Posted on April 21, 2016, 8:32 a.m.
This week I've discovered that you can sign your GIT commits using your GPG key. I like the idea, since this (somehow) prevents your working environment to be polluted by people commiting as each other. Not that I've found it to be a real problem in my case, but I still liked the idea.
The only downside I've found is that you have to provide your GPG password each time you want to create a new commit, merge, or anything that involves creating a new commit object in your git repository. It makes sense, your GPG private key should be password-protected. But wouldn't it be nice if you wouldn't have to type your password each time?
Fortunatelly, there exists a tool called
All that I had to do was to include the following script in my
#!/usr/bin/env bash SOCKET=/home/js/.gnupg/S.gpg-agent PIDOF=`pidof gpg-agent` RETVAL=$? if [ "$RETVAL" -eq 1 ]; then eval `gpg-agent --daemon` fi export GPG_AGENT_INFO=$SOCKET:$PIDOF:1
This way all that I really had to do now was to sign my commits by adding the
-S flag to
git commit. Now I am prompted for my password only once, the
gpg-agent utility remembers my key and provides it when necessary.
You can control for how long does
gpg-agent remember your password by creating a
~/.gnupg/gpg-agent.conf file. I'm happy with it keeping my password for an hour, so this is my config:
Now, since I work mostly with Python, my IDE of choice is Pycharm (Intellij Based). Unfortunatelly, it does not support signing commits out of the box.
BUT, it does use the system-provided
git binary. We can take advantage of that. All that has to be done is to export the
GPG_TTY environment variable and run pycharm from the console. I've modified my
pycharm.sh file and added an export at the top:
There is already a ticket at JetBrains youtrack addressing that issue, hope that it will appear natively in Pycharm sometime soon.