GnuPG Agent on fedora and git signed commits


Posted on April 21, 2016, 8:32 a.m.

This week I've discovered that you can sign your GIT commits using your GPG key. I like the idea, since this (somehow) prevents your working environment to be polluted by people commiting as each other. Not that I've found it to be a real problem in my case, but I still liked the idea.

The only downside I've found is that you have to provide your GPG password each time you want to create a new commit, merge, or anything that involves creating a new commit object in your git repository. It makes sense, your GPG private key should be password-protected. But wouldn't it be nice if you wouldn't have to type your password each time?

Fortunatelly, there exists a tool called gpg-agent.

All that I had to do was to include the following script in my ~/.zshrc:

#!/usr/bin/env bash

SOCKET=/home/js/.gnupg/S.gpg-agent
PIDOF=`pidof gpg-agent`
RETVAL=$?

if [ "$RETVAL" -eq 1 ]; then
        eval `gpg-agent --daemon`
fi
export GPG_AGENT_INFO=$SOCKET:$PIDOF:1

This way all that I really had to do now was to sign my commits by adding the -S flag to git commit. Now I am prompted for my password only once, the gpg-agent utility remembers my key and provides it when necessary.

You can control for how long does gpg-agent remember your password by creating a ~/.gnupg/gpg-agent.conf file. I'm happy with it keeping my password for an hour, so this is my config:

default-cache-ttl 3600000

Now, since I work mostly with Python, my IDE of choice is Pycharm (Intellij Based). Unfortunatelly, it does not support signing commits out of the box.

BUT, it does use the system-provided git binary. We can take advantage of that. All that has to be done is to export the GPG_TTY environment variable and run pycharm from the console. I've modified my pycharm.sh file and added an export at the top:

export GPG_TTY=$(tty);

There is already a ticket at JetBrains youtrack addressing that issue, hope that it will appear natively in Pycharm sometime soon.

Hello world!


Posted on Dec. 22, 2015, 11:01 a.m.

So, yeah, I'm starting a blog, mostly IT-related one, but still.

Categories