Signing commits with gnupg under gitpod
Gitpod.io provides a online IDE development environment, that you can connect to your github account (or gitlab or bitbucket). You get also a command line. But signing commits is a bit more tricky.
You’ll need to transfer your private key (uh, dangerous) to the gitpod environment, import it into gnupg and use it with the command line git client. Note, that signing commits with vs code or theia doesn’t seem to be supported (eclipse-theia/theia#6299).
So, here is a small recipe that seems to be working:
-
Export your private key as a base64 string:
gpg --export-secret-keys <key-id> | base64 -w 0 -
Put this into a variable in gitpod: https://gitpod.io/variables
I named my variable “GNUPG_KEY”.
-
Start a new workspace, e.g. by prefixing your github url with
https://gitpod.io/#Now import the key with
gpg --verbose --batch --import <(echo $GNUPG_KEY|base64 -d) -
Verify with
gpg -Kthat the secret is indeed imported -
Configure gpg to use direct pin mode entry:
echo 'pinentry-mode loopback' >> ~/.gnupg/gpg.conf -
Change some file and commit it with signing:
git commit --gpg-sign --message="test"You should need to enter your secret key password now.
-
Verify with
git log --show-signaturethat the commit is signed.
You could add the steps into your .gitpod.yml as described in
Have Gitpod-based commits GPG-signed #666, e.g.
tasks:
- before: >
[[ ! -z $GNUPG_KEY ]] &&
gpg --verbose --batch --import <(echo $GNUPG_KEY|base64 -d) &&
echo 'pinentry-mode loopback' >> ~/.gnupg/gpg.conf
Comments
Joba
It didn’t work, I get “error: gpg failed to sign the data”
Leave a comment
Your email address will not be published. Required fields are marked *. All comments are held for moderation to avoid spam and abuse.