RC Logr 20200721 195846

Tuesday, 21 Jul, 2020

If you want to autosign git commits on Mac, there are a couple of tricks to it. I have not been able to get brew gpg to work consistently well, but installing from gpgtools.org seems to be able to be made to work. 🤖 This worked for me:

1. Install GPGTools from https://gpgtools.org
2. Create / import a key, then run gpg --list-secret-keys to find the sec key fingerprint
3. Make git settings, specifying the signing key as the fingerprint with no spaces:

1
2
3
4

% git config --global gpg.program /usr/local/MacGPG2/bin/gpg2
% git config --global user.signingkey 54EF87etc02B 
% git config --global commit.gpgsign true 
% git config --global tag.forceSignAnnotated true

1. If you want to autocommit to GitHub, open https://github.com/settings/keys and add the same public gpg key there. This links signed commits you make locally, once you push to master on the remote.
2. Edit ~/.gnupg/gpg-agent.conf and add this line:

1

 pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac

I had the brew version installed, and this was set to call /usr/local/bin/pinentry-mac, but the brew version is an older version. You can see that the pinentry-mac binary is being called from within an app bundle.

1
2
3
4

% /usr/local/bin/pinentry-mac --version
  pinentry-mac (pinentry) 0.9.4
% /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac --version
  pinentry-mac (pinentry) 1.1.0

1. Edit ~/.gnupg/gpg.conf and add this line:

1

no-tty

You can relogin with exec $SHELL --login, and reload the agent with gpgconf --kill gpg-agent.

It may work now.