问题描述
如果您有兴趣,请阅读我在这里尝试的内容:
If you're interested, read what I tried here:
我主要关注Github的指南 .更改配置文件后,我确保不要忘记重新启动bash/IntelliJ.
I followed mainly Github's guide. I made sure to not forget to restart bash/IntelliJ after you changed config files.
- 生成新的GPG密钥对
- 将GPG密钥添加到我的GitHub帐户
- 将已验证(通过GitHub)的电子邮件与我的GPG密钥,用于确保
.gitconfig
中的电子邮件相同. - 告诉Git我的GPG密钥
- 与GPG签署提交并确认已通过验证在Github上.
- 在同一页面上,我将提交设置为默认情况下使用
git config --global commit.gpgsign true
进行签名(我使用的是git 2.12).我进行了一次新提交,并确认它已由git verify-commit HEAD
签名. -
当我尝试在IntelliJ中提交时,得到
gpg: cannot open tty 'no tty'
,所以我发现,并将no-tty
添加到我的C:\Users\username\.gnupg\gpg.conf
文件中并重新启动.
- Generate a new GPG key pair
- Add the GPG key to my GitHub account
- Associate a verified (by GitHub) email with my GPG key where I made sure the email in my
.gitconfig
is the same. - Tell Git about my GPG key
- Sign a commit with GPG and confirmed that it was Verfied on Github.
- From that same page, I set commits to be signed by default with
git config --global commit.gpgsign true
(I'm using git 2.12). I made a new commit and verified it was signed withgit verify-commit HEAD
When I try to commit in IntelliJ, I get
gpg: cannot open tty 'no tty'
so I found IntelliJ fails to commit changes when attempting to sign commit (GPG) and addedno-tty
to myC:\Users\username\.gnupg\gpg.conf
file and restarted.
然后我得到错误gpg: Sorry, no terminal at all requested - can't get input
,这似乎是合理的,因为我刚刚添加了与终端无关的选项.像 gpg一样:对不起,根本没有要求的终端-可以'没有得到输入说解决方案是删除no-tty
,我希望这不适用于我的情况.
Then I get the error gpg: Sorry, no terminal at all requested - can't get input
which seems reasonable because I just added the option that has something to do with no terminal. Like gpg: Sorry, no terminal at all requested - can't get input says the solution is to remove the no-tty
which I hope doesn't apply to my case.
第一个问题的其他答案建议在gpg.conf
文件中也添加use-agent
,这会导致其他错误gpg: gpg-agent is not available in this session
.等等,也许我需要设置gpg-agent.
Other answers in the first question suggested to add use-agent
as well in the gpg.conf
file, which results in the additional error gpg: gpg-agent is not available in this session
. Ah wait, maybe I need to setup gpg-agent.
我能找到的Windows最佳指南是 Archlinux Wiki (是的,正确).它指定将生存时间添加到C:/Users/username/.gnupg/gpg-agent.conf
中,因此我创建了该文件并按如下方式添加了default-cache-ttl 34560000
和max-cache-ttl 34560000
: https://superuser.com/questions/624343/keep-gnupg-凭据缓存的整个用户会话
The best guide for Windows that I could find was the Archlinux wiki (yeah, right). It specifies to add to C:/Users/username/.gnupg/gpg-agent.conf
the time to live, so I create that file and add default-cache-ttl 34560000
and max-cache-ttl 34560000
as perhttps://superuser.com/questions/624343/keep-gnupg-credentials-cached-for-entire-user-session
现在让我们实际启动这个gpg-agent,让我检查了gpg-agent --version
确实比gpg --version
,所以我想拥有gpg2以便我可以运行git config --global gpg.program gpg2
.
Now let's actually start this gpg-agent, https://superuser.com/questions/1153101/why-does-git-complain-that-no-gpg-agent-is-running made me check that indeed gpg-agent --version
was much newer than gpg --version
, so I would like to have gpg2 so I could run git config --global gpg.program gpg2
.
但是我在命令行上没有gpg2.我分别安装了 Gpg4win (二进制版本,位于底部),甚至还安装了Gnupg 2,但这并没有给我gpg2在命令行上,我注意到我必须将GNU文件夹放在我认为应该包含的程序文件(x86)中.使用where gpg
时,我发现至少没有指向我刚刚下载的gpg,因为那显示了第二个.所以我用git config --global gpg.program 'C:\Program Files (x86)\GnuPG\bin\gpg.exe'
But I do not have gpg2 available on the command line. I installed Gpg4win (binary releases, at the bottom) and even Gnupg 2 separately but that didn't give me gpg2 on the command line, I noticed I had to folder GNU in my Program Files (x86) which I think I should have. With where gpg
I found out it was at least not pointing to the gpg I just downloaded, because that one showed second. So I pointed git to the right one with git config --global gpg.program 'C:\Program Files (x86)\GnuPG\bin\gpg.exe'
现在我出现错误gpg: skipped "keyid": secret key not available
. gpg中的解决方案:跳过"N":秘密密钥不可用是我刚刚所做的,所以这无济于事.然后我意识到我用其他gpg而不是这个gpg进行了所有设置.我做了alias gpg="'C:\Program Files (x86)\GnuPG\bin\gpg.exe'"
,检查了gpg --version
,然后又做了整个事情.实际上,我在.bash_profile
中放置了别名行,因此不需要每次都运行它.
Now I have the error gpg: skipped "keyid": secret key not available
. The solution in gpg: skipped "N": secret key not available is what I just did, so that doesn't help. Then I realised I set everything up with the other gpg, not with this one. I did alias gpg="'C:\Program Files (x86)\GnuPG\bin\gpg.exe'"
, checked gpg --version
and did the whole thing again. Actually I put the alias line in my .bash_profile
so I don't need to run it every time.
当我尝试gpg --gen-key
时,它立即挂起.不知道为什么,我认为问题不是熵不够,因为较旧的gpg可以正常工作,但是较新的gpg可能需要更多的熵.无论如何,我都找不到Internet上有相同问题的Windows用户.
When I try gpg --gen-key
it hangs immediately. No idea why, I don't think the problem is not enough entropy because the older gpg worked fine but it's possible that the newer version requires more entropy. In any case I couldn't find any windows user with the same problem on the Internet.
有效!当我提交IntelliJ时,它只要求输入一次带pinentry的密码.但是现在我无法从Git Bash提交,出现no secret key
错误是有道理的,因为正如我说的gpg --list-keys
为空:没有密钥与此gpg关联.
It works! When I commit in IntelliJ, it asks for my passphrase with pinentry only once. But now I can't commit from Git Bash, with the no secret key
error which makes sense because as I said gpg --list-keys
is empty: no key is associated with this gpg.
Intellij IDEA与GPG签署GIT提交是相关,但唯一的答案是针对MAC,似乎不适用于Windows.它确实导致我:
Intellij IDEA signing GIT commits with GPG is relevant, but the only answer is for MAC and doesn't seem to apply to Windows. It did lead me to:
me.m01 .eu 提示添加一个名为GNUPGHOME
的新环境变量,该变量指向C:\Users\username\.gnupg
.该目录存在,但是如 git commit签名中的回答所述失败:密钥不可用我认为我的新gpg使用C:\Users\username\AppData\Roaming\gnupg
,所以我添加了它.我用printenv GNUPGHOME
检查是否已正确添加(必须重新启动).虽然没有任何改变.
me.m01.eu hints at adding a new environment variable called GNUPGHOME
which points to C:\Users\username\.gnupg
. That directory exists, but as mentioned in an answer from git commit signing failed: secret key not available I think my new gpg uses C:\Users\username\AppData\Roaming\gnupg
so I added that instead. I checked with printenv GNUPGHOME
that I added it correctly (I had to reboot). Didn't change anything though.
由于我的键是C:\Users\username\.gnupg
,所以我尝试将环境变量指向该位置,但并没有帮助,gpg --list-keys
仍然为空.因此,我不得不找到另一种方法来指出我的密钥所在的gpg.
Since my keys are I think in C:\Users\username\.gnupg
I tried pointing the environment variable to there, but it didn't help, gpg --list-keys
was still empty. So I had to find another way of pointing out to gpg where my keys are.
gpg --list-keys --homedir='C:/Users/s156757/.gnupg'
确实提供了正确的密钥,因此我决定将homedir C:\Users\s156757\.gnupg
添加到必须创建的C:\Users\username\AppData\Roaming\gnupg\gpg.conf
文件中.由于此错误.我确认gpg --list-keys
返回了我的密钥.仍然是相同的错误,向此conf文件添加no-tty
和use-agent
并没有帮助.
gpg --list-keys --homedir='C:/Users/s156757/.gnupg'
did give the correct keys, so I decided to add homedir C:\Users\s156757\.gnupg
to my C:\Users\username\AppData\Roaming\gnupg\gpg.conf
file which I had to create. Because of this bug. I confirmed gpg --list-keys
returned my keys. Still the same error, adding no-tty
and use-agent
to this conf file didn't help.
更多想法
- 我无法使用
gpg --export [ID] | gpg2 --import &&gpg --export-secret-keys [ID] | gpg2 --import
将密钥从gpg导出到gpg2 - 我以为可以单独配置Gpg4win,所以我不需要每次都输入密码.不幸的是,我找不到任何方法可以使Gpg4win记住我的密码.
- 后来我想,如果我没记错的话,
gpg --list-secret-keys
从未为gpg 2返回任何内容.我直到后来才发现该命令与gpg --list-keys
不同.
- I didn't manage to export keys from gpg to gpg2 with
gpg --export [ID] | gpg2 --import &&gpg --export-secret-keys [ID] | gpg2 --import
- I thought Gpg4win alone maybe could be configured so I don't need to type my password every time. Unfortunately, I couldn't find anywhere a way to make Gpg4win remember my passphrase.
- I later thought, if I remember correctly
gpg --list-secret-keys
has never returned anything for gpg 2. I only later found out that that command is different fromgpg --list-keys
.
简而言之,这是主要问题:gpg-agent允许密码短语缓存,但是git的gpg版本与gpg-agent版本不匹配,因此您必须自己先安装正确的gpg 2.但是我无法以可以同时从Git Bash和IntelliJ提交的方式进行安装.
In short this is the main problem: gpg-agent allows passphrase caching but the gpg version of git doesn't match the gpg-agent version so you have to install the right gpg 2 yourself first. But I didn't manage to do that installation in such a way that I could commit from both Git Bash and IntelliJ.
推荐答案
自git 2.19.1起,就支持gpg2!
gpg-agent现在可以处理自动签名,记住您的密码
这应该使使用gpg自动签署提交更加容易.确切地说,git版本2.19.1至少具有gpg 2.2.9.这些说明已在Windows 7,Windows 8.1,Windows 10,Arch Linux和Fedora 29上进行了测试.
Since git 2.19.1, gpg2 is supported!
gpg-agent can handle automatic signing now, remembering your passphrase
This should make it easier to use gpg to sign commits automatically.To be exact, git version 2.19.1 has at least gpg 2.2.9.These instructions were tested on Windows 7, Windows 8.1, Windows 10, Arch Linux and Fedora 29.
配置git commit签名的步骤
- 建议您设置ssh,请参见例如 help.github.com/en/articles/connecting-to-github -with-ssh (同样在您不使用GitHub时)
-
(在Linux上)启动终端或在Windows上(在Windows上)启动git bash,使用
git --version
检查git至少为2.19.1,并使用gpg --version
检查您正在使用gpg2.
- It is recommended that you have set up ssh, see e.g. help.github.com/en/articles/connecting-to-github-with-ssh (also when you don't use GitHub)
Start (on Linux) a terminal or (on Windows) git bash, check with
git --version
that git is at least 2.19.1 and withgpg --version
that you are using gpg2.
如果没有,请使用where gpg
(如果where
命令不可用,请使用which gpg
)检查最上面的路径是git.
If not, check with where gpg
(or which gpg
if the where
command is not available) that the top-most path is the git one.
- 如果看不到路径,或者没有任何路径具有gpg2,请尝试使用
gpg2
命令而不是gpg
,因此请尝试gpg2 --version
.如果可行,从现在开始,您必须使用gpg2
而不是gpg
. - 如果看到的是git路径,但它不是顶级路径,请在Windows中将
alias gpg="'C:\path\to\Git\usr\bin\gpg.exe'"
放在C:\Users\username\.bash_profile
中,如果该文件不存在,则创建该文件,然后重新启动git bash.再次尝试和gpg --version
.从现在开始,在gpg
键入文件的地方,应将其替换为'C:\path\to\Git\usr\bin\gpg.exe'
.
- If you see no paths or not any one which has gpg2, try the
gpg2
command instead ofgpg
, sogpg2 --version
. If that works, you'll have to usegpg2
instead ofgpg
from now on. - If you see a git path but it's not the top one, put (on Windows)
alias gpg="'C:\path\to\Git\usr\bin\gpg.exe'"
in yourC:\Users\username\.bash_profile
, create the file if it doesn't exist, and restart git bash. Trywhere gpg
andgpg --version
again. From now on, wheregpg
is typed into a file you should replace it with'C:\path\to\Git\usr\bin\gpg.exe'
.
检入gpg --version
的输出,看主目录是否类似于(在Linux上)/home/username/.gnupg
或(在Windows上)/c/Users/username/.gnupg
.该目录还没有存在.
Check in the output of gpg --version
if the home directory is something like (on Linux) /home/username/.gnupg
or (on windows) /c/Users/username/.gnupg
. This directory doesn't have to exist, yet.
如果路径不正确,请尝试更改它-例如,在Windows上一次,我看到我的家所在的位置是我运行命令的路径的前缀,因此我在.bash_profile
中添加了alias gpg="gpg --homedir=/c/Users/s156757/.gnupg"
的别名并重新启动bash,然后再次检查.
If the path is incorrect, try to change it - for example one time on Windows I saw my home was prefixed by the path in which I ran the command, so I put an alias in the .bash_profile
with alias gpg="gpg --homedir=/c/Users/s156757/.gnupg"
and restarted bash, then checked again.
- 选择RSA和RSA及4096位.
- 作为真实姓名,请像在
~\.gitconfig
中一样使用您的user.name
. - 作为电子邮件,请在您的
~\.gitconfig
中使用来自user.email
的电子邮件,确保该电子邮件是GitHub上经过验证的电子邮件. - 如果您想尝试使用gpg-agent(每次重新启动后必须至少提供一次密码),或者如果您在GitHub上带有未验证"标志,可以提供一个密码.否则,将其留空.
- Select RSA and RSA and 4096 bits.
- As real name use your
user.name
as in your~\.gitconfig
. - As email, use the email from
user.email
in your~\.gitconfig
, making sure that this email is a verified email on GitHub. - If you want to try gpg-agent (you will have to provide your password at least once after each reboot) or if you are fine with an 'unverified' badge on GitHub, provide a password. Otherwise, leave it empty.
自动进行提交签名的步骤:三个选项
1.我的钥匙上没有密码
您完成了.
Steps to make the commit signing happen automatically: three options
1. I have no passphrase on my key
You're done.
对我来说,该选项不起作用:我仍然必须经常(尽管并非总是)提供密码短语.但从理论上讲,这是可行的:
For me this option didn't work: I still had to provide my passphrase often, though not always. But in theory this works:
- 更新缓存时间,在
C:\Users\username\.gnupg\gpg-agent.conf
中:创建文件(如果不存在),然后添加default-cache-ttl 34560000
和max-cache-ttl 34560000
. - 使用
gpgconf --kill gpg-agent
重新启动gpg-agent - 现在,在提交时,您应该只输入一次密码,然后就不用了.检查您的提交是否在GitHub上为
Verified
.
- Update the cache time, in
C:\Users\username\.gnupg\gpg-agent.conf
: create file if it doesn't exist, adddefault-cache-ttl 34560000
andmax-cache-ttl 34560000
. - Restart gpg-agent using
gpgconf --kill gpg-agent
- Now you should have to enter your passphrase once when committing and then not anymore. Check that your commit is
Verified
on GitHub.
3.将明文形式的密码短语传送到gpg
这意味着您不必提供密码,但对我来说,这意味着GitHub在我的提交中加上了Unverified
徽章.在这里提问:
3. Pipe the passphrase in plaintext to gpg
This means that you never have to provide your passphrase, but for me this means that GitHub puts an Unverified
badge on my commit. Question here: The key whose key-id is in the signature did not sign this commit
- 如果已创建,请用以下代码替换
C:\Users\username\start-gpg.sh
的所有内容.如果不是这样,请创建包含以下内容的文件,删除--homedir
标志并运行git config --global gpg.program C:\\Users\\username\\start-gpg.sh
.无论如何,请重新启动bash.
- If you created it already, replace all of the contents of
C:\Users\username\start-gpg.sh
with the code below. If you didn't, create the file with the contents below, remove the--homedir
flag and rungit config --global gpg.program C:\\Users\\username\\start-gpg.sh
. In any case, restart bash.
是的,您将以明文形式在计算机上放置密码!如果您知道更好的方法,请发表评论...
Yes, you're going to place your password in plaintext on your computer! If you know a better way, please leave a comment...
# Passphrase-file-descriptor is set to 0 (STDIN), to use it --batch must be used
# The --pinentry-mode loopback is required since gpg 2.1.0 for --passphrase-fd
# The "$@" makes sure that whatever git wanted gpg to do, is still done
echo mypassphrase | gpg --homedir=/c/Users/username/.gnupg --passphrase-fd 0 --batch --yes --pinentry-mode loopback "$@"
- 提交并推送并检查是否未要求您输入密码,并且在GitHub上您的提交仍为
Verified
.
没有gpg2的旧git版本的旧答案
作为参考,这里是完整的说明,或者更确切地说,是我为使其工作而执行的步骤. 工作"是指提交是自动签名的,但是有两个缺点:
Old answer for older git versions without gpg2
For the reference, here are the full instructions, or rather the steps I did to make it somewhat work. With 'work' I mean that commits are signed automatically, but there are two disadvantages:
- GitHub将它们识别为
unverified
:The key whose key-id is in the signature did not sign this commit. Someone may be trying to trick you.
有关此问题的后续问题是 - 创建提交需要更长的时间,例如5秒而不是不到一秒.
- GitHub recognizes them as
unverified
:The key whose key-id is in the signature did not sign this commit. Someone may be trying to trick you.
The follow-up question regarding this is The key whose key-id is in the signature did not sign this commit - Creating a commit takes a much longer time, like five seconds instead of less than one.
如果遇到问题,请检查问题中的步骤以查看是否遇到相同的问题.
If you get stuck, check the steps in the question to see if I had the same problem.
- 第一步来自良好的Github的指南:生成新的GPG密钥对
- 将GPG密钥添加到您的GitHub帐户
- 将已验证(通过GitHub)的电子邮件与您的GPG密钥,并确保您的
.gitconfig
中的名称和电子邮件相同. - 告诉Git您的GPG密钥
- 与GPG签署提交并确认已通过验证在Github上,当您查看自己的提交时,应该会看到一个小徽章.
-
设置提交默认情况下使用
git config --global commit.gpgsign true
进行签名.进行新的提交,并验证是否已使用git verify-commit HEAD
签名.
- First few steps are from the good Github's guide: Generate a new GPG key pair
- Add the GPG key to your GitHub account
- Associate a verified (by GitHub) email with your GPG key and make sure the name and email in your
.gitconfig
are the same. - Tell Git about your GPG key
- Sign a commit with GPG and confirm that it is Verified on Github, you should see a little badge when you view your commit.
Set commits to be signed by default with
git config --global commit.gpgsign true
. Make a new commit and verify if it was signed withgit verify-commit HEAD
.
git随附的gpg版本太旧,因此请安装 Gpg4win (二进制发行版,在底部)应该安装gpg2.使用where gpg
,您应该看到两条路径,其中第二条可能是您的新gpg,类似于C:\Program Files (x86)\GnuPG\bin\gpg.exe
.如果不是,请尝试与下载页面分开安装Gnupg 2.
The gpg version that comes with git is too old, so install Gpg4win (binary releases, at the bottom) which should install gpg 2. With where gpg
you should see two path, of which probably the second is your new gpg, something like C:\Program Files (x86)\GnuPG\bin\gpg.exe
. If not, try to install Gnupg 2 separately from the downloads page.
我放置了alias gpg="'C:\Program Files (x86)\GnuPG\bin\gpg.exe'"
来将gpg
命令指向我的C:\Users\username\.bash_profile
中的新gpg,重新启动Git Bash并使用gpg --version
检查我现在是否正在使用gpg 2.
I put alias gpg="'C:\Program Files (x86)\GnuPG\bin\gpg.exe'"
to point the gpg
command to my new gpg in my C:\Users\username\.bash_profile
, restart Git Bash and check with gpg --version
that I'm now using gpg 2.
添加一个名为GNUPGHOME
的新环境变量,该变量指向C:\Users\username\.gnupg
.重新引导并使用printenv GNUPGHOME
检查是否正确添加了它.
Add a new environment variable called GNUPGHOME
which points to C:\Users\username\.gnupg
. Reboot and check with printenv GNUPGHOME
that you added it correctly.
制作脚本C:\Users\username\gpg-no-tty.sh
并将其放入echo passphrase | "C:\Program Files (x86)\GnuPG\bin\gpg.exe" --passphrase-fd 0 --batch --no-tty --yes "$@"
将密码短语放在此处为纯文本的原因是,要使其全部正常工作的--batch
选项需要输入密码短语.在我看来,似乎应该有一个比将通行密码以明文形式保存在计算机上更好的解决方案,因此,如果发现更好的内容,请发表评论.
The reason you are putting your passphrase in plaintext here is because the --batch
option, which makes it all work, needs the passphrase fed. To me it seems like there should exist a better solution than saving your passphrase in plaintext on your computer, so please leave a comment if you found something better.
使用git config --global gpg.program C:\\Users\\username\\gpg-no-tty.sh
将git指向此脚本.
Point git to this script with git config --global gpg.program C:\\Users\\username\\gpg-no-tty.sh
.
现在在Git Bash和IntelliJ中测试您可以提交的内容,并通过执行git verify-commit HEAD
来验证其是否有效.
Now test both in Git Bash and IntelliJ that you can commit, and verify that it worked by doing git verify-commit HEAD
.
这篇关于如何在像IntelliJ这样的IDE中对git commit进行签名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!