Git GPG commit signing (commit -s) from IDE in effective way Follow
Answered
We want to do commit signing (git commit -s) from IDE. I know there exist feature requests https://youtrack.jetbrains.com/issue/IDEA-110261 and https://youtrack.jetbrains.com/issue/IDEA-65721.
However I'm just wondering why it isn't working to set a parameter "commit.gpgsign=true" in ".gitconfig" file.
I thought IntelliJ Idea recognizes button from IDE then reads the config file and performs the action. Why IntelliJ Idea shows error?
Sorry for maybe silly question but we need to find out a way how to do this in an effective way.
Thanks for answer.
Please sign in to leave a comment.
Which error does IntelliJ IDEA show?
Hi Kirill,
as my colleague Martin wrote. We have a problem with signed Git commits in the IntelliJ IDEA.
1) Logs from a command line:
I:\_devOps_\test>gpg --list-secret-keys
C:/Users/Martin Prouza/.gnupg/secring.gpg
-----------------------------------------
sec 2048R/204CECF8 2016-02-24
uid Martin Prouza <my e-mail>
ssb 2048R/E0218E76 2016-02-24
I:\_devOps_\test>git config --global --list
user.email=my e-mail
user.name=Martin Prouza
user.signingkey=204CECF8
core.autocrlf=true
commit.gpgsign=true
I:\_devOps_\test>git commit -a -m "Test5"
gpg: WARNING: unsafe permissions on homedir `C:/Users/Martin Prouza/.gnupg'
You need a passphrase to unlock the secret key for
user: "Martin Prouza <my e-mail>"
2048-bit RSA key, ID 204CECF8, created 2016-02-24
[master 1cae8df] Test5
1 file changed, 1 insertion(+), 1 deletion(-)
I:\_devOps_\test>git log --show-signature -1
commit 1cae8df2bfb79d5cd51ad86493bda6d8110f8ce0
gpg: WARNING: unsafe permissions on homedir `C:/Users/Martin Prouza/.gnupg'
gpg: Signature made Wed Feb 24 16:59:20 2016 using RSA key ID 204CECF8
gpg: Good signature from "Martin Prouza <my e-mail>"
Author: Martin Prouza <my e-mail>
Date: Wed Feb 24 16:59:20 2016 +0100
Test5
commit 1cae8df2bfb79d5cd51ad86493bda6d8110f8ce0
How you can see signed git commits are available from command line.
2) Logs from the IntellJ IDEA.
An error log in a pop-up window after click on a commit:
Commit failed with error:
gpg: WARNING: unsafe permissions on homedir `C:/Users/Martin Prouza/.gnupg'
gpg: cannot open tty `no tty': No such file or directory
error: gpg failed to sign the data
fatal: failed to write commit object
An error log in the IntelliJ IDEA log file:
2016-02-24 17:11:54,517 [3468114] INFO - #git4idea.commands.GitHandler - cd I:\_devOps_\test
2016-02-24 17:11:54,517 [3468114] INFO - #git4idea.commands.GitHandler - git -c core.quotepath=false commit --only -F C:\Users\MARTIN~1\AppData\Local\Temp\git-commit-msg-0.txt "--author=Martin Prouza <my e-mail>" -- src/main/java/org/Test.java
2016-02-24 17:11:54,588 [3468185] INFO - #git4idea.commands.GitHandler - gpg: WARNING: unsafe permissions on homedir `C:/Users/Martin Prouza/.gnupg'
gpg: cannot open tty `no tty': No such file or directory
error: gpg failed to sign the data
fatal: failed to write commit object
Do you have an idea what is wrong? May be a problem in key password entering ('no tty')?
Note. "my e-mail" substitutes real e-mail.
Thank you for your help.
Martin Prouza
> May be a problem in key password entering ('no tty')?
Yes, looks like this is the cause of the problem. Are you able to cache the key passphrase in some agent? (I'm not sure if pageant works for this task or you need something different, e.g. gpg-agent).
The solution is described on this page https://jamesmckay.net/2016/02/signing-git-commits-with-gpg-on-windows/. There is an important Git parameter gpg.program.
Just stumble on this as I was setting GPG signing for Rubymine.
The way I had things working fine:
- Need first to have a GPG key pair (public and private) run this to list your keys:
gpg --list-secret-keys --keyid-format LONGThis will give you the list. then copy your signing key id on the line starting by 'sec 4096R/here_your_key_id....'
Then on your terminal user the following command to setup the signing key into your .gitconfig file:
git config --global user.signingkey here_your_key_id- Now enable signing by default by running this in your terminal:
- One last thing is to edit the .gnupg/pgp.conf file and add those 2 lines at the end in order to avoid the 'no tty' error:
no-tty
use-agent
et voilà!
You can also add this manually to your .gitconfig file by adding:
- this under the [user] section:
signingkey = here_your_key_id- This under the [commit] section:
Rubymine will ask for the password for the GPG key on the first commit. You can then check the box to save it into the keychain.
On macOS, I had to set up `pinentry-mac` according to this description:
https://github.com/pstadler/keybase-gpg-github#optional-in-case-youre-prompted-to-enter-the-password-every-time