git_set_identity

This script will set the identity (user.name, user.email, and user.signingKey) in the Git repositories of the given directory.

This script is useful if you do not use the same identity in all the projects you work on:

$ git clone git@github.com:company/project.git ~/workspace/company/project

$ scripts/git/git_set_identity.sh -d ~/workspace/company/project -e user@company.com -s ~/.ssh/id_company.pub

See: longer example

The following parameters are required:

e

the email to be used for the identity; can be omitted if git config get user.email is set, and you want to use its value; also used for GPG secret key retrieval if -s is not set

n

the name to be used for the identity; can be omitted if git config get user.name is set, and you want to use its value

The following parameters are optional:

d

the directory ($PWD if not given) containing a Git repository

r

used in conjuction with -d to set the identity in direct child directories of the given directory

$ scripts/git/git_set_identity.sh -r -d root
root            (1)
├── one         (2)
│   └── three   (1)
└── two         (2)
1 identity will not be set
2 identity will be set if a Git repository
s

the path to the SSH public key if you want to use Git SSH signing

This script will set up key signing if

  1. a valid SSH public key is given via -s

  2. the following conditions are met:

    1. git config get gpg.program or gpg/gpg2 is installed

    2. a GPG secret key for the given email exists

In that case, the following Git configuration will be applied in addition to user.email and user.name:

commit.gpgSign

set to true

tag.forceSignAnnotated

set to true

tag.gpgSign

set to true

user.signingKey

set to the SSH public key given via -s or the first secret key returned by gpg --list-secret-keys for the given email if -s is not set

gpg.format

set to ssh if an SSH public key is given via -s, otherwise set to openpgp

gpg.ssh.allowedSignersFile

set to the argument of -a if given and -s is also used otherwise it will be not set

If you want to use Git SSH signing, you need to configure the allowed signers file in order for the local verification to work.

local

I suggest configuring it globally instead of per repository (-a):

$ echo "example@example.com namespaces=\"git\" $(cat ~/.ssh/id_dsa.pub)" >>~/.ssh/git_allowed_signers
$ chmod 600 ~/.ssh/git_allowed_signers
$ git config set --global gpg.ssh.allowedSignersFile ~/.ssh/git_allowed_signers

~/.gitconfig
[gpg "ssh"]
  allowedSignersFile = /Users/example/.ssh/git_allowed_signers
~/.ssh/git_allowed_signers
example@example.com namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGXWK6+HHmAtv2Sh9nn1WCYOIzgvV7OojYTkKIyuI8x example@example.com
GitHub

Add new SSH Key--"Key type" should be "Signing Key"

GitLb

Add an SSH key--"Usage type" should either be "Signing" or "Authentication & Signing"

Usage

$ scripts/git/git_set_identity.sh
$ scripts/git/git_set_identity.sh -s ~/.ssh/id_dsa.pub

$ scripts/git/git_set_identity.sh -r -d ~/workspace/company1 -e user@company1.com
$ scripts/git/git_set_identity.sh -r -d ~/workspace/company2 -e user@company2.com -s ~/.ssh/id_company2.pub

$ scripts/git/git_set_identity.sh -e cameron@howe.name
$ scripts/git/git_set_identity.sh -r -d ~/workspaces/cardiff-electric -e catherine.howe@cardiff-electric.com -n 'Catherine Howe'
$ scripts/git/git_set_identity.sh -s ~/.ssh/id_dsa.pub -a ~/.ssh/git_allowed_signers

Example

Cameron works for three companies and also has personal projects:

$ tree --noreport ~/workspaces
/Users/chowe/workspaces
├── cardiff-electric
│   ├── backend
│   └── frontend
├── comet
│   └── portal
├── mutiny
│   └── giant
└── personal
    ├── sandbox
    └── secret-project

She has three GPG keys—​one for each company and one personal use—​and one SSH key:

$ gpg --list-secret-keys
/Users/chowe/.gnupg/pubring.kbx
-----------------------------------------

sec   rsa4096/49F1A380A5660737 2025-02-02 [SC] [expires: 2029-02-02]
      Key fingerprint = 3956 4B7A A0B5 1F88 A8F8  BCBC 49F1 A380 A566 0737
uid                 [ultimate] Cameron Howe <c.howe@mutiny.com>
ssb   rsa4096/8B68480DE279CA88 2025-02-02 [E] [expires: 2029-02-02]

sec   rsa4096/EC073F7EFD23C1FA 2025-02-02 [SC] [expires: 2029-02-02]
      Key fingerprint = 2DAF 54C7 67F3 FD24 EACF  A1B5 EC07 3F7E FD23 C1FA
uid                 [ultimate] Cameron Howe <cameron@howe.name>
ssb   rsa4096/6363EEBF938865CF 2025-02-02 [E] [expires: 2029-02-02]

sec   rsa4096/77254FBC1027F48D 2025-02-02 [SC] [expires: 2029-02-02]
      Key fingerprint = C09B 7924 274A 9865 545C  6512 7725 4FBC 1027 F48D
uid                 [ultimate] Catherine Howe <catherine.howe@cardiff-electric.com>
ssb   rsa4096/6C2E4F6CB45DD27E 2025-02-02 [E] [expires: 2029-02-02]

$ cat ~/.ssh/id_ed25519-comet-chowe.pub
ssh-ed25519 ABAAC3NzaC1lZDI1NTE5AAAAIEGXWK6+HHmAtv2Sh9nn1WCYOIzgvV7OojYTkKIyuI88 chowe@comet.com

She configured her personal GPG key in her global Git configuration and signs commits and tags by default:

$ cat ~/.gitconfig
[user]
  name = Cameron Howe
  email = cameron@howe.name
  signingkey = 2DAF54C767F3FD24EACFA1B5EC073F7EFD23C1FA
[commit]
  gpgsign = true
[tag]
  forceSignAnnotated = true
  gpgsign = true

She also added the SSH key to her global allowed signers file:

$ echo "chowe@comet.com namespaces=\"git\" $(cat ~/.ssh/id_ed25519-comet-chowe.pub)" >>~/.ssh/git_allowed_signers

With this configuration, the following identities will be used for commits and tags:

$ find ~/workspaces/cardiff-electric -mindepth 1 -maxdepth 1 -type d -exec sh -c '(cd {} && echo "$PWD" && echo "  $(git config get user.name) <$(git config get user.email)> $(git config get user.signingkey)")' \;
/Users/chowe/workspaces/cardiff-electric/frontend
  Cameron Howe <cameron@howe.name> 2DAF54C767F3FD24EACFA1B5EC073F7EFD23C1FA
/Users/chowe/workspaces/cardiff-electric/backend
  Cameron Howe <cameron@howe.name> 2DAF54C767F3FD24EACFA1B5EC073F7EFD23C1FA

$ find ~/workspaces/comet -mindepth 1 -maxdepth 1 -type d -exec sh -c '(cd {} && echo "$PWD" && echo "  $(git config get user.name) <$(git config get user.email)> $(git config get user.signingkey)")' \;
/Users/chowe/workspaces/comet/portal
  Cameron Howe <cameron@howe.name> 2DAF54C767F3FD24EACFA1B5EC073F7EFD23C1FA

$ find ~/workspaces/mutiny -mindepth 1 -maxdepth 1 -type d -exec sh -c '(cd {} && echo "$PWD" && echo "  $(git config get user.name) <$(git config get user.email)> $(git config get user.signingkey)")' \;
/Users/chowe/workspaces/mutiny/giant
  Cameron Howe <cameron@howe.name> 2DAF54C767F3FD24EACFA1B5EC073F7EFD23C1FA

$ find ~/workspaces/personal -mindepth 1 -maxdepth 1 -type d -exec sh -c '(cd {} && echo "$PWD" && echo "  $(git config get user.name) <$(git config get user.email)> $(git config get user.signingkey)")' \;
/Users/chowe/workspaces/personal/secret-project
  Cameron Howe <cameron@howe.name> 2DAF54C767F3FD24EACFA1B5EC073F7EFD23C1FA
/Users/chowe/workspaces/personal/sandbox
  Cameron Howe <cameron@howe.name> 2DAF54C767F3FD24EACFA1B5EC073F7EFD23C1FA

She now uses this script to configure the identities for the company’s projects:

$ scripts/git/git_set_identity.sh \
-r \
-d ~/workspaces/cardiff-electric \
-e catherine.howe@cardiff-electric.com \
-n 'Catherine Howe'
Catherine Howe <catherine.howe@cardiff-electric.com> C09B7924274A9865545C651277254FBC1027F48D - /Users/chowe/workspaces/cardiff-electric/backend
Catherine Howe <catherine.howe@cardiff-electric.com> C09B7924274A9865545C651277254FBC1027F48D - /Users/chowe/workspaces/cardiff-electric/frontend

$ scripts/git/git_set_identity.sh \
-d ~/workspaces/comet/portal \
-e chowe@comet.com \
-s ~/.ssh/id_ed25519-comet-chowe.pub \
-a ~/.ssh/git_allowed_signers
Cameron Howe <chowe@comet.com> /Users/chowe/.ssh/id_ed25519-comet-chowe.pub - /Users/chowe/workspaces/comet/portal

$ scripts/git/git_set_identity.sh \
-d ~/workspaces/mutiny/giant \
-e c.howe@mutiny.com
Cameron Howe <c.howe@mutiny.com> 39564B7AA0B51F88A8F8BCBC49F1A380A5660737 - /Users/chowe/workspaces/mutiny/giant

The following identities will be used for commits and tags now:

$ find ~/workspaces/cardiff-electric -mindepth 1 -maxdepth 1 -type d -exec sh -c '(cd {} && echo "$PWD" && echo "  $(git config get user.name) <$(git config get user.email)> $(git config get user.signingkey)")' \;
/Users/chowe/workspaces/cardiff-electric/frontend
  Catherine Howe <catherine.howe@cardiff-electric.com> C09B7924274A9865545C651277254FBC1027F48D
/Users/chowe/workspaces/cardiff-electric/backend
  Catherine Howe <catherine.howe@cardiff-electric.com> C09B7924274A9865545C651277254FBC1027F48D

$ find ~/workspaces/comet -mindepth 1 -maxdepth 1 -type d -exec sh -c '(cd {} && echo "$PWD" && echo "  $(git config get user.name) <$(git config get user.email)> $(git config get user.signingkey)")' \;
/Users/chowe/workspaces/comet/portal
  Cameron Howe <chowe@comet.com> /Users/chowe/.ssh/id_ed25519-comet-chowe.pub

$ find ~/workspaces/mutiny -mindepth 1 -maxdepth 1 -type d -exec sh -c '(cd {} && echo "$PWD" && echo "  $(git config get user.name) <$(git config get user.email)> $(git config get user.signingkey)")' \;
/Users/chowe/workspaces/mutiny/giant
  Cameron Howe <c.howe@mutiny.com> 39564B7AA0B51F88A8F8BCBC49F1A380A5660737

$ find ~/workspaces/personal -mindepth 1 -maxdepth 1 -type d -exec sh -c '(cd {} && echo "$PWD" && echo "  $(git config get user.name) <$(git config get user.email)> $(git config get user.signingkey)")' \;
/Users/chowe/workspaces/personal/secret-project
  Cameron Howe <cameron@howe.name> 2DAF54C767F3FD24EACFA1B5EC073F7EFD23C1FA
/Users/chowe/workspaces/personal/sandbox
  Cameron Howe <cameron@howe.name> 2DAF54C767F3FD24EACFA1B5EC073F7EFD23C1FA

Prerequisites

More Information