我正在尝试为 Github 生成一个 gpg,详见此处:https://help.github.com/articles/generating-a-new-gpg-key/
我已经生成了 key 并设置了 ~/.gitconfig 和我的本地 .git/config 以包含
[user]
email = austin@my_email_address.com
name = Austin Gibbons
signingkey = <key_id>
[gpg]
program = /usr/local/bin/gpg
[commit]
gpgsign = true
在 ~/.gnupg/gpg.conf 我有
no-emit-version
use-agent
在 ~/.gnupg/gpg-agent.conf 中
default-cache-ttl 28800000
max-cache-ttl 28800000
use-standard-socket
pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
每次运行 git commit 时,系统都会提示我输入 gpg 密码,但我的设置似乎没有任何改变。我不确定如何将它设置在我的 key 圈中,如有任何建议,我将不胜感激!
我正在运行一个 gpg-agent 守护进程
$ ps aux | grep gpg
austin 63896 0.9 0.0 2432772 676 s010 S+ 2:37PM 0:00.00 grep gpg
austin 98503 0.0 0.0 2436440 584 ?? S 10:41AM 0:00.00 /bin/bash /usr/local/MacGPG2/libexec/shutdown-gpg-agent
austin 51417 0.0 0.0 2475748 928 ?? Ss 1:58PM 0:00.45 gpg-agent --daemon
当我添加到 ~/.gnupg/gpg.conf 时
no-tty
我明白了
$ git commit -m "test"
error: gpg failed to sign the data
fatal: failed to write commit object
类似其他问题:
Git signed commits - How to suppress "You need a passphrase to unlock the secret key..."
我还尝试通过命令行和 gpg-tools 生成 key
最佳答案
我遵循了与您所做的类似的过程。 (这是在 OSX 10.10.5 上完成的)
详情如下。
创建 GPG key 并将其添加到 Github
首先按照 https://help.github.com/articles/generating-a-new-gpg-key/ 上的说明进行操作在第 1 步中,要求下载 GPG 工具。我尝试下载 https://sourceforge.net/projects/gpgosx/files/GnuPG-2.1.14.dmg/download然而,它并没有出现在 PATH 中,所以考虑搜索 brew :
$ brew search gpg
==> Formulae
gpg gpg1 gpg2 gpgme libgpg-error
==> Casks
gpg-suite gpg-suite-nightly gpg-suite-no-mail gpg-suite-pinentry gpg-sync
$ brew cask install gpg-suite-no-mail
==> Downloading https://releases.gpgtools.org/GPG_Suite-2019.2.dmg
...... installation log snipped ....
Note:
gpg-suite-no-mailinstalls the full set of GPG tools (now called GPG Suite), except for GPG Mail, a premium feature.
准备就绪后,继续按照 https://help.github.com/articles/generating-a-new-gpg-key/ 上的说明进行操作从 #2 到 #14 之后,我的 Github 帐户中添加了一个 4096 位 GPG key 。
这是步骤 #2 到 #9(创建 GPG key )的一些输出:
$ gpg --gen-key
gpg (GnuPG/MacGPG2) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? (Chose DEFAULT)
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: blahblah
Email address: blahblah@blah.blah
Comment:
You selected this USER-ID:
"blahblah <blahblah@blah.blah>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
gpg: key ABCDEFG marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 4096R/ABCDEFG 2016-10-03
Key fingerprint = adf asdf asdf asdf asf asdfas dfasdf
uid [ultimate] blahblah <blahblah@blah.blah>
sub 4096R/ABCDEFG 2016-10-03
将 GPG key 与 GIT 结合使用来创建和推送已签名的提交
然后创建并推送一个已签名提交到 Github:
$ git config --local user.signingkey ABCDEFGHIJKLD2
$ touch test && git add test
$ git -c user.name="blahblah" -c user.email=blahblah@blah.blah commit -S -m "Test GPG"
You need a passphrase to unlock the secret key for
user: "blahblah <blahblah@blah.blah>"
4096-bit RSA key, ID ABCDEFG, created 2016-10-03
[master abcdefg] Test GPG
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 test
$ git push
Counting objects: 2, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 956 bytes | 0 bytes/s, done.
Total 2 (delta 0), reused 0 (delta 0)
To ssh://github.com/someuser/somerepo.git
abcdefg..abcdeff master -> master
创建签名提交的第一次尝试导致以下 pop 窗口:
然而,在我将它保存到钥匙串(keychain)之后,在创建另一个签名提交和推送提交时,我没有再次收到提示,Github 正确地将提交显示为“已验证”:
关于git - 防止在 Mac 上出现 GPG 密码提示,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39780452/