From b183bcc9c07016b6a9aa0e904449633ece7338f5 Mon Sep 17 00:00:00 2001 From: punkfairie <23287005+punkfairie@users.noreply.github.com> Date: Sun, 4 Feb 2024 20:28:59 -0800 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Use=20GPG=20to=20sign=20git=20commi?= =?UTF-8?q?ts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I've automated as much as possible, and tucked the setup in it's own script which the user is prompted to run if no keys exist. --- README.md | 4 ++++ fish/install.fish | 1 - git/.gitconfig.local.symlink | 5 +++-- git/.gitconfig.symlink | 4 ++++ git/gpg-key.fish | 42 ++++++++++++++++++++++++++++++++++++ git/gpg.config.fish | 6 ++++++ git/install.fish | 41 +++++++++++++++++++++++++++++++---- 7 files changed, 96 insertions(+), 7 deletions(-) create mode 100755 git/gpg-key.fish create mode 100644 git/gpg.config.fish diff --git a/README.md b/README.md index 77e07fb..69ceb46 100644 --- a/README.md +++ b/README.md @@ -60,3 +60,7 @@ dotfile repos: [git-prevision](https://gist.github.com/TheCodeArtist/a90978ebca0ff6743036) [iTerm2 keymaps for tmux](https://web.archive.org/web/20230921160724/https://tangledhelix.com/blog/2012/04/28/iterm2-keymaps-for-tmux/) + +[signing-git-commits](https://gist.github.com/phortuin/cf24b1cca3258720c71ad42977e1ba57) + +[Correct_GnuPG_Permission](https://gist.github.com/oseme-techguy/bae2e309c084d93b75a9b25f49718f85) diff --git a/fish/install.fish b/fish/install.fish index 85b6147..5e25988 100755 --- a/fish/install.fish +++ b/fish/install.fish @@ -27,4 +27,3 @@ brew_install "Starship Prompt" starship brew_install "The Fuck" thefuck npm_install "tldr pages" tldr brew_install eza eza -brew_install GnuPG gnupg diff --git a/git/.gitconfig.local.symlink b/git/.gitconfig.local.symlink index ef9ef67..6e8677d 100644 --- a/git/.gitconfig.local.symlink +++ b/git/.gitconfig.local.symlink @@ -1,5 +1,6 @@ # vim:set ft=gitconfig : [user] - name = Marley Rae - email = marley@punkfairie.net + name = punkfairie + email = 23287005+punkfairie@users.noreply.github.com + signingkey = 8128A755 diff --git a/git/.gitconfig.symlink b/git/.gitconfig.symlink index 5b1fc8b..53bfd74 100644 --- a/git/.gitconfig.symlink +++ b/git/.gitconfig.symlink @@ -46,6 +46,10 @@ [commit] template = ~/dotfiles/git/commit_template + gpgSign = true + +[tag] + gpgSign = true [push] autoSetupRemote = true diff --git a/git/gpg-key.fish b/git/gpg-key.fish new file mode 100755 index 0000000..d962587 --- /dev/null +++ b/git/gpg-key.fish @@ -0,0 +1,42 @@ +#!/usr/bin/env fish + +source "$DOT/script/utils.fish" + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +# https://gist.github.com/phortuin/cf24b1cca3258720c71ad42977e1ba57 + +print_title "GPG Key Setup for Git & Github" + +if ! [ -e "$HOME/.gnupg/pubring.kbx" ] + print_warning "Please run gpg --full-gen-key with the following answers:" + print_warning "Kind of key - 4 (RSA, sign only)" + print_warning "Keysize - 4096" + print_warning "Expiration - 0" + print_warning "Real name - " + print_warning "Email address - @users.noreply.github.com" + print_warning "Re-run this script when finished!" + + exit +end + +# https://gist.github.com/oseme-techguy/bae2e309c084d93b75a9b25f49718f85 +sudo -k +chown -R $(whoami) "$HOME/.gnupg/" +find ~/.gnupg -type f -exec chmod 600 {} \; +find ~/.gnupg -type d -exec chmod 700 {} \; + +set key ( + gpg --list-secret-keys --keyid-format SHORT\ + | grep 'rsa4096'\ + | sed 's/sec rsa4096\///'\ + | awk '{print $1}' +) + +sed -i '' "s/# GPGKEY/signingkey = $key/g" "$DOT/git/.gitconfig.local.symlink" \ + && print_success "Added key to .gitconfig.local" + +gpg --armor --export $key | pbcopy \ + && print_success "Copied key to clipboard" \ + && print_warning "Please go to https://github.com/settings/keys" \ + && print_warning "and add your copied GPG key to your GitHub account!" diff --git a/git/gpg.config.fish b/git/gpg.config.fish new file mode 100644 index 0000000..315ab5d --- /dev/null +++ b/git/gpg.config.fish @@ -0,0 +1,6 @@ +#!/usr/bin/env fish + +if [ -e "~/.gnupg/gpg-agent.conf" ] + set -gx GPG_TTY (tty) + gpgconf --launch gpg-agent +end diff --git a/git/install.fish b/git/install.fish index 8c35125..9e19796 100755 --- a/git/install.fish +++ b/git/install.fish @@ -8,7 +8,40 @@ source "$DOT/homebrew/brew_utils.fish" print_subtitle Git brew_install "Github CLI" gh -execute \ - "git clone https://gitlab.com/raabf/gitmoji-fuzzy-hook.git ~/.local/share/gitmoji-fuzzy-hook && \ - ln -f -s ~/.local/share/gitmoji-fuzzy-hook/bin/gitmoji-fuzzy-hook-init.sh $HOME/bin/gitmoji-fuzzy-hook-init" \ - gitmoji-fuzzy-hook + +if ! [ -e "$HOME/.local/share/gitmoji-fuzzy-hook/" ] + execute \ + "git clone https://gitlab.com/raabf/gitmoji-fuzzy-hook.git ~/.local/share/gitmoji-fuzzy-hook && \ + ln -f -s ~/.local/share/gitmoji-fuzzy-hook/bin/gitmoji-fuzzy-hook-init.sh $HOME/bin/gitmoji-fuzzy-hook-init" \ + gitmoji-fuzzy-hook +else + execute \ + "cd ~/.local/share/gitmoji-fuzzy-hook/ && git pull; cd $DOT" \ + gitmoji-fuzzy-hook +end + +print_subtitle "Git GPG" + +sudo -k + +brew_install GnuPG gnupg +brew_install "Pinentry for Mac" pinentry-mac + +if ! [ -e "$HOME/.gnupg" ] + mkdir "$HOME/.gnupg" &>/dev/null +end + +if ! [ -e "$HOME/.gnupg/gpg.conf" ] + echo use-agent >"$HOME/.gnupg/gpg.conf" +end + +if ! [ -e "$HOME/.gnupg/gpg-agent.conf" ] + printf '%b' \ + "default-cache-ttl 34560000\n" \ + "max-cache-ttl 34560000\n" \ + "pinentry-program $(brew --prefix)/bin/pinentry-mac" >"$HOME/.gnupg/gpg-agent.conf" +end + +if ! [ -e "$HOME/.gnupg/pubring.kbx" ] + print_warning "No GPG keys exist! Please run $DOT/git/gpg-key.fish" +end