oct.zoy.org

Git GPG and notifications

this article is for macOS only.

If you use git and gpg to sign your commits, then you're probably used to sign you commits using a physical key that you have to insert and press with your finger when you are creating a commit.

Unfortunately, there is no visible feedback in the console when git awaits for a yubikey touch and this means that you can sometime miss these.

error: gpg failed to sign the data
fatal: failed to write commit object

To work around that, I wrote this small Rust application that watches git invoking GPG and sends a nice notification when it's time for you to click.

CleanShot%202021-03-30%20at%2011.15.50

That's pretty useful, but you have to build the binary, run it and it's still a bit of a hack.

There is actually a much nicer way to do that and here is how you can do that too:

#!/bin/bash

osascript -e 'display notification "Git wants to sign a commit!" with title "Click on your Yubikey"'
gpg "$@"

Change this script executable bit

chmod +x ~/bin/git-gpg.sh

And reconfigure git to use this script instead of gpg:

git config --add gpg.program /Users/$USER/bin/git-gpg.sh

And that's all! Next time you commit something and your key is needed, you'll see this notification pop:

CleanShot%202021-03-30%20at%2011.32.28

If you want to furthermore configure the icon, you can edit the script using the macOS script editor and then export the script as an application and change its icon manually. Grab the app I did myself here: git-gpg-notification.app.zip.

The final version of the script:

#!/bin/bash

open ~/bin/git-gpg-notification.app
gpg "$@"

CleanShot%202021-03-30%20at%2011.47.06

This is much nicer and more difficult to miss!