Require GPG signed commits

[Robbert]

• [ ] Enable pre-commit hook?
• [ ] Enable pre-accept hook?
• [ ] Describe how contributors should enable signing of commits with GPG on their Mac
  1. Download GPGTools from https://gpgtools.org to install the gpg command line utility, if you don't have it already.
  2. Open the application GPG Keychain and setup a new private key for the e-mail address you use for commits to Git.
     • Generate a password with 1Password and use it as passphrase for your GPG key.
  3. Export the newly generated keys from GPG Keychain, including the secret key, and store it in 1Password as attachment, along with your passphrase.
  4. Configure git to use your key: git config --global user.signingkey $INSERT_KEY_HERE
  5. Enable GPG signing in git using git config commit.gpgsign true.
  6. Export your public key using these instructions, starting from gpg --list-keys and then using gpg --armor --export $INSERT_KEY_HERE.
  7. Login to github.com and let them know what your public GPG key is, in Settings > SSH and GPG keys > GPG keys.

Related reading: Github: Generating a GPG key

[Robbert]

We should try to find the $INSERT_KEY_HERE automatically

Work in progress attempt:

gpg --list-keys  --with-colons gpg "`git config --global user.email`" | grep '^pub:[[:alpha:]]:[[:digit:]]\{4\}:1:[[:alnum:]]\{8\}\([[:alnum:]]\{8\}\)'

• I'm using git config to automatically look for the e-mail address for git commits.
• --with-colons makes the output more easily parseable.
• I'm not yet sure how to extract text using grep.

[Robbert]

OK, it turns out there is a very simple UNIX utility called cut that can find values delimiter separated columns, CSV for example, but also values from colon separated columns.

Using that now:

gpg --with-colons --list-keys $GIT_COMMITTER_EMAIL \
    grep ^pub                       | # Show only public keys
    sort                            | # Sort by key strength
    tail -n 1                       | # Only use the strongest key (from the last line)
    cut -d : -f 5                   | # Only output the key ID column
    grep -o "\([[:alnum:]]\)\{8\}$"   # Only output the last eight characters

[Robbert]

@Yolijn Would you please also setup GPG on your computers?