You want to have your git commits verified to show that it's really you who is committing.
But setting up git, gpg and SourceTree on Mac is not so straight forward as it could be. This page will show you how you can achieve this.
Potential problems to run in:
- By default SourceTree for MacOS only works with the GPG Suite. This is something not everybody wants to use.
- Once GPG is installed an configured SourceTree might have problems actually using it to sign the commits.
- git asking for the password on command line might not work with with SourceTree
In order to get all that to work, just follow these steps:
I'm using homebrew
to install the required software:
$ brew install gnupg pinentry-mac
What is that software?
Software | Description | Link |
---|---|---|
gnupg | This is the actual GPG application application. | Website |
pinentry-mac | Used to show a password entry window that may also integrate into Mac keychain. | Github |
Now configure the gpg-agent
to use pinentry-mac
:
$ echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
$ killall gpg-agent
What this actually does is: Append the line pinentry-program /opt/homebrew/bin/pinentry-mac
to the end of the file ~/.gnupg/gpg-agent.conf
and then restart the application.
Older Macs
On older Mac systems the path might be different. There you might need to use this:
$ echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
$ killall gpg-agent
If you don't already have a GPG key generate one:
$ gpg --full-gen-key
gpg
will ask you some questions and eventually generate a key for you.
List all your keys using:
$ gpg --list-secret-keys --keyid-format=long
The output will look like the following listing. In this example we will use the id 3AA5C34371567BD2
:
$ gpg --list-secret-keys --keyid-format=long
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid Hubot
ssb 4096R/42B317FD4BA89E7A 2016-03-10
Now tell your git cli to sign your commits with the key, that you just generated (replace the key ID with the key from the previous step).
$ git config --global user.signingkey 3AA5C34371567BD2
You may also want to configure git
to always sign your commits:
$ git config --global commit.gpgsign true
As SourceTree is a bit picky about the application name for GPG signing, we need to create a symlink.
In your terminal go to /opt/homebrew/bin/
. List the content of the directory:
$ ls -lA
Probably there is an entry called gpg
but no entry called gpg2
. SourceTree requires an executable called gpg2
so we need to create it:
$ ln -s gpg gpg2
gpg
and gpg2
now point to the exact same executable, which is fine for us.
Older Macs
On older Macs the application might be installed to /usr/local/bin
by Homebrew. In this case you should find gpg
in this directory and then you should create the symlink there.
After you’ve done this, open SourceTree, then the settings (CMD + ,) and click on the “Advanced” tab on the right.
Next to GPG Program
click on Browse...
, navigate to /opt/homebrew/bin/
and then click OK
.
Older Macs
On older Macs the application may have been installed to /usr/local/bin
. In this case use this path in SourceTree.
SourceTree will accept this folder, and is now happy using this path.
After that, you still might need to export your public key and install it on Github or any other git provider.
Continuing with the example from above, the following command displays the key for id 3AA5C34371567BD2
in your terminal:
$ gpg --armor --export 3AA5C34371567BD2
-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----
Copy this block to your git provider.
That's it!
Information I used for this page:
Website |
---|
StackOverflow |
StackOverflow |
Github documentation |
Medium |
kevingoedecke.me |
superb!