DEV Community

Cover image for Signing Git Commits on Mac OS via SmartGit
Humberto A Sanchez II
Humberto A Sanchez II

Posted on

Signing Git Commits on Mac OS via SmartGit

Introduction

Between this article and this article, I figured out how to sign my GitHub commits.

Essentially it showed me how to:

  • Check the GPG installation
  • Check the keys
  • Configure a single repository to use a signing key
  • Verify signed commits
  • It pointed me here for instructions on how to add my GPG key to GitHub

In SmartGit you can configure signing by typing:

Smartgit —> Settings —>Git config

You will see the following dialog. Enter your information.

SmartGit Dialog

However, commits with SmartGit failed because pinentry (pin entry, get it !) was trying to popup a terminal based UI to ask me for the signing key passphrase.

Because I use homebrew it is rather confusing as to where to configure gpg, the gpg-agent, and pinentry. Lots of the docmentation is for Linux and to make matters worse I am on Mac OS.

Earlier documentation suggested I had to update gpg.conf to configure pinentry.

Finally found this article that correctly pointed to gpg-agent.conf

Actually it said:

~/.gnupg/gpg-agent.conf

But I deduced that the homebrew configuration files resided here:

/opt/homebrew/etc/gnupg

The file did not exist so I created it. Voila, on my next check-in SmartGit popped up the OS X pin entry dialog

Image description

My Cliff's notes on key generation

gpg --full-generate-key
Enter fullscreen mode Exit fullscreen mode

List the key to get the signing key

gpg --list-secret-keys --keyid-format LONG
Enter fullscreen mode Exit fullscreen mode

Export public to import into GitHub

gpg --armor --export [my key] > public.gpg
Enter fullscreen mode Exit fullscreen mode

Verify signed commits

git log --show-signature
Enter fullscreen mode Exit fullscreen mode

Image of Datadog

Create and maintain end-to-end frontend tests

Learn best practices on creating frontend tests, testing on-premise apps, integrating tests into your CI/CD pipeline, and using Datadog’s testing tunnel.

Download The Guide

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more