luzifer/cfg
1
0
Fork 0
Code Releases Activity

Switch to using SSH keys for commit signing

Browse source 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2023-12-16 18:48:15 +01:00
parent 61a175cbfe
commit 4a8f48e491
Signed by: luzifer
SSH key fingerprint: SHA256:/xtE5lCgiRDQr8SLxHMS92ZBlACmATUmF1crK16Ks4E
3 changed files with 28 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.gitconfig
View file

@ -48,7 +48,7 @@ smudge = git-filter-osslvault smudge
required = true required = true
[gpg] [gpg]
program = gpg2 format = ssh
[push] [push]
default = upstream default = upstream
@ -65,10 +65,13 @@ enabled = true
# therefore to disable the directory safety check # therefore to disable the directory safety check
directory = * directory = *
[gpg.ssh]
allowedSignersFile = ~/.git_allowed_signers
[user] [user]
email = knut@ahlers.me email = knut@ahlers.me
name = Knut Ahlers name = Knut Ahlers
signingkey = 5D7EEBD183A1F4395D1ED038A5143194CB681B44 signingkey = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGVbYCO34iJikI+nLxpu2zjrvIh92GQqiss3Bkt+CSo4 loki
# Mappings for private repos and `go get` # Mappings for private repos and `go get`
[url "git@bitbucket.org:"] [url "git@bitbucket.org:"]

11
bin/git-c
View file

@ -1,5 +1,4 @@
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
source "${HOME}/bin/script_framework.sh" source "${HOME}/bin/script_framework.sh"
@ -11,8 +10,14 @@ git committerconfig
### Commit ### Commit
step "Loading passphrase for GPG key..." signingkey=$(git config user.signingkey)
vault-gpg $(git config user.signingkey) if [[ $signingkey =~ ^(ssh|ecdsa) ]]; then
step "Loading ssh key into agent..."
vault-sshadd $(cut -d ' ' -f 3 <<<"${signingkey}")
else
step "Loading passphrase for GPG key..."
vault-gpg ${signingkey}
fi
step "Execute pre-commit auto-hook" step "Execute pre-commit auto-hook"
git autohook pre-commit git autohook pre-commit

24
bin/git-committerconfig
View file

@ -7,7 +7,7 @@
# { # {
# "match": ".*", # "match": ".*",
# "email": "mymail@example.com", # "email": "mymail@example.com",
# "gpg-key": "...", # "signingkey": "...",
# } # }
# ] # ]
@ -26,7 +26,7 @@ def main():
in subprocess.check_output(['git', 'remote', '-v'], universal_newlines=True).split('\n') in subprocess.check_output(['git', 'remote', '-v'], universal_newlines=True).split('\n')
if re.match('origin.*\(push\)', x)][0] if re.match('origin.*\(push\)', x)][0]
except: except:
print('Could not find origin, not setting email.') print('Could not find origin, not setting local git configuration.')
return 0 return 0
if os.path.isfile(CONFIG): if os.path.isfile(CONFIG):
@ -37,18 +37,24 @@ def main():
for combi in combinations: for combi in combinations:
if re.search(combi['match'], repo): if re.search(combi['match'], repo):
subprocess.check_call( set_local_config('user.email', combi['email'])
['git', 'config', '--local', 'user.email', combi['email']])
if 'gpg-key' in combi and combi['gpg-key'] != '': if 'signingkey' in combi and combi['signingkey'] != '':
subprocess.check_call( set_local_config('user.signingkey', combi['signingkey'])
['git', 'config', '--local', 'user.signingkey', combi['gpg-key']]) set_local_config('gpg.format', 'ssh' if re.search(
r'^(?:ssh|ecdsa)', combi['signingkey']) else 'openpgp')
if 'commit-opts' in combi: if 'commit-opts' in combi:
subprocess.check_call( set_local_config('commit.cliopts', combi['commit-opts'])
['git', 'config', '--local', 'commit.cliopts', combi['commit-opts']])
break break
return 0 return 0
def set_local_config(param, value):
subprocess.check_call(['git', 'config', '--local', param, value])
if __name__ == "__main__": if __name__ == "__main__":
exit(main()) exit(main())