Reputation: 3573
Signing git commits on a remote machine
I'm doing development on a remote, headless, shared, machine (call it shared) over SSH using nvim. When I want to submit my changes, I have to raise a github pull request with SSH-signed commits. Because the machine is shared, I don't want to put my SSH key onto it.
Further, the shared machine has special setup that means I can't develop locally.
The repo is large.
My current workflow involves having a local clone of the repo (call it local) with a git remote for the shared machine and once I have commits I want to PR:
- pull commits from
sharedtolocal - signing locally by rewriting history
- pushing the result to my github fork (another git remote, call it
gh-fork) for the PR process.
Then if the PR process requires that I add follow up commits or that I do squashing, then have to go back to the shared machine and:
git fetch gh-forkgit reset --hard gh-fork/thebranch# to get the signed commits- add changes and check it all still works (or squash).
- get the follow-up changes to
localby pulling or fetch+resetting fromshared. - sign again
- push to
gh-fork
My question is a bit vague and open-ended. How can I streamline this?
I think there are two sub-problems:
automating signing on the remote: if there's a way to get the raw data out of git that needs to be signed, i could write a little daemon that transfers the result to
localfor automated signing (with confirmation, like a button click, to avoid abuse), and send the result back tosharedand update the repo with the result.How to
git pushthe signed result to a SSH remote (i.e.[email protected]/...) fromsharedwithoutsharedholding the SSH key.
I appreciate that this is a very niche problem, but I wonder if someone has tackled a similar problem before?
Solutions I considered and didn't like:
- remote filesystems (sshfs was unreliable in my experience)
- rsync/unison (I get confused with what is where and if git does a
git gcit can cause a full and lengthy resync of.git) - distant.vim (I've never managed to get it working)
- ssh agent forwarding (insecure)
Upvotes: 2
Views: 275
Answers (0)
Related Questions
- How to check out a remote Git branch?
- How can I rename a local Git branch?
- How do I undo the most recent local commits in Git?
- How do I delete a Git branch locally and remotely?
- How do I undo 'git add' before commit?
- How do I change the URI (URL) for a remote Git repository?
- Throw away local commits in Git
- What is the difference between 'git pull' and 'git fetch'?
- How do I force "git pull" to overwrite local files?
- How do I update or sync a forked repository on GitHub?