Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Does Sourcetree support git commit --gpg-sign?

Neil Sorensen
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 11, 2013

For one of the projects I'm working on, it's contractually important that our source code has strong audit capabilities--we need to be able to determine who made (or at least authorized) each change. For git, this means using the --gpg-sign option for commit (usernames are not sufficient, since it's trivial to spoof someone's username).

Is it possible to do this using Sourcetree? Is anyone else trying to do this as well?

1 answer

1 accepted

1 vote
Answer accepted
KieranA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 11, 2013

Hi Neil,

This'll be in the next major Mac version if you're on the Mac. If you're using Windows then it won't be around for a while yet.

Cheers

Steve Hoffman September 16, 2013

Kieran,

I'm not sure this is actually working in 1.7.0. I have a gpg key so I entered by path to gpg (in this case /opt/local/bin/gpg since I installed via macports). When I try and enable the "sign all commits" it says there are no keys.

I even tried installing the GPGSuite from https://gpgtools.org/ with no dice. ST just doesn't see I have keys.

KieranA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 25, 2013

Hi Steve,

If you're using GPGTools then try the following path: /usr/local/MacGPG2/bin

That's what I use for mine and it works fine. There's probably a couple of reasons in your case. Firstly you need to specify the folder path, not to the file itself (I think if you copy/paste paths it overrides the restrictions to specify folder paths only) and it wants to know about gpg2 rather than gpg which is in the path.

Try that path and see how it goes.

Cheers!

Brett Morrison September 2, 2016

I see it's still not available on Windows - 3 years later... Frustrating.

Brett Morrison September 2, 2016

Found a work around:

git config --global gpg.program "c:/Program Files (x86)/GNU/GnuPG/gpg2.exe"

Now it works!

Marco Matos
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 1, 2016

I have done this but its only able to sign when commit in terminal, sourcetree for windows sucks at this point really.

Brett Morrison October 1, 2016

It works for me using the GUI or command line.  A dialog pops up prompting for the GPG password.

Be sure to also have

commit.gpgsign=true

set in your .gitconfig.

 

Marco Matos
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 1, 2016

Hi Brett, thanks for your kind reply.

First I am into this crypto stuff after sign for keybase.io, so I am trying my best to encrypt whenever possible, with keys for different accounts etc.For now, I am trying to sign commits on GitHub and BitBucket.

Well I've done some testing here, when configuring gpgsign=true I can sign github commits if commits using the CL like here:https://github.com/mmatoscom/namshi/commit/6b05e0583be191a04f3a8147344cefcb40f2e5e6

commit.PNG

When I commit to Github using sourcetree, the result is "remote: Invalid username or password", At first, a keys misconfiguration was possible as I am dealing with them, but I assured the original working on was selected when goes to tools-options.

As you said, as sourcetree signing its not available for windows clients yet, would be great to overcome this with gpg2.exe soft.

My short solution for long term: I got docker for windows installed, so launched 2 linux containers under docker, with names github and bitbucket, and their /root/ (the home) linked as a volume to the each repositories roots in my laptop (container github to github root folder, and same for bbucket)

I am now trying to link the gpg over volumes, symlinks etc, as linking the volume in picture below to ~/.gnupg/. 

image2016-10-1 20:41:19.png

So all containers running under my system (keybase, github, bitbucket) would be sharing the same gnupg directory using docker volumes. The /home/keybase/mount is mounted in keybase windows install dir in my laptop (C:\Users\xxxxx\AppData\Roaming\Keybase). In near future I only have to link another container with same volume mounts to centralize management.

Than will config --global user and email different in each container, and also sourcetree in windows laptop.

Will keep posted here if succesfull or not.

Thanks again!

Marco

 

 

 

 

 

 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events