Skip to content

Instantly share code, notes, and snippets.

@nicbet
Created December 13, 2019 15:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nicbet/e834f1c85bac0e7b2cd525192961faf6 to your computer and use it in GitHub Desktop.
Save nicbet/e834f1c85bac0e7b2cd525192961faf6 to your computer and use it in GitHub Desktop.
Code Signing in Git on Mac OS X

Install required software

brew install gpg pinentry pinentry-mac

Create a GPG Key

gpg --full-generate-key
  • Use RSA, 4096bits

Configure Toolchain

Create directory and give correct permissions

mkdir -p ~/.gnupg
find ~/.gnupg -type f -exec chmod 600 {} \;
find ~/.gnupg -type d -exec chmod 700 {} \;

File `~/.gnupg/gpg-agent.conf

# Enables GPG to find gpg-agent
use-standard-socket

# Connects gpg-agent to the OSX keychain via the brew-installed
# pinentry program from GPGtools. This is the OSX 'magic sauce',
# allowing the gpg key's passphrase to be stored in the login
# keychain, enabling automatic key signing.
pinentry-program /usr/local/bin/pinentry-mac

File ~/.gnupg/gpg.conf

# Uncomment within config (or add this line)
use-agent

# This silences the "you need a passphrase" message once the passphrase handling is all set.
# Use at your own discretion - may prevent the successful interactive use of some operations.
# It is working fine for my use cases though.
batch

# Ensures the cross certification "back signature" on the subkey is present and
# valid. This protects against a subtle attack against subkeys that can sign.
require-cross-certification

Setup Sourcetree

Find your GPG Key ID

gpg --list-secret-keys --keyid-format LONG

Copy Key to Clipboard

gpg --armor --export <KEY ID> | pbcopy

Store in Bitbucket Server under User -> Manage Account -> GPG Keys

Configure Git globally to use this key

git config --global user.signingkey <KEY ID>

Copy the symlink to make Sourcetree find the GPG program

cp -a /usr/local/bin/gpg /usr/local/bin/gpg2
git config --global gpg.program gpg2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment