krider2010/.profile

## .profile
# This would go into .bash_profile, .bashrc, .zshrc, etc.

# Script to start the gpg-agent - in it's own file as it is also used when the machine starts up
# Be sure to update the path to wherever you place this file!
# Note, depending on shell you may not need this line enabling, if the global daemon is already running
# OK. Some shells complain, others don't!
~/bin/startup-gpg-agent.sh

# GPG
if [ -f "${HOME}/.gpg-agent-info" ]; then
    . "${HOME}/.gpg-agent-info"
    export GPG_AGENT_INFO
    export SSH_AUTH_SOCK
fi
GPG_TTY=$(tty)
export GPG_TTY

## gpg-agent.conf
use-standard-socket
pinentry-program /usr/local/bin/pinentry-mac
enable-ssh-support

## gpg.conf
use-agent
no-tty

## Instructions
# These steps were used to get everything working (eventually ;) )

# 1) Install the dependencies
brew install gnupg gpg-agent pinentry-mac
brew install gpg2 gnupg21  # Optional depending on needs, gpg2 works best with the gpg-agent on current latest OSX/Brew

# 2) Generate a GPG key, if you don't already have one, and add to your github (or bitbucket, gitlab, etc.) accounts
# https://help.github.com/articles/generating-a-new-gpg-key/
# Remember the public eight character GPG key id as you need it in the next step

# 3) Configure git to automatically sign commits
git config --global user.signingkey <YOUR-SIGNING-KEY-PUB-ID>
git config --global commit.gpgsign true  # ONLY DO THIS IF YOU WANT TO SIGN ALL COMMITS
git config --global gpg.program /usr/local/bin/gpg
# Or if you are using gpg2 and don't want to use /usr/local/bin/gpg as a symlink to /usr/local/bin/gpg2
# git config --global gpg.program /usr/local/bin/gpg2

# 4) If you just want to sign specific repositories, then edit each repository .git/config to include the following
[commit]
	gpgsign = true

# 5) Configure the GPG components using the files in this gist (at least add those lines)
#    ~/.gnupg/gpg.conf
#    ~/.gnupg/gpg-agent.conf

# 6) Create the agent start script (see elsewhere in this gist) and be sure to make it executable. Edit your profile (see elsewhere in this gist) to include it.
#    Also cope the plist into ~/Library/LaunchAgents/org.gnupg.gpg-agent.plist to allow for OS to start it in future.

# 7) Start the daemon to test signing. It will be fine to do this in your shell intially
#    Also comment out `no-tty` in gpg.conf to get the password saved.
#    Just source the appropriate .profile/.bashrc/etc file
#    Make a change to the repo and add it. Try and commit.
#    All being well the commit should prompt you for password entry via pinentry-mac, and you can save this to your keychain

# 8) Ensure no-tty is put back into gpg.conf once things are working in step 5

# 9) Run a GUI tool (and make a change to the repo) using `open -a "Name of app"`.
#    e.g. open -a "Tower"
#    This runs the app using your current shell environment and will allow you to test Tower (or GitHub, or others)

# 10) If all this works, then a reboot should have the gpg-agent daemon started automatically and be available to GUI
#    apps. You can now sign commits as if it was a plain commit :thumbsup:

# Thanks to https://gist.github.com/sindresorhus/98add7be608fad6b5376a895e5a59972 for initial guidance, and various other web
# sites for dealing with launchctl, environments, and most of all Sam at Tower Support for guiding me down the right path.
# Tower: https://www.git-tower.com/

# NB: My key expires, so once that happens I will have to setup things up for the new key, and use a tty/pinentry to get
# the new password cached into the keychain. You will have to do the same if your key expires.

## org.gnupg.gpg-agent.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"  "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- This needs to be placed at ~/Library/LaunchAgents/org.gnupg.gpg-agent.plist -->
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>org.gnupg.gpg-agent</string>
    <key>ProgramArguments</key>
    <array>
      <!-- Be sure to set this path correctly! -->
      <string>/Users/yourusername/bin/start-gpg-agent.sh</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
  </dict>
</plist>

## startup-gpg-agent.sh
# Ensure that gpg can find the agent when needed
if [ -f ~/.gnupg/.gpg-agent-info ] && [ -n "$(pgrep gpg-agent)" ]; then
    source ~/.gnupg/.gpg-agent-info
    export GPG_AGENT_INFO
else
    eval $(gpg-agent --daemon --write-env-file ~/.gnupg/.gpg-agent-info)
fi

# This line is important for GUI tools to also find it
launchctl setenv GPG_AGENT_INFO $GPG_AGENT_INFO
	# This would go into .bash_profile, .bashrc, .zshrc, etc.

	# Script to start the gpg-agent - in it's own file as it is also used when the machine starts up
	# Be sure to update the path to wherever you place this file!
	# Note, depending on shell you may not need this line enabling, if the global daemon is already running
	# OK. Some shells complain, others don't!
	~/bin/startup-gpg-agent.sh

	# GPG
	if [ -f "${HOME}/.gpg-agent-info" ]; then
	. "${HOME}/.gpg-agent-info"
	export GPG_AGENT_INFO
	export SSH_AUTH_SOCK
	fi
	GPG_TTY=$(tty)
	export GPG_TTY
	use-standard-socket
	pinentry-program /usr/local/bin/pinentry-mac
	enable-ssh-support
	# These steps were used to get everything working (eventually ;) )

	# 1) Install the dependencies
	brew install gnupg gpg-agent pinentry-mac
	brew install gpg2 gnupg21 # Optional depending on needs, gpg2 works best with the gpg-agent on current latest OSX/Brew

	# 2) Generate a GPG key, if you don't already have one, and add to your github (or bitbucket, gitlab, etc.) accounts
	# https://help.github.com/articles/generating-a-new-gpg-key/
	# Remember the public eight character GPG key id as you need it in the next step

	# 3) Configure git to automatically sign commits
	git config --global user.signingkey <YOUR-SIGNING-KEY-PUB-ID>
	git config --global commit.gpgsign true # ONLY DO THIS IF YOU WANT TO SIGN ALL COMMITS
	git config --global gpg.program /usr/local/bin/gpg
	# Or if you are using gpg2 and don't want to use /usr/local/bin/gpg as a symlink to /usr/local/bin/gpg2
	# git config --global gpg.program /usr/local/bin/gpg2

	# 4) If you just want to sign specific repositories, then edit each repository .git/config to include the following
	[commit]
	gpgsign = true

	# 5) Configure the GPG components using the files in this gist (at least add those lines)
	# ~/.gnupg/gpg.conf
	# ~/.gnupg/gpg-agent.conf

	# 6) Create the agent start script (see elsewhere in this gist) and be sure to make it executable. Edit your profile (see elsewhere in this gist) to include it.
	# Also cope the plist into ~/Library/LaunchAgents/org.gnupg.gpg-agent.plist to allow for OS to start it in future.

	# 7) Start the daemon to test signing. It will be fine to do this in your shell intially
	# Also comment out `no-tty` in gpg.conf to get the password saved.
	# Just source the appropriate .profile/.bashrc/etc file
	# Make a change to the repo and add it. Try and commit.
	# All being well the commit should prompt you for password entry via pinentry-mac, and you can save this to your keychain

	# 8) Ensure no-tty is put back into gpg.conf once things are working in step 5

	# 9) Run a GUI tool (and make a change to the repo) using `open -a "Name of app"`.
	# e.g. open -a "Tower"
	# This runs the app using your current shell environment and will allow you to test Tower (or GitHub, or others)

	# 10) If all this works, then a reboot should have the gpg-agent daemon started automatically and be available to GUI
	# apps. You can now sign commits as if it was a plain commit :thumbsup:

	# Thanks to https://gist.github.com/sindresorhus/98add7be608fad6b5376a895e5a59972 for initial guidance, and various other web
	# sites for dealing with launchctl, environments, and most of all Sam at Tower Support for guiding me down the right path.
	# Tower: https://www.git-tower.com/

	# NB: My key expires, so once that happens I will have to setup things up for the new key, and use a tty/pinentry to get
	# the new password cached into the keychain. You will have to do the same if your key expires.
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<!-- This needs to be placed at ~/Library/LaunchAgents/org.gnupg.gpg-agent.plist -->
	<plist version="1.0">
	<dict>
	<key>Label</key>
	<string>org.gnupg.gpg-agent</string>
	<key>ProgramArguments</key>
	<array>
	<!-- Be sure to set this path correctly! -->
	<string>/Users/yourusername/bin/start-gpg-agent.sh</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
	</dict>
	</plist>
	# Ensure that gpg can find the agent when needed
	if [ -f ~/.gnupg/.gpg-agent-info ] && [ -n "$(pgrep gpg-agent)" ]; then
	source ~/.gnupg/.gpg-agent-info
	export GPG_AGENT_INFO
	else
	eval $(gpg-agent --daemon --write-env-file ~/.gnupg/.gpg-agent-info)
	fi

	# This line is important for GUI tools to also find it
	launchctl setenv GPG_AGENT_INFO $GPG_AGENT_INFO