Nowadays, Git is an essential tool in software development. It allows developers to easily trace the history of all changes throughout the life of a code base with multiple contributors, and makes the development process a lot smoother.
It also has many options that add both convenience and safety to the development process.
However, it is often the case that developers struggle a bit seting up all git options they want on a new machine resulting in a series of google searches for the pages visited in the last time they were in the same situation.
I’d like to use this post to, hopefully, reduce the number of pages visited to 1. I’ll list the commands needed to safely store your github credentials in your machine, and to sign commits created on your machine, so that it possible to validate the origin of a commit.
Linux (debian) Specific Steps
We start by listing the commands for the debian distribution.
For starters, download some dependencies.
$ sudo apt install git gnupg pass
$ wget https://github.com/git-ecosystem/git-credential-manager/releases/download/v2.1.2/gcm-linux_amd64.2.1.2.deb
$ sudo dpkg -i gcm-linux_amd64.2.1.2.deb
Then, set up the git user, and the credential store. Note that the same git user and email must be used in all configuration steps.
$ git config --global user.name my-user-name
$ git config --global user.email my-email@domain
$ git config --global credential.credentialStore gpg
$ git config --global credential.helper git-credential-manager
$ git-credential-manager configure
$ pass init "my-user-name <my-email@domain>"
MacOS Specific Steps
In MacOS, we download the dependencies using homebrew, for convenience.
$ brew tap microsoft/git
$ brew update
$ brew install --cask gpg-suite pinentry-mac git-credential-manager
Then, set up the git user, and the credential store. Note that the same git user and email must be used in all configuration steps.
$ git config --global user.name my-user-name
$ git config --global user.email my-email@domain
$ git config --global credential.credentialStore keychain
$ git config --global credential.helper git-credential-manager
$ git-credential-manager configure
Common Steps
After running the steps laid out above, we will create a gpg key pair and configure git to use it to sign commits.
$ gpg --full-generate-key
$ gpg --list-secret-keys --keyid-format=long
# ouput:
# ------
# sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
# uid my-user-name <my-email@domain>
# ssb 4096R/4BB6D45482678BE3 2016-03-10
$ git config --global user.signingkey 3AA5C34371567BD2
$ git config --global commit.gpgsign true
$ gpg --armor --export 3AA5C34371567BD2
At this point, copy the gpg key from the output, beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----, and add it to your github account. In order to do that, go to the github website and click on your profile, in the upper-right corner. Then, click Settings > Access > SSH and GPG keys > New GPG keys and paste your gpg key.
Finally, run a git command requiring authentication (to a github repository) and write your github user and password. If you enabled multi-factor authentication you may need to create a new access token to use in the place of password. In order to create one, go to the github website and click Settings > Developer settings > Personal access tokens > Generate new token.
And we’re set!
References
- https://github.com/git-ecosystem/git-credential-manager
- https://github.com/git-ecosystem/git-credential-manager/blob/main/docs/credstores.md#gpgpass-compatible-files
- https://docs.github.com/en/get-started/getting-started-with-git/caching-your-github-credentials-in-git#git-credential-manager
- https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key
- https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key