MacOS: Set up Git and SourceTree to gpg sign commits
You want to have your git commits verified to show that it's really you who is committing.
But setting up git, gpg and SourceTree on Mac is not so straight forward as it could be. This page will show you how you can achieve this.
Potential problems to run in:
- By default SourceTree for MacOS only works with the GPG Suite. This is something not everybody wants to use.
- Once GPG is installed an configured SourceTree might have problems actually using it to sign the commits.
- git asking for the password on command line might not work with with SourceTree
In order to get all that to work, just follow these steps:
1. Install software
homebrew to install the required software:
$ brew install gnupg pinentry-mac
What is that software?
|gnupg||This is the actual GPG application application.||Website|
|pinentry-mac||Used to show a password entry window that may also integrate into Mac keychain.||Github|
Now configure the
gpg-agent to use
$ echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf $ killall gpg-agent
What this actually does is: Append the line
pinentry-program /opt/homebrew/bin/pinentry-mac to the end of the file
~/.gnupg/gpg-agent.conf and then restart the application.
On older Mac systems the path might be different. There you might need to use this:
$ echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf $ killall gpg-agent
2. Generate GPG key
If you don't already have a GPG key generate one:
$ gpg --full-gen-key
gpg will ask you some questions and eventually generate a key for you.
List all your keys using:
$ gpg --list-secret-keys --keyid-format=long
The output will look like the following listing. In this example we will use the id
$ gpg --list-secret-keys --keyid-format=long /Users/hubot/.gnupg/secring.gpg ------------------------------------ sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10] uid Hubot ssb 4096R/42B317FD4BA89E7A 2016-03-10
Now tell you git cli to sign your commits with the key, that you just generated (replace the key ID with the key from the previous step).
$ git config --global user.signingkey 3AA5C34371567BD2
You may also want to configure
git to always sign your commits:
$ git config --global commit.gpgsign true
3. Create symlinks
As SourceTree is a bit picky about the application name for GPG signing, we need to create a symlink.
In your terminal go to
/opt/homebrew/bin/. List the content of the directory:
$ ls -lA
Probably there is an entry called
gpg but no entry called
gpg2. SourceTree requires an executable called
gpg2 so we need to create it:
$ ln -s gpg gpg2
gpg2 now point to the exact same executable, which is fine for us.
On older Macs the application might be installed to
/usr/local/bin by Homebrew. In this case you should find
gpg in this directory and then you should create the symlink there.
4. Configure SourceTree
After you’ve done this open SourceTree, then the settings (CMD + ,) and click on the “Advanced” tab on the right.
GPG Program click on
Browse..., navigate to
/opt/homebrew/bin/ and then click
On older Macs the application may have been installed to
/usr/local/bin. In this case use this path in SourceTree.
SourceTree will accept this folder, and is now happy using this path.
5. Github & Co.
After that, you still might need to export your public key and install it on Github or any other git provider.
Continuing with the example from above, the following command displays the key for id
3AA5C34371567BD2 in your terminal:
$ gpg --armor --export 3AA5C34371567BD2 -----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----
Copy this block to your git provider.
Information I used for this page: