👍 very much used feature for me, constantly reverting to git tag -s in cmdline

I imagine this will be much more popular now that GitHub shows GPG signature verifications.

Was hoping that by setting the following in my global config, it would have worked in GitUp, but it didn't seem to work though.

[commit]
  gpgsign = true

GitUp doesn't use the Git tool at all but libgit2. Support for GPG signing would need to be implemented inside GitUpKit.

@swisspol any idea how big a task that would be? Does git just use the gpg binaries under the hood?

Also, do you have a design in mind for implementing this, would you be open to a PR for this?
Not saying I'd do it right away, but I'd be very interested in that, and would contemplate scratching my own itch on this one.

I'm not sure, some research needs to be done. PRs are always welcome as long as they meet the contributing requirements 😄

Looks like libgit2 supports adding the signature through https://libgit2.github.com/libgit2/#HEAD/group/commit/git_commit_create_with_signature.

Sounds like this means gitup would have to perform the actual signing though. Docs on libgcrypt look pretty arid though, so haven't had much more time to dig through that.

👍

It looks like the main git code just calls the GPG program to do the signing. That should lower the difficulty in implementing commit signing.

https://github.com/git/git/blob/master/gpg-interface.c#L160

    gpg.argv = args;
    gpg.in = -1;
    gpg.out = -1;
    args[0] = gpg_program;
    args[1] = "-bsau";
    args[2] = signing_key;
    args[3] = NULL;

    if (start_command(&gpg))

MacGPG2 would be better than just a gpg program. SourceTree uses it and it's great.

hey guys, any ETA?.. this is the only missing feature that prevents me from using awesome GitUP instead of SourceTree – Setup GPG to sign commits within SourceTree.

Would love this feature. At the moment I have to commit on the command line because GitUp can't sign the commits. If this feature would be added I could go almost 100% GitUp!

Same problem here, using GitUp GUI since about 3 months for everything besides commiting :/

Any news on this?

I'm sorry to say I have no plan to implement new features like this in GitUp. For context, GitUp is a product that I originally built for my needs. It's already quite powerful and useful out of the box. But GitUp is free (and even open-source!), and I just don't have bandwidth to put work on a free product (even more so on features I don't personally need). And it's not like these are trivial features: if you want it done right and with the high-bar that GitUp has (with undo / redo among other things), it takes quite a bit of time. If GitUp were to be paid product, things would most likely be different.

Thanks for letting us know, Olivier. Perhaps someone else can pick up the work required for this nonetheless.

Von meinem iPhone gesendet

Am 22.08.2016 um 21:49 schrieb Pierre-Olivier Latour [email protected]:

I'm sorry to say I have no plan to implement new features like this in GitUp. For context, GitUp is a product that I originally built for my needs. It's already quite powerful and useful out of the box. But GitUp is free (and even open-source!), and I just don't have bandwidth to put work on a free product (even more so on features I don't personally need). And it's not like these are trivial features: if you want it done right and with the high-bar that GitUp has (with undo / redo among other things), it takes quite a bit of time. If GitUp were to be paid product, things would most likely be different.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

But GitUp is free (and even open-source!), and I just don't have bandwidth to put work on a free product (even more so on features I don't personally need).

Completely understandable! Since I am possibly not the only person willing to pay for GitUp, I just wanted to ask, if you would consider adding this feature if you are payed for your time appropriately? If so, we could consider gathering a bounty through http://bountysource.com. I am asking beforehand, because I don't really want to set a bounty that is unlikely to be claimed.

Edit: there is of course also the possibility of someone else jumping in, because of the bounty... so maybe it makes sense to put one up anyway

Just wanna to say that I've implemented core gpg signing features in my branch but still need a lot of work to fulfill high GitUp repo requirements to pull requests.
My current implementation uses gpgme library to communicate with gpg agent. GPG Suite (gpgtools.com) works great, haven't tested GnuPG (gnupg.org) yet. If somebody feels motivated to help me finish this ticket you are welcome!
The current implementation uses git config to get user key id and to enable gpg signing.

You can check my implementation on this WIP PR:
OdNairy#1

Any ETA on this? Thank you guys.

This should really get implemented.