You want to have your git commits verified to show that it's really you who is committing.
But setting up git, gpg and SourceTree on Mac is not so straight forward as it could be. This page will show you how you can achieve this.
Potential problems to run in:
- By default SourceTree for MacOS only works with the GPG Suite. This is something not everybody wants to use.
- Once GPG is installed an configured SourceTree might have problems actually using it to sign the commits.
- git asking for the password on command line might not work with with SourceTree
In order to get all that to work, just follow these steps:
I'm using homebrew to install the required software:
$ brew install gnupg pinentry-macWhat is that software?
| Software | Description | Link |
|---|---|---|
| gnupg | This is the actual GPG application application. | Website |
| pinentry-mac | Used to show a password entry window that may also integrate into Mac keychain. | Github |
Now configure the gpg-agent to use pinentry-mac:
$ echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
$ killall gpg-agentWhat this actually does is: Append the line pinentry-program /opt/homebrew/bin/pinentry-mac to the end of the file ~/.gnupg/gpg-agent.conf and then restart the application.
Older Macs
On older Mac systems the path might be different. There you might need to use this:
$ echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
$ killall gpg-agentIf you don't already have a GPG key generate one:
$ gpg --full-gen-keygpg will ask you some questions and eventually generate a key for you.
List all your keys using:
$ gpg --list-secret-keys --keyid-format=longThe output will look like the following listing. In this example we will use the id 3AA5C34371567BD2:
$ gpg --list-secret-keys --keyid-format=long
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid Hubot
ssb 4096R/42B317FD4BA89E7A 2016-03-10
Now tell your git cli to sign your commits with the key, that you just generated (replace the key ID with the key from the previous step).
$ git config --global user.signingkey 3AA5C34371567BD2You may also want to configure git to always sign your commits:
$ git config --global commit.gpgsign trueAs SourceTree is a bit picky about the application name for GPG signing, we need to create a symlink.
In your terminal go to /opt/homebrew/bin/. List the content of the directory:
$ ls -lAProbably there is an entry called gpg but no entry called gpg2. SourceTree requires an executable called gpg2 so we need to create it:
$ ln -s /opt/homebrew/bin/gpg /opt/homebrew/bin/gpg2gpg and gpg2 now point to the exact same executable, which is fine for us.
Older Macs
On older Macs the application might be installed to /usr/local/bin/ by Homebrew. In this case you should find gpg in this directory and then you should create the symlink there. The command would then look like this:
$ ln -s /usr/local/bin/gpg /usr/local/bin/gpg2After you’ve done this, open SourceTree, then the settings (CMD + ,) and click on the “Advanced” tab on the right.
Next to GPG Program click on Browse..., navigate to /opt/homebrew/bin/ and then click OK.
Older Macs
On older Macs the application may have been installed to /usr/local/bin. In this case use this path in SourceTree.
SourceTree will accept this folder, and is now happy using this path.
After that, you still might need to export your public key and install it on Github or any other git provider.
Continuing with the example from above, the following command displays the key for id 3AA5C34371567BD2 in your terminal:
$ gpg --armor --export 3AA5C34371567BD2
-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----Copy this block to your git provider.
That's it!
Information I used for this page:
| Website |
|---|
| StackOverflow |
| StackOverflow |
| Github documentation |
| Medium |
| kevingoedecke.me |
nice