash
git-config-gpg
```
Example output:
```txt
GnuPG Public Key ID: CA025BC42F00BBBE
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGGQtKIBDAChxTT375fetQawLkyyDcz07uIEZVa9pvuip8goMqev7PkOIHi+
j6PDtFmxgv8ZOFe8+1RfMC7eL5fYah0/OBxNm7pPvAPDWOX38FfUzoq9CALW2xPD
...
Yee+eokiC2mWIEkMwbqlnNmkX/wphS0zcCsEiHirmDxgY6YY9QRjlzUMY68OqjfJ
IFjFWv3R7eckM957wyR5BvdQNfGrW7cWefWhdZOzLEE7
=GXEK
-----END PGP PUBLIC KEY BLOCK-----
Successfully updated ~/.gitconfig for gpg commit signing
How to verify signed commits on GitHub:
1. Go to 'Add GPG Key': https://github.com/settings/gpg/new
2. Copy and paste the key above from the first ---- to the last ----
```
### Files
These are the files / directories that are created and/or modified with this
install:
```txt
~/.config/envman/PATH.env
~/.local/bin/git-config-gpg
~/Downloads/YOU.KEY_ID.gpg.asc
```
### How to add your GPG Public Key to GitHub
1. Go to your GitHub Profile (<https://github.com/settings/profile>)
2. Go to the SSH and GPG Keys (<https://github.com/settings/keys>)
3. Add GPG Key (<https://github.com/settings/gpg/new>)
4. Paste the output of `gpg-pubkey` into the form
### How to cache the Passphrase longer
If you'd like the passphrase to be cached until your login session ends, just
set it to 400 days and call it good.
`~/.gnupg/gpg-agent.conf`:
```txt
default-cache-ttl 34560000
max-cache-ttl 34560000
```
You'll need to reload `gpg-agent` for this to take effect, or just logout and
login again.
```bash
# kill gpg-agent dead
killall gpg-agent
gpgconf killall gpg-agent
# start gpg-agent again (yes, 'bye' to start)
gpg-connect-agent --agent-program ~/.local/opt/gnupg/bin/gpg-agent /bye
```
Note: You may need to change or omit `--agent-program`, depending on how you
installed `gpg` (if you installed it with Webi, run it as shown above).
### How to create a GPG Key
See:
- [gpg-pubkey](./gpg-pubkey)
- and [gpg](./gpg), if you want to do it "the hard way"
### How to manually set up git commit gpg signing
(this is what `git-config-gpg` does)
Run [gpg-pubkey-id](./gpg-pubkey) to get your GnuPG Public Key ID and then
update your `~/.gitconfig` to sign with it by default:
```bash
#!/bin/bash
MY_KEY_ID="$(
gpg-pubkey-id
)"
git config --global user.signingkey "${MY_KEY_ID}"
git config --global commit.gpgsign true
git config --global log.showSignature true
```
Or, for Windows users:
```bash
#!/usr/bin/env pwsh
$my_key_id = gpg-pubkey-id
git config --global user.signingkey "$my_key_id"
git config --global commit.gpgsign true
git config --global log.showSignature true
```
Or, if you prefer to edit the text file directly:
`~/.gitconfig`
```txt
[user]
signingkey = CA025BC42F00BBBE
[commit]
gpgsign = true
[log]
showSignature = true
```
In some cases you may also want to prevent conflicts between different installed
versions of gpg, like so:
```bash
git config --global gpg.program ~/.local/opt/gnupg/bin/gpg
```
```txt
[gpg]
program = /Users/me/.local/opt/gnupg/bin/gpg
```
### Troubleshooting 'gpg failed to sign the data'
`gpg` is generally expected to be used with a Desktop client. On Linux servers
you may get this error:
```txt
error: gpg failed to sign the data
fatal: failed to write commit object
```
Try to load the `gpg-agent`, set `GPG_TTY`, and then run a clearsign test.
```bash
gpg-connect-agent /bye
export GPG_TTY=$(tty)
echo "test" | gpg --clearsign
```
If that works, update your `~/.bashrc`, `~/.zshrc`, and/or
`~/.config/fish/config.fish` to include the following:
```bash
gpg-connect-agent /bye
export GPG_TTY=$(tty)
```
If this is failing on Mac or Windows, then `gpg-agent` is not starting as
expected on login (for Mac the above may work), and/or the `pinentry` command is
not in the PATH.
If you just installed `gpg`, try closing and reopening your Terminal, or
possibly rebooting.
Reference in New Issue View Git Blame Copy Permalink