Git Client Configurationλ︎
Git uses either XDG_CONFIG_HOME/git/config or $HOME/.gitconfig configuration file for user level settings for the Git client.
Editor Git support should use the Git client configuration.
Practicalli Dotfiles Git Configuration
Practicalli Dotfiles contains an example Git user configuration, with separate identity configuration files for commercial and open source work.
The Git configuration also provides global Git ignore patterns for Clojure and MkDocs projects.
Git identityλ︎
An identity is required when sharing commits via services such as GitHub/GitLab and so that each commit you make is associated to you.
Define your git identity using the following commands in a terminal window
Use the GitHub Email Mask address
To minimise Email spam, use the email address provided by GitHub as a mask to your primary email address on the GitHub account. The mask address is of the form ***+github-account@noreply.github.com.
Visit the email settings of the GitHub account and tick Keep my email addresses private.
A new email of the form ******+github-account-name@users.noreply.github.com is created which must be set as your user email address
For additional security, select the option Block command line pushes that expose my email to prevent commits being pushed to GitHub using your public email address.
git config --global user.name "practicalli-johnny"
git config --global user.email ***+github-account@noreply.github.com
The [user] section of the Git configuration file is updated by these commands, automatically creating the file and section if it does not exist.
Git Configuration
# Add identity to all commits (required for GitHub / GitLab)
[user]
name = Practicalli Johnny
# add email to Personal GitHub account via Settings > Email
email = "johnny@clojure.inc"
## Identity for using GitHub API
[github]
user = practicalli-johnny
## SSH Keys - add key passphrase to MacOSX key chain
[credential]
helper = osxkeychain
Multiple Git Identitiesλ︎
When working on a mixture of commercial and Open Source projects, configure the Git client with multiple identities
Git Clone alias
## ------ Git Config: Identity ------ ##
# Default identity configuration
[include]
path = ~/.config/git/identity-practicalli-johnny
# Override identify for specific directories
[includeIf "gitdir:~/projects/identity-clojure-inc"]
path = ~/.config/git/identity-clojure-inc
MacOSX Path expansion not working
MacOSX did not expand ~ or $HOME for relative paths for identity files when using the latest MacOSX version and Git client from homebrew.
Included configure file with company identity.
Git Clone alias
## ------ Company Identity ------ ##
# Add details for specific company identity
# Add identity to all commits (required for GitHub / GitLab)
[user]
name = Practicalli Johnny
# add email to Personal GitHub account via Settings > Email
email = "johnny@clojure.inc"
## Identity for using GitHub API
[github]
user = practicalli-johnny
## SSH Keys - add key passphrase to MacOSX key chain
[credential]
helper = osxkeychain
SSH Keysλ︎
SSH Keys provide a secure way to authorise requests to a shared service and verify the author of commits sent to a shared service.
Generate an SSH Key pair with Git email identity
Generate a public & private key pair using the recommended ed25519 format. Include the email address added to your GitHub account, or use the email mask provides by GitHub to avoid exposing your personal email.
Enter a passphrase when prompted. A 12 character or greater passphrase should provide adequate security.
Use the GitHub Email Mask address
Minimise Email spam by using the email address provided by GitHub as a mask to your primary email address on the GitHub account. The mask address is of the form ***+github-account@noreply.github.com.
Avoid use of Company Email address
Once you leave a company that email is not verifyable by the sharing service. Removing the company email address from your account will no longer associate commits with your shared service account.
SSH Key Passphrase
Practicalli recommends setting a passphrase when generating an SSH key, to add an extra layer of security.
The passphrase can be added to the operating system key ring, unlocking the key when logging into the operating system account.
Add SSH key to Keychainλ︎
Add Git SSH key passphrase to Operating System keychain to avoid typing in the passphrase each time a Git command interacts with a remote repository.
Add the SSH private key to the ssh-agent to avoid typing in the passphrase each time. Logging into the operating system with the user account will unlock the key ring and enable access to the passphrase.
Ubuntu desktop has a key-ring tool which will display a pop-up dialog to save the passphrase to the key-ring the first time the SSH key is used. Once saved, the key is unlocked when login into the desktop.
Add SSH key passphrase to MacOSX Keychain
Edit the ~/.ssh/config file and add/modify to include the following configuration
SSH key Key Chain Git Configuration
If there is an issue with the passphrase, delete the key passphrase using the MacOSX Keychain Access App. Select Local Items to see a list of keys that includes the SSH key. Select the key to show a menu that allows deletion.
The command line terminal can be used to delete keys from the MacOSX keychain using the ssh-add command with the -d keyname to delete a specific key or -D option to delete all user added keys.
Termux does not provide a persistent keyring, so an SSH agent can be run manually to manage the SSH key passphrase for the current terminal session.
Start the agent.
Capture the details of the agent in the terminal shell
Add the SSH key passphrase to the agent, allowing the SSH key to be used without repeatedly entering the passphrase until the terminal session is closed.
Commit signing with SSH Keyλ︎
The SSH key can be registered with your GitHub account as a signing key, as opposed to an authorization key used to access a remote repository securely.
Use an existing SSH key to sign commits and tags, or generate a new one specifically for signing.
Configure Git client to use SSH to sign commits and tags for all local repositories
Git Configuration SSH Key sigining
Configure SSH key as signing format
Specify the file that contains the public SSH key to use for signing
Automatically sign commits and tags when creating a commit
Allowed SSH keysλ︎
The --show-signature flag with Git log and show commands checks the contents of the gpg.ssh.allowedSignersFile to know which keys are valid
Create an $HOME/.config/git/allowed-signatures file to list the SSH keys that you wish to define as allowed to sign commits.
Each key entry should start with the email address used for commits, followed by the full public key value (which also ends with the email)
Set the gpg.ssh.allowedSignersFile file in the Git Configuration
SSH keys on multiple machines
When using different SSH keys across multiple computers, add all public keys to the allowed-signatures file.
Use a secret GitHub gist if you do not wish to add public keys to a shared git repository for the Git configuration.
Clone aliases for a GitHub domainλ︎
Define a short-cut alias to simplify the URL argument for the repository when using the Git clone command,
e.g git clone p:clojure-cli-config rather than git clone git@github.com:practicalli/clojure-cli-config
Git Clone alias
Diff 3 Supportλ︎
Diff 3 standard included the parent of two changes in conflict, providing additional context when deciding which change should take precedence
This command adds a conflictstyle entry in the [merge] section of the Git configuration file.
Magit supports the Diff3 standard, so a common parent will be shown when this feature is enabled.
