In order to PGP sign GitHub commits we need to:
- Install GnuPG via
brew install gnupg
- Add
export GPG_TTY=$(tty)
to.zshrc
- Create keys and add to GitHub
- Test gpg:
echo "test" | gpg --clearsign
- Tell git (locally) about stuff or it screws up:
gpg --list-secret-keys --keyid-format LONG
- Grab the long hex key and
git config user.signingKey A...
- Tell git where pgp command is:
git config gpg.program gpg
Why? - Tell git you want to sign commits:
git config commit.gpgsign true
- Try a commit:
git commit -S -am "Added ES6 class"
- If that fails, try
GIT_TRACE=1 git commit -S -am "Added ..."
- When you finally, successfully, commit:
git log --show-signature -1
git push