# In order for gpg to find gpg-agent, gpg-agent must be running, and there must be an env | |
# variable pointing GPG to the gpg-agent socket. This little script, which must be sourced | |
# in your shell's init script (ie, .bash_profile, .zshrc, whatever), will either start | |
# gpg-agent or set up the GPG_AGENT_INFO variable if it's already running. | |
# Add the following to your shell init to set up gpg-agent automatically for every shell | |
if [ -f ~/.gnupg/.gpg-agent-info ] && [ -n "$(pgrep gpg-agent)" ]; then | |
source ~/.gnupg/.gpg-agent-info | |
export GPG_AGENT_INFO | |
else | |
eval $(gpg-agent --daemon --write-env-file ~/.gnupg/.gpg-agent-info) | |
fi |
# Enables GPG to find gpg-agent | |
use-standard-socket | |
# Connects gpg-agent to the OSX keychain via the brew-installed | |
# pinentry program from GPGtools. This is the OSX 'magic sauce', | |
# allowing the gpg key's passphrase to be stored in the login | |
# keychain, enabling automatic key signing. | |
pinentry-program /usr/local/bin/pinentry-mac |
# Uncomment within config (or add this line) | |
use-agent | |
# This silences the "you need a passphrase" message once the passphrase handling is all set. | |
# Use at your own discretion - may prevent the successful interactive use of some operations. | |
# It is working fine for my use cases though. | |
batch |
# A quick outline of what must be done to get everything working. | |
# 1) Install the dependencies. | |
brew install gnupg gpg-agent pinentry-mac | |
# 2) Configure git to automatically gpgsign commits. This consists of | |
# pointing git to your signing key ID, and then enabling commit | |
# automatic signing. | |
git config --global user.signingkey <YOUR-SIGNING-KEY-PUB-ID> | |
git config --global commit.gpgsign true | |
# 3) Configure the GPG components (see above for relevant examples): | |
# ~/.gnupg/gpg.conf | |
# ~/.gnupg/gpg-agent.conf | |
# 4) Start the daemon and configure your shell (see above for example in .profile). | |
# ~/.bash_profile | ~/.zshrc | |
# Don't forget to upload your public key to Github! | |
# https://github.com/blog/2144-gpg-signature-verification | |
# Note: There needs to be a three-way match on your email for Github to show | |
# the commit as 'verified': The commit email, github email, & the email associated with the public key | |
# Learn about creating a GPG key and the knowledge behind these commands here: | |
# https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work |
This comment has been minimized.
This comment has been minimized.
Thanks for posting this! Two small suggestions/changes:
|
This comment has been minimized.
This comment has been minimized.
Why do you use gpg instead of gpg2 or gnupg21? It comes with gpg-agent, pinentry as deps. EDIT: My bad, pinentry-mac is does not come with the pinentry package. |
This comment has been minimized.
This comment has been minimized.
I came up with a slightly different recipe, using the latest version of gpg (2.1) and slightly less bash glue around the agent. https://gist.github.com/bcomnes/647477a3a143774069755d672cb395ca Thanks for the writeup! It was helpful :) |
This comment has been minimized.
This comment has been minimized.
@bcomnes - no particular reason on the gnupg choice. Just what I was used to. Thanks for sharing your workflow! Really the goal here is to highlight the pieces folks might need, so they can adapt them to their relevant approach. |
This comment has been minimized.
This comment has been minimized.
@bmhatfield I've used this and it keeps me asking for the passphrase on every commit. |
This comment has been minimized.
This comment has been minimized.
@ruiafonsopereira - sorry to hear that. The goal of this was more to try to give you all the pieces you needed to make this work, since it took me a little while to find them - you may have to adapt to your local environment. I wrote comments in each file with the intent of highlighting areas where you might do that. Some ideas I had to help troubleshoot: the .profile might not be sourced, or perhaps you didn't check "save in keychain" in the pinentry program, or perhaps gpg is installed in a way that it's looking for a different path, etc. Good luck! |
This comment has been minimized.
This comment has been minimized.
Thank you! |
This comment has been minimized.
This comment has been minimized.
You can do all of this without any of this glue: https://gist.github.com/danieleggert/b029d44d4a54b328c0bac65d46ba4c65 |
This comment has been minimized.
This comment has been minimized.
Thanks @danieleggert , it works like charm! |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
I countered this error on your config: |
This comment has been minimized.
This comment has been minimized.
Thx |
This comment has been minimized.
This comment has been minimized.
Thanks! This is fantastic. |
This comment has been minimized.
This comment has been minimized.
This is fantastic, thank you! |
This comment has been minimized.
This comment has been minimized.
Thanks guys. I spent so many time to find solution for solve my problem. Your solution is very fantastic. |
This comment has been minimized.
This comment has been minimized.
THANK YOU ! |
This comment has been minimized.
This comment has been minimized.
I was wondering that given that the gpg installed by Homebrew on macOS has switched to gpg2 which has some potentially important differences from gpg1, any of the above configuration can be updated and/or simplified? |
This comment has been minimized.
This comment has been minimized.
Worked like a charm! |
This comment has been minimized.
This comment has been minimized.
If you use gpg See here |
This comment has been minimized.
This comment has been minimized.
I think we don't even need to start gpg-agent anymore - at least not together with pinentry-mac ... works flawlessly without in my setup with gpg v2 (includes gpg-agent) + pinentry-mac (installed via homebrew). |
This comment has been minimized.
This comment has been minimized.
@swernerx perhaps you could elaborate? |
This comment has been minimized.
This comment has been minimized.
@jakeNiemiec Echoing the comment from @swernerx: I have pinentry-mac 0.9.4 and gnupg / gpg-agent 2.1.22 from Homebrew, and I don't need to start gpg-agent manually; pinentry-mac does it for me the first time I try to sign something. This means that I do not need All I needed was:
|
This comment has been minimized.
This comment has been minimized.
Amazing gist!
|
This comment has been minimized.
This comment has been minimized.
@ewanmellor thanks for the more concise directions.. I'll add that you only need |
This comment has been minimized.
This comment has been minimized.
For those who hit the error |
This comment has been minimized.
This comment has been minimized.
From https://gist.github.com/danieleggert/b029d44d4a54b328c0bac65d46ba4c65 If you want annotated tags to be GPG signed:
|
This comment has been minimized.
This comment has been minimized.
Thanks. But, how can use it with Fish shell? |
This comment has been minimized.
This comment has been minimized.
Thanks, is it necessery to do anything este after install of pinetry? Config git or set GPG sign? I still have errors with commiting: |
This comment has been minimized.
This comment has been minimized.
For anyone else running into issues (especially if you use fish), make sure that the env variable |
This comment has been minimized.
This comment has been minimized.
If you are having issues after trying a bunch of different things, make sure to restart the |
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
This comment has been minimized.
For those who are debugging why gpg failed to sign the data: |
This comment has been minimized.
This comment has been minimized.
Thank you for the guidance. For the changes to take effect I had to also restart the |
This comment has been minimized.
This comment has been minimized.
The |
This comment has been minimized.
This comment has been minimized.
Same gpg version, this plus restarting the gpg-agent solves my problem! |
This comment has been minimized.
This comment has been minimized.
This is fantastic, thanks so much! |
This comment has been minimized.
This comment has been minimized.
Great stuff! Worked a treat. I'm getting output that some of the flags included above are obsolote
|
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
This comment has been minimized.
Here is how I got git commit signing working on my M1 Apple Silicon laptop without having Rosetta installed:
Now I could import my gpg which I already had, and then tell git to use commit signing... |
This comment has been minimized.
This comment has been minimized.
On Big Sur, I need to run this every time I log out and log in again (without restarting). It seems like https://gpgtools.tenderapp.com/discussions/problems/1110-gpg-agent-isnt-quit-upon-logout |
This comment has been minimized.
This comment has been minimized.
My patches for Homebrew have been merged New instructions on how to get git commit singing working on M1 Apple Silicon computer without Rosetta:
|
This comment has been minimized.
This comment has been minimized.
@LinusU nice! Do you also have the issue with |
This comment has been minimized.
This comment has been minimized.
I never log out of my computer hehe so I wouldn't have noticed. Can't try at the moment but can try later and see if it works |
This comment has been minimized.
This comment has been minimized.
Ok thanks! Yeah I almost never log out as well, which made debugging this very frustrating! |
This comment has been minimized.
The high level "connection diagram" for each part: