在Mac上阻止GPG密码提示

Question

我正在尝试为Github生成一个gpg，如下所示：https://help.github.com/articles/generating-a-new-gpg-key/

我已生成密钥并设置〜/ .gitconfig和我的本地.git / config以包含

[user]
  email = austin@my_email_address.com
  name = Austin Gibbons
  signingkey = <key_id>
[gpg]
  program = /usr/local/bin/gpg
[commit]
  gpgsign = true

在〜/ .gnupg / gpg.conf中我有

no-emit-version
use-agent

和〜/ .gnupg / gpg-agent.conf

default-cache-ttl 28800000
max-cache-ttl 28800000
use-standard-socket
pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac

每次运行git commit时都会提示我输入我的gpg密码，而我设置的任何内容似乎都没有改变。我不知道如何在钥匙圈中设置它，并且不胜感激任何建议！

我正在运行gpg-agent守护程序

$ ps aux | grep gpg
austin          63896   0.9  0.0  2432772    676 s010  S+    2:37PM   0:00.00 grep gpg
austin          98503   0.0  0.0  2436440    584   ??  S    10:41AM   0:00.00 /bin/bash /usr/local/MacGPG2/libexec/shutdown-gpg-agent
austin          51417   0.0  0.0  2475748    928   ??  Ss    1:58PM   0:00.45 gpg-agent --daemon

当我添加到〜/ .gnupg / gpg.conf

时

no-tty

我得到了

$ git commit -m "test"
error: gpg failed to sign the data
fatal: failed to write commit object

与其他问题类似：

Git signed commits - How to suppress "You need a passphrase to unlock the secret key..."

我还尝试通过命令行和gpg-tools

生成密钥

Answer 1

我遵循了与您所做的类似的过程。 （这是在OSX 10.10.5上完成的）

详细信息如下。

创建GPG密钥及其对Github的补充

首先按照https://help.github.com/articles/generating-a-new-gpg-key/上的说明进行操作，然后在步骤1中要求下载GPG工具。我尝试下载https://sourceforge.net/projects/gpgosx/files/GnuPG-2.1.14.dmg/download，但这并没有在PATH中结束，所以想到搜索brew：

$ brew search gpg
gpg  gpg-agent gpg1 gpg2 gpgme libgpg-error Caskroom/cask/gpgtools

$ brew cask install gpgtools
==> Downloading https://releases.gpgtools.org/GPG_Suite-2016.08_v2.dmg
...... installation log snipped ....

有了这个，按照https://help.github.com/articles/generating-a-new-gpg-key/从＃2到＃14的说明继续执行，之后以4096位GPG密钥添加到我的Github帐户。

以下是步骤＃2到＃9（创建GPG密钥）的一些输出：

$ gpg --gen-key
gpg (GnuPG/MacGPG2) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?  (Chose DEFAULT)

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: blahblah
Email address: blahblah@blah.blah
Comment:
You selected this USER-ID:
    "blahblah <blahblah@blah.blah>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
gpg: key ABCDEFG marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   4096R/ABCDEFG 2016-10-03
      Key fingerprint = adf asdf asdf asdf asf asdfas dfasdf
uid       [ultimate] blahblah <blahblah@blah.blah>
sub   4096R/ABCDEFG 2016-10-03

使用GPG密钥和GIT创建并推送签名提交

然后创建并推送签名提交给Github：

$ git config --local user.signingkey ABCDEFGHIJKLD2

$ touch test && git add test

$ git -c user.name="blahblah" -c user.email=blahblah@blah.blah commit -S -m "Test GPG"

You need a passphrase to unlock the secret key for
user: "blahblah <blahblah@blah.blah>"
4096-bit RSA key, ID ABCDEFG, created 2016-10-03

[master abcdefg] Test GPG
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 test

$ git push
Counting objects: 2, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 956 bytes | 0 bytes/s, done.
Total 2 (delta 0), reused 0 (delta 0)
To ssh://github.com/someuser/somerepo.git
   abcdefg..abcdeff  master -> master

创建签名提交的第一次尝试导致以下弹出窗口：

然而，在我将其保存到Keychain之后，在创建另一个签名提交时没有再次提示我，并且在推送提交时，Github正确地将提交显示为＆＃39;已验证＆＃39;：

Answer 2

以下是如何在Python 2中使用Ashutosh的解决方案。（从here偷来并修改）

import subprocess
import urllib

gpg_agent = subprocess.Popen(["gpg-connect-agent"], stdin=subprocess.PIPE,
                             stdout=subprocess.PIPE)
prompt = urllib.quote('Please enter your password')
cache_id = 'foobar_app1'
command = "GET_PASSPHRASE %s X X %s\n" % (cache_id, prompt)
stdout = gpg_agent.communicate(command)[0]
if gpg_agent.returncode != 0:
    raise Exception("gpg-connect-agent exited %r" %
                    (gpg_agent.returncode,))
elif not stdout.startswith("OK"):
    raise Exception("gpg-agent says: %s" % (stdout.rstrip(),))
else:
    # You'll get an exception here if we get anything we didn't expect.
    passphrase = stdout[3:-1].decode("hex")
    print(passphrase)