Switch to using SSH keys for commit signing
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
61a175cbfe
commit
4a8f48e491
3 changed files with 28 additions and 14 deletions
|
@ -48,7 +48,7 @@ smudge = git-filter-osslvault smudge
|
|||
required = true
|
||||
|
||||
[gpg]
|
||||
program = gpg2
|
||||
format = ssh
|
||||
|
||||
[push]
|
||||
default = upstream
|
||||
|
@ -65,10 +65,13 @@ enabled = true
|
|||
# therefore to disable the directory safety check
|
||||
directory = *
|
||||
|
||||
[gpg.ssh]
|
||||
allowedSignersFile = ~/.git_allowed_signers
|
||||
|
||||
[user]
|
||||
email = knut@ahlers.me
|
||||
name = Knut Ahlers
|
||||
signingkey = 5D7EEBD183A1F4395D1ED038A5143194CB681B44
|
||||
signingkey = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGVbYCO34iJikI+nLxpu2zjrvIh92GQqiss3Bkt+CSo4 loki
|
||||
|
||||
# Mappings for private repos and `go get`
|
||||
[url "git@bitbucket.org:"]
|
||||
|
|
11
bin/git-c
11
bin/git-c
|
@ -1,5 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
source "${HOME}/bin/script_framework.sh"
|
||||
|
@ -11,8 +10,14 @@ git committerconfig
|
|||
|
||||
### Commit
|
||||
|
||||
step "Loading passphrase for GPG key..."
|
||||
vault-gpg $(git config user.signingkey)
|
||||
signingkey=$(git config user.signingkey)
|
||||
if [[ $signingkey =~ ^(ssh|ecdsa) ]]; then
|
||||
step "Loading ssh key into agent..."
|
||||
vault-sshadd $(cut -d ' ' -f 3 <<<"${signingkey}")
|
||||
else
|
||||
step "Loading passphrase for GPG key..."
|
||||
vault-gpg ${signingkey}
|
||||
fi
|
||||
|
||||
step "Execute pre-commit auto-hook"
|
||||
git autohook pre-commit
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
# {
|
||||
# "match": ".*",
|
||||
# "email": "mymail@example.com",
|
||||
# "gpg-key": "...",
|
||||
# "signingkey": "...",
|
||||
# }
|
||||
# ]
|
||||
|
||||
|
@ -26,7 +26,7 @@ def main():
|
|||
in subprocess.check_output(['git', 'remote', '-v'], universal_newlines=True).split('\n')
|
||||
if re.match('origin.*\(push\)', x)][0]
|
||||
except:
|
||||
print('Could not find origin, not setting email.')
|
||||
print('Could not find origin, not setting local git configuration.')
|
||||
return 0
|
||||
|
||||
if os.path.isfile(CONFIG):
|
||||
|
@ -37,18 +37,24 @@ def main():
|
|||
|
||||
for combi in combinations:
|
||||
if re.search(combi['match'], repo):
|
||||
subprocess.check_call(
|
||||
['git', 'config', '--local', 'user.email', combi['email']])
|
||||
if 'gpg-key' in combi and combi['gpg-key'] != '':
|
||||
subprocess.check_call(
|
||||
['git', 'config', '--local', 'user.signingkey', combi['gpg-key']])
|
||||
set_local_config('user.email', combi['email'])
|
||||
|
||||
if 'signingkey' in combi and combi['signingkey'] != '':
|
||||
set_local_config('user.signingkey', combi['signingkey'])
|
||||
set_local_config('gpg.format', 'ssh' if re.search(
|
||||
r'^(?:ssh|ecdsa)', combi['signingkey']) else 'openpgp')
|
||||
|
||||
if 'commit-opts' in combi:
|
||||
subprocess.check_call(
|
||||
['git', 'config', '--local', 'commit.cliopts', combi['commit-opts']])
|
||||
set_local_config('commit.cliopts', combi['commit-opts'])
|
||||
|
||||
break
|
||||
|
||||
return 0
|
||||
|
||||
|
||||
def set_local_config(param, value):
|
||||
subprocess.check_call(['git', 'config', '--local', param, value])
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
exit(main())
|
||||
|
|
Loading…
Reference in a new issue