Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save noxone/2627135564d905d6a849c6854647bab1 to your computer and use it in GitHub Desktop.
Save noxone/2627135564d905d6a849c6854647bab1 to your computer and use it in GitHub Desktop.
Set up Git and SourceTree to gpg sign commits on MacOS

MacOS: Set up Git and SourceTree to gpg sign commits

Motivation

You want to have your git commits verified to show that it's really you who is committing.

But setting up git, gpg and SourceTree on Mac is not so straight forward as it could be. This page will show you how you can achieve this.

Potential problems to run in:
  • By default SourceTree for MacOS only works with the GPG Suite. This is something not everybody wants to use.
  • Once GPG is installed an configured SourceTree might have problems actually using it to sign the commits.
  • git asking for the password on command line might not work with with SourceTree

Solution

In order to get all that to work, just follow these steps:

1. Install software

I'm using homebrew to install the required software:

$ brew install gnupg pinentry-mac
What is that software?
Software Description Link
gnupg This is the actual GPG application application. Website
pinentry-mac Used to show a password entry window that may also integrate into Mac keychain. Github

Now configure the gpg-agent to use pinentry-mac:

$ echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf 
$ killall gpg-agent

What this actually does is: Append the line pinentry-program /opt/homebrew/bin/pinentry-mac to the end of the file ~/.gnupg/gpg-agent.conf and then restart the application.

Older Macs

On older Mac systems the path might be different. There you might need to use this:

$ echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
$ killall gpg-agent

2. Generate GPG key

If you don't already have a GPG key generate one:

$ gpg --full-gen-key

gpg will ask you some questions and eventually generate a key for you.

List all your keys using:

$ gpg --list-secret-keys --keyid-format=long

The output will look like the following listing. In this example we will use the id 3AA5C34371567BD2:

$ gpg --list-secret-keys --keyid-format=long
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid                          Hubot 
ssb   4096R/42B317FD4BA89E7A 2016-03-10

Now tell your git cli to sign your commits with the key, that you just generated (replace the key ID with the key from the previous step).

$ git config --global user.signingkey 3AA5C34371567BD2

You may also want to configure git to always sign your commits:

$ git config --global commit.gpgsign true

3. Create symlinks

As SourceTree is a bit picky about the application name for GPG signing, we need to create a symlink.

In your terminal go to /opt/homebrew/bin/. List the content of the directory:

$ ls -lA

Probably there is an entry called gpg but no entry called gpg2. SourceTree requires an executable called gpg2 so we need to create it:

$ ln -s gpg gpg2

gpg and gpg2 now point to the exact same executable, which is fine for us.

Older Macs

On older Macs the application might be installed to /usr/local/bin by Homebrew. In this case you should find gpg in this directory and then you should create the symlink there.

4. Configure SourceTree

After you’ve done this, open SourceTree, then the settings (CMD + ,) and click on the “Advanced” tab on the right.

Next to GPG Program click on Browse..., navigate to /opt/homebrew/bin/ and then click OK.

Older Macs

On older Macs the application may have been installed to /usr/local/bin. In this case use this path in SourceTree.

SourceTree will accept this folder, and is now happy using this path.

5. Github & Co.

After that, you still might need to export your public key and install it on Github or any other git provider.

Continuing with the example from above, the following command displays the key for id 3AA5C34371567BD2 in your terminal:

$ gpg --armor --export 3AA5C34371567BD2
-----BEGIN PGP PUBLIC KEY BLOCK-----

...
-----END PGP PUBLIC KEY BLOCK-----

Copy this block to your git provider.

That's it!


References

Information I used for this page:

Website
StackOverflow
StackOverflow
Github documentation
Medium
kevingoedecke.me
@darshmashru
Copy link

superb!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment