From: AJ ONeal Date: Fri, 19 Nov 2021 09:33:58 +0000 (+0000) Subject: refactor!: rename git-gpg-init => git-config-gpg X-Git-Url: https://git.josue.xyz/?a=commitdiff_plain;h=07cf1d25c22515baa49faad28d31de3cac9bc8cd;p=webi-installers%2F.git refactor!: rename git-gpg-init => git-config-gpg --- diff --git a/git-config-gpg/README.md b/git-config-gpg/README.md new file mode 100644 index 0000000..e7906e4 --- /dev/null +++ b/git-config-gpg/README.md @@ -0,0 +1,192 @@ +--- +title: git-config-gpg +homepage: https://webinstall.dev/git-config-gpg +tagline: | + Get your GnuPG Public Key. +--- + +## Cheat Sheet + +> Although the latest git release allows you to sign with SSH Keys (and GitHub +> will implement this shortly if it hasn't already), most systems do not have +> the latest git release, and most verification systems are not updated with the +> newest verification techniques, so you may wish to sign your commits with GPG, +> as has been done for the last 20 years... + +Here we'll cover + +- How to [add a GPG key to Github](https://github.com/settings/gpg/new) +- How to cache the passphrase longer +- How to [create a GPG key](./gpg-pubkey) +- How to configure git with GPG signing +- Troubleshooting 'gpg failed to sign the data' + +Usage: + +```bash +git-config-gpg +``` + +Example output: + +```txt +GnuPG Public Key ID: CA025BC42F00BBBE + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGGQtKIBDAChxTT375fetQawLkyyDcz07uIEZVa9pvuip8goMqev7PkOIHi+ +j6PDtFmxgv8ZOFe8+1RfMC7eL5fYah0/OBxNm7pPvAPDWOX38FfUzoq9CALW2xPD +... +Yee+eokiC2mWIEkMwbqlnNmkX/wphS0zcCsEiHirmDxgY6YY9QRjlzUMY68OqjfJ +IFjFWv3R7eckM957wyR5BvdQNfGrW7cWefWhdZOzLEE7 +=GXEK +-----END PGP PUBLIC KEY BLOCK----- + +Successfully updated ~/.gitconfig for gpg commit signing + +How to verify signed commits on GitHub: + + 1. Go to 'Add GPG Key': https://github.com/settings/gpg/new + 2. Copy and paste the key above from the first ---- to the last ---- +``` + +### Files + +These are the files / directories that are created and/or modified with this +install: + +```txt +~/.config/envman/PATH.env +~/.local/bin/git-config-gpg +~/Downloads/YOU.KEY_ID.gpg.asc +``` + +### How to add your GPG Public Key to GitHub + +1. Go to your GitHub Profile () +2. Go to the SSH and GPG Keys () +3. Add GPG Key () +4. Paste the output of `gpg-pubkey` into the form + +### How to cache the Passphrase longer + +If you'd like the passphrase to be cached until your login session ends, just +set it to 400 days and call it good. + +`~/.gnupg/gpg-agent.conf`: + +```txt +default-cache-ttl 34560000 +max-cache-ttl 34560000 +``` + +You'll need to reload `gpg-agent` for this to take effect, or just logout and +login again. + +```bash +# kill gpg-agent dead +killall gpg-agent +gpgconf killall gpg-agent + +# start gpg-agent again (yes, 'bye' to start) +gpg-connect-agent --agent-program ~/.local/opt/gnupg/bin/gpg-agent /bye +``` + +Note: You may need to change or omit `--agent-program`, depending on how you +installed `gpg` (if you installed it with Webi, run it as shown above). + +### How to create a GPG Key + +See: + +- [gpg-pubkey](./gpg-pubkey) +- and [gpg](./gpg), if you want to do it "the hard way" + +### How to manually set up git commit gpg signing + +(this is what `git-config-gpg` does) + +Run [gpg-pubkey-id](./gpg-pubkey) to get your GnuPG Public Key ID and then +update your `~/.gitconfig` to sign with it by default: + +```bash +#!/bin/bash + +MY_KEY_ID="$( + gpg-pubkey-id +)" + +git config --global user.signingkey "${MY_KEY_ID}" +git config --global commit.gpgsign true +git config --global log.showSignature true +``` + +Or, for Windows users: + +```bash +#!/usr/bin/env pwsh + +$my_key_id = gpg-pubkey-id + +git config --global user.signingkey "$my_key_id" +git config --global commit.gpgsign true +git config --global log.showSignature true +``` + +Or, if you prefer to edit the text file directly: + +`~/.gitconfig` + +```txt +[user] + signingkey = CA025BC42F00BBBE +[commit] + gpgsign = true +[log] + showSignature = true +``` + +In some cases you may also want to prevent conflicts between different installed +versions of gpg, like so: + +```bash +git config --global gpg.program ~/.local/opt/gnupg/bin/gpg +``` + +```txt +[gpg] + program = /Users/me/.local/opt/gnupg/bin/gpg +``` + +### Troubleshooting 'gpg failed to sign the data' + +`gpg` is generally expected to be used with a Desktop client. On Linux servers +you may get this error: + +```txt +error: gpg failed to sign the data +fatal: failed to write commit object +``` + +Try to load the `gpg-agent`, set `GPG_TTY`, and then run a clearsign test. + +```bash +gpg-connect-agent /bye +export GPG_TTY=$(tty) +echo "test" | gpg --clearsign +``` + +If that works, update your `~/.bashrc`, `~/.zshrc`, and/or +`~/.config/fish/config.fish` to include the following: + +```bash +gpg-connect-agent /bye +export GPG_TTY=$(tty) +``` + +If this is failing on Mac or Windows, then `gpg-agent` is not starting as +expected on login (for Mac the above may work), and/or the `pinentry` command is +not in the PATH. + +If you just installed `gpg`, try closing and reopening your Terminal, or +possibly rebooting. diff --git a/git-config-gpg/git-config-gpg.sh b/git-config-gpg/git-config-gpg.sh new file mode 100644 index 0000000..3b38745 --- /dev/null +++ b/git-config-gpg/git-config-gpg.sh @@ -0,0 +1,36 @@ +#!/bin/bash +set -e +set -u + +export PATH="$HOME/.local/opt/gnupg/bin:$PATH" +export PATH="$HOME/.local/opt/gnupg/bin/pinentry-mac.app/Contents/MacOS:$PATH" + +# TODO check for public key without gpg-pubkey? +if ! command -v gpg-pubkey; then + webi gpg-pubkey +else + gpg-pubkey +fi + +MY_KEY_ID="$( + gpg-pubkey-id +)" + +echo -n "Enabling automatic git commit signing... + git config --global user.signingkey ${MY_KEY_ID} + git config --global commit.gpgsign true + git config --global log.showSignature true +" + +git config --global user.signingkey "${MY_KEY_ID}" +git config --global commit.gpgsign true +git config --global log.showSignature true + +echo "" +echo "Successfully updated ~/.gitconfig" +echo "" +echo "How to verify signed commits on GitHub:" +echo "" +echo " 1. Go to 'Add GPG Key': https://github.com/settings/gpg/new" +echo " 2. Copy and paste the key above from the first ---- to the last ----" +echo "" diff --git a/git-config-gpg/install.sh b/git-config-gpg/install.sh new file mode 100644 index 0000000..b198bee --- /dev/null +++ b/git-config-gpg/install.sh @@ -0,0 +1,34 @@ +#!/bin/bash +set -e +set -u + +function __install_git_gpg_init() { + MY_CMD="git-config-gpg" + + rm -f "$HOME/.local/bin/$MY_CMD" + webi_download "$WEBI_HOST/packages/$MY_CMD/$MY_CMD.sh" "$HOME/.local/bin/$MY_CMD" + chmod a+x "$HOME/.local/bin/$MY_CMD" +} + +function __check_gpg_pubkey_exists() { + if ! command -v gpg; then + webi gpg-pubkey + export PATH="$HOME/.local/opt/gnupg/bin:$PATH" + export PATH="$HOME/.local/opt/gnupg/bin/pinentry-mac.app/Contents/MacOS:$PATH" + fi +} + +function __check_gpg_exists() { + if ! command -v gpg; then + webi gpg + export PATH="$HOME/.local/opt/gnupg/bin:$PATH" + export PATH="$HOME/.local/opt/gnupg/bin/pinentry-mac.app/Contents/MacOS:$PATH" + fi +} + +__install_git_gpg_init +__check_gpg_pubkey_exists +__check_gpg_exists + +# run the command +"$HOME/.local/bin/$MY_CMD" diff --git a/git-gpg-init/README.md b/git-gpg-init/README.md deleted file mode 100644 index 20d5504..0000000 --- a/git-gpg-init/README.md +++ /dev/null @@ -1,192 +0,0 @@ ---- -title: git-gpg-init -homepage: https://webinstall.dev/git-gpg-init -tagline: | - Get your GnuPG Public Key. ---- - -## Cheat Sheet - -> Although the latest git release allows you to sign with SSH Keys (and GitHub -> will implement this shortly if it hasn't already), most systems do not have -> the latest git release, and most verification systems are not updated with the -> newest verification techniques, so you may wish to sign your commits with GPG, -> as has been done for the last 20 years... - -Here we'll cover - -- How to [add a GPG key to Github](https://github.com/settings/gpg/new) -- How to cache the passphrase longer -- How to [create a GPG key](./gpg-pubkey) -- How to configure git with GPG signing -- Troubleshooting 'gpg failed to sign the data' - -Usage: - -```bash -git-gpg-init -``` - -Example output: - -```txt -GnuPG Public Key ID: CA025BC42F00BBBE - ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGNBGGQtKIBDAChxTT375fetQawLkyyDcz07uIEZVa9pvuip8goMqev7PkOIHi+ -j6PDtFmxgv8ZOFe8+1RfMC7eL5fYah0/OBxNm7pPvAPDWOX38FfUzoq9CALW2xPD -... -Yee+eokiC2mWIEkMwbqlnNmkX/wphS0zcCsEiHirmDxgY6YY9QRjlzUMY68OqjfJ -IFjFWv3R7eckM957wyR5BvdQNfGrW7cWefWhdZOzLEE7 -=GXEK ------END PGP PUBLIC KEY BLOCK----- - -Successfully updated ~/.gitconfig for gpg commit signing - -How to verify signed commits on GitHub: - - 1. Go to 'Add GPG Key': https://github.com/settings/gpg/new - 2. Copy and paste the key above from the first ---- to the last ---- -``` - -### Files - -These are the files / directories that are created and/or modified with this -install: - -```txt -~/.config/envman/PATH.env -~/.local/bin/git-gpg-init -~/Downloads/YOU.KEY_ID.gpg.asc -``` - -### How to add your GPG Public Key to GitHub - -1. Go to your GitHub Profile () -2. Go to the SSH and GPG Keys () -3. Add GPG Key () -4. Paste the output of `gpg-pubkey` into the form - -### How to cache the Passphrase longer - -If you'd like the passphrase to be cached until your login session ends, just -set it to 400 days and call it good. - -`~/.gnupg/gpg-agent.conf`: - -```txt -default-cache-ttl 34560000 -max-cache-ttl 34560000 -``` - -You'll need to reload `gpg-agent` for this to take effect, or just logout and -login again. - -```bash -# kill gpg-agent dead -killall gpg-agent -gpgconf killall gpg-agent - -# start gpg-agent again (yes, 'bye' to start) -gpg-connect-agent --agent-program ~/.local/opt/gnupg/bin/gpg-agent /bye -``` - -Note: You may need to change or omit `--agent-program`, depending on how you -installed `gpg` (if you installed it with Webi, run it as shown above). - -### How to create a GPG Key - -See: - -- [gpg-pubkey](./gpg-pubkey) -- and [gpg](./gpg), if you want to do it "the hard way" - -### How to manually set up git commit gpg signing - -(this is what `git-gpg-init` does) - -Run [gpg-pubkey-id](./gpg-pubkey) to get your GnuPG Public Key ID and then -update your `~/.gitconfig` to sign with it by default: - -```bash -#!/bin/bash - -MY_KEY_ID="$( - gpg-pubkey-id -)" - -git config --global user.signingkey "${MY_KEY_ID}" -git config --global commit.gpgsign true -git config --global log.showSignature true -``` - -Or, for Windows users: - -```bash -#!/usr/bin/env pwsh - -$my_key_id = gpg-pubkey-id - -git config --global user.signingkey "$my_key_id" -git config --global commit.gpgsign true -git config --global log.showSignature true -``` - -Or, if you prefer to edit the text file directly: - -`~/.gitconfig` - -```txt -[user] - signingkey = CA025BC42F00BBBE -[commit] - gpgsign = true -[log] - showSignature = true -``` - -In some cases you may also want to prevent conflicts between different installed -versions of gpg, like so: - -```bash -git config --global gpg.program ~/.local/opt/gnupg/bin/gpg -``` - -```txt -[gpg] - program = /Users/me/.local/opt/gnupg/bin/gpg -``` - -### Troubleshooting 'gpg failed to sign the data' - -`gpg` is generally expected to be used with a Desktop client. On Linux servers -you may get this error: - -```txt -error: gpg failed to sign the data -fatal: failed to write commit object -``` - -Try to load the `gpg-agent`, set `GPG_TTY`, and then run a clearsign test. - -```bash -gpg-connect-agent /bye -export GPG_TTY=$(tty) -echo "test" | gpg --clearsign -``` - -If that works, update your `~/.bashrc`, `~/.zshrc`, and/or -`~/.config/fish/config.fish` to include the following: - -```bash -gpg-connect-agent /bye -export GPG_TTY=$(tty) -``` - -If this is failing on Mac or Windows, then `gpg-agent` is not starting as -expected on login (for Mac the above may work), and/or the `pinentry` command is -not in the PATH. - -If you just installed `gpg`, try closing and reopening your Terminal, or -possibly rebooting. diff --git a/git-gpg-init/git-gpg-init.sh b/git-gpg-init/git-gpg-init.sh deleted file mode 100644 index 3b38745..0000000 --- a/git-gpg-init/git-gpg-init.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -set -e -set -u - -export PATH="$HOME/.local/opt/gnupg/bin:$PATH" -export PATH="$HOME/.local/opt/gnupg/bin/pinentry-mac.app/Contents/MacOS:$PATH" - -# TODO check for public key without gpg-pubkey? -if ! command -v gpg-pubkey; then - webi gpg-pubkey -else - gpg-pubkey -fi - -MY_KEY_ID="$( - gpg-pubkey-id -)" - -echo -n "Enabling automatic git commit signing... - git config --global user.signingkey ${MY_KEY_ID} - git config --global commit.gpgsign true - git config --global log.showSignature true -" - -git config --global user.signingkey "${MY_KEY_ID}" -git config --global commit.gpgsign true -git config --global log.showSignature true - -echo "" -echo "Successfully updated ~/.gitconfig" -echo "" -echo "How to verify signed commits on GitHub:" -echo "" -echo " 1. Go to 'Add GPG Key': https://github.com/settings/gpg/new" -echo " 2. Copy and paste the key above from the first ---- to the last ----" -echo "" diff --git a/git-gpg-init/install.sh b/git-gpg-init/install.sh deleted file mode 100644 index 691954d..0000000 --- a/git-gpg-init/install.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -set -e -set -u - -function __install_git_gpg_init() { - MY_CMD="git-gpg-init" - - rm -f "$HOME/.local/bin/$MY_CMD" - webi_download "$WEBI_HOST/packages/$MY_CMD/$MY_CMD.sh" "$HOME/.local/bin/$MY_CMD" - chmod a+x "$HOME/.local/bin/$MY_CMD" -} - -function __check_gpg_pubkey_exists() { - if ! command -v gpg; then - webi gpg-pubkey - export PATH="$HOME/.local/opt/gnupg/bin:$PATH" - export PATH="$HOME/.local/opt/gnupg/bin/pinentry-mac.app/Contents/MacOS:$PATH" - fi -} - -function __check_gpg_exists() { - if ! command -v gpg; then - webi gpg - export PATH="$HOME/.local/opt/gnupg/bin:$PATH" - export PATH="$HOME/.local/opt/gnupg/bin/pinentry-mac.app/Contents/MacOS:$PATH" - fi -} - -__install_git_gpg_init -__check_gpg_pubkey_exists -__check_gpg_exists - -# run the command -"$HOME/.local/bin/$MY_CMD" diff --git a/gpg/README.md b/gpg/README.md index 89f5a02..fc76f3f 100644 --- a/gpg/README.md +++ b/gpg/README.md @@ -52,7 +52,7 @@ gpg --list-secret-keys --keyid-format LONG ### How to configure git to sign commits -See the [Cheat Sheet](./git-gpg-init) at [gpg-pubkey](./git-gpg-init). +See the [Cheat Sheet](./git-config-gpg) at [gpg-pubkey](./git-config-gpg). ### How to Export GPG Key for GitHub