✨ Use GPG to sign git commits
I've automated as much as possible, and tucked the setup in it's own script which the user is prompted to run if no keys exist.
This commit is contained in:
parent
26dc5d58d0
commit
b183bcc9c0
7 changed files with 96 additions and 7 deletions
|
@ -60,3 +60,7 @@ dotfile repos:
|
||||||
[git-prevision](https://gist.github.com/TheCodeArtist/a90978ebca0ff6743036)
|
[git-prevision](https://gist.github.com/TheCodeArtist/a90978ebca0ff6743036)
|
||||||
|
|
||||||
[iTerm2 keymaps for tmux](https://web.archive.org/web/20230921160724/https://tangledhelix.com/blog/2012/04/28/iterm2-keymaps-for-tmux/)
|
[iTerm2 keymaps for tmux](https://web.archive.org/web/20230921160724/https://tangledhelix.com/blog/2012/04/28/iterm2-keymaps-for-tmux/)
|
||||||
|
|
||||||
|
[signing-git-commits](https://gist.github.com/phortuin/cf24b1cca3258720c71ad42977e1ba57)
|
||||||
|
|
||||||
|
[Correct_GnuPG_Permission](https://gist.github.com/oseme-techguy/bae2e309c084d93b75a9b25f49718f85)
|
||||||
|
|
|
@ -27,4 +27,3 @@ brew_install "Starship Prompt" starship
|
||||||
brew_install "The Fuck" thefuck
|
brew_install "The Fuck" thefuck
|
||||||
npm_install "tldr pages" tldr
|
npm_install "tldr pages" tldr
|
||||||
brew_install eza eza
|
brew_install eza eza
|
||||||
brew_install GnuPG gnupg
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
# vim:set ft=gitconfig :
|
# vim:set ft=gitconfig :
|
||||||
|
|
||||||
[user]
|
[user]
|
||||||
name = Marley Rae
|
name = punkfairie
|
||||||
email = marley@punkfairie.net
|
email = 23287005+punkfairie@users.noreply.github.com
|
||||||
|
signingkey = 8128A755
|
||||||
|
|
|
@ -46,6 +46,10 @@
|
||||||
|
|
||||||
[commit]
|
[commit]
|
||||||
template = ~/dotfiles/git/commit_template
|
template = ~/dotfiles/git/commit_template
|
||||||
|
gpgSign = true
|
||||||
|
|
||||||
|
[tag]
|
||||||
|
gpgSign = true
|
||||||
|
|
||||||
[push]
|
[push]
|
||||||
autoSetupRemote = true
|
autoSetupRemote = true
|
||||||
|
|
42
git/gpg-key.fish
Executable file
42
git/gpg-key.fish
Executable file
|
@ -0,0 +1,42 @@
|
||||||
|
#!/usr/bin/env fish
|
||||||
|
|
||||||
|
source "$DOT/script/utils.fish"
|
||||||
|
|
||||||
|
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||||
|
|
||||||
|
# https://gist.github.com/phortuin/cf24b1cca3258720c71ad42977e1ba57
|
||||||
|
|
||||||
|
print_title "GPG Key Setup for Git & Github"
|
||||||
|
|
||||||
|
if ! [ -e "$HOME/.gnupg/pubring.kbx" ]
|
||||||
|
print_warning "Please run gpg --full-gen-key with the following answers:"
|
||||||
|
print_warning "Kind of key - 4 (RSA, sign only)"
|
||||||
|
print_warning "Keysize - 4096"
|
||||||
|
print_warning "Expiration - 0"
|
||||||
|
print_warning "Real name - <your GitHub username>"
|
||||||
|
print_warning "Email address - <private email>@users.noreply.github.com"
|
||||||
|
print_warning "Re-run this script when finished!"
|
||||||
|
|
||||||
|
exit
|
||||||
|
end
|
||||||
|
|
||||||
|
# https://gist.github.com/oseme-techguy/bae2e309c084d93b75a9b25f49718f85
|
||||||
|
sudo -k
|
||||||
|
chown -R $(whoami) "$HOME/.gnupg/"
|
||||||
|
find ~/.gnupg -type f -exec chmod 600 {} \;
|
||||||
|
find ~/.gnupg -type d -exec chmod 700 {} \;
|
||||||
|
|
||||||
|
set key (
|
||||||
|
gpg --list-secret-keys --keyid-format SHORT\
|
||||||
|
| grep 'rsa4096'\
|
||||||
|
| sed 's/sec rsa4096\///'\
|
||||||
|
| awk '{print $1}'
|
||||||
|
)
|
||||||
|
|
||||||
|
sed -i '' "s/# GPGKEY/signingkey = $key/g" "$DOT/git/.gitconfig.local.symlink" \
|
||||||
|
&& print_success "Added key to .gitconfig.local"
|
||||||
|
|
||||||
|
gpg --armor --export $key | pbcopy \
|
||||||
|
&& print_success "Copied key to clipboard" \
|
||||||
|
&& print_warning "Please go to https://github.com/settings/keys" \
|
||||||
|
&& print_warning "and add your copied GPG key to your GitHub account!"
|
6
git/gpg.config.fish
Normal file
6
git/gpg.config.fish
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
#!/usr/bin/env fish
|
||||||
|
|
||||||
|
if [ -e "~/.gnupg/gpg-agent.conf" ]
|
||||||
|
set -gx GPG_TTY (tty)
|
||||||
|
gpgconf --launch gpg-agent
|
||||||
|
end
|
|
@ -8,7 +8,40 @@ source "$DOT/homebrew/brew_utils.fish"
|
||||||
print_subtitle Git
|
print_subtitle Git
|
||||||
|
|
||||||
brew_install "Github CLI" gh
|
brew_install "Github CLI" gh
|
||||||
execute \
|
|
||||||
|
if ! [ -e "$HOME/.local/share/gitmoji-fuzzy-hook/" ]
|
||||||
|
execute \
|
||||||
"git clone https://gitlab.com/raabf/gitmoji-fuzzy-hook.git ~/.local/share/gitmoji-fuzzy-hook && \
|
"git clone https://gitlab.com/raabf/gitmoji-fuzzy-hook.git ~/.local/share/gitmoji-fuzzy-hook && \
|
||||||
ln -f -s ~/.local/share/gitmoji-fuzzy-hook/bin/gitmoji-fuzzy-hook-init.sh $HOME/bin/gitmoji-fuzzy-hook-init" \
|
ln -f -s ~/.local/share/gitmoji-fuzzy-hook/bin/gitmoji-fuzzy-hook-init.sh $HOME/bin/gitmoji-fuzzy-hook-init" \
|
||||||
gitmoji-fuzzy-hook
|
gitmoji-fuzzy-hook
|
||||||
|
else
|
||||||
|
execute \
|
||||||
|
"cd ~/.local/share/gitmoji-fuzzy-hook/ && git pull; cd $DOT" \
|
||||||
|
gitmoji-fuzzy-hook
|
||||||
|
end
|
||||||
|
|
||||||
|
print_subtitle "Git GPG"
|
||||||
|
|
||||||
|
sudo -k
|
||||||
|
|
||||||
|
brew_install GnuPG gnupg
|
||||||
|
brew_install "Pinentry for Mac" pinentry-mac
|
||||||
|
|
||||||
|
if ! [ -e "$HOME/.gnupg" ]
|
||||||
|
mkdir "$HOME/.gnupg" &>/dev/null
|
||||||
|
end
|
||||||
|
|
||||||
|
if ! [ -e "$HOME/.gnupg/gpg.conf" ]
|
||||||
|
echo use-agent >"$HOME/.gnupg/gpg.conf"
|
||||||
|
end
|
||||||
|
|
||||||
|
if ! [ -e "$HOME/.gnupg/gpg-agent.conf" ]
|
||||||
|
printf '%b' \
|
||||||
|
"default-cache-ttl 34560000\n" \
|
||||||
|
"max-cache-ttl 34560000\n" \
|
||||||
|
"pinentry-program $(brew --prefix)/bin/pinentry-mac" >"$HOME/.gnupg/gpg-agent.conf"
|
||||||
|
end
|
||||||
|
|
||||||
|
if ! [ -e "$HOME/.gnupg/pubring.kbx" ]
|
||||||
|
print_warning "No GPG keys exist! Please run $DOT/git/gpg-key.fish"
|
||||||
|
end
|
||||||
|
|
Loading…
Reference in a new issue