Revision of verify-commits.md

melanie gist felülvizsgálása 7 months ago. Revízióhoz ugrás

Nincsenek változtatások

melanie gist felülvizsgálása 7 months ago. Revízióhoz ugrás

1 file changed, 1 insertion, 1 deletion

verify-commits.md

			@@ -1,4 +1,4 @@
1		-	# How to Verify Your Commits
	1	+	# How to Verify Your Commits with GPG, but you probably shouldn't. Just use SSH now.
2	2
3	3		Anyone can be anyone when it comes to commits. For example, [here is a commit where ""Linus Torvalds"" deletes Linux](https://github.com/torvalds/linux/tree/8bcab0346d4fcf21b97046eb44db8cf37ddd6da0). I put this document together for myself a while back, but I thought I would share it with other people who want a straightforward guide to setting up commit signing with GPG.
4	4

melanie gist felülvizsgálása 11 months ago. Revízióhoz ugrás

1 file changed, 52 insertions

verify-commits.md(fájl létrehozva)

		@@ -0,0 +1,52 @@
1	+	# How to Verify Your Commits
2	+
3	+	Anyone can be anyone when it comes to commits. For example, [here is a commit where ""Linus Torvalds"" deletes Linux](https://github.com/torvalds/linux/tree/8bcab0346d4fcf21b97046eb44db8cf37ddd6da0). I put this document together for myself a while back, but I thought I would share it with other people who want a straightforward guide to setting up commit signing with GPG.
4	+
5	+	## Instructions
6	+
7	+	1. Install gpg `brew install gnupg2` (or `sudo apt-get install gnupg2`, etc)
8	+	2. Generate the key with `gpg --full-generate-key` (the default type is probably fine)
9	+	3. Make sure it is at least `4096` bits
10	+	4. Make sure you use your Github no-reply email or an email provided to your Github account.
11	+	5. Get the signing key by running `gpg --list-secret-keys --keyid-format=long`
12	+	* In the following list, the signing key is `3AA5C34371567BD2`
13	+	```shell
14	+	sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
15	+	uid Hubot
16	+	ssb 4096R/42B317FD4BA89E7A 2016-03-10
17	+	```
18	+	6. Get your public key by running `gpg --armor --export YOUR-SIGNING-KEY-HERE \| pbcopy`
19	+	7. Add your gpg key to your [Github key settings](https://github.com/settings/keys)
20	+	8. Turn on Vigilant mode at the bottom of that page.
21	+	9. Add your signing key to your Git config `git config --global user.signingkey YOUR-SIGNING-KEY-HERE`
22	+	10. To sign all commits run `git config --global commit.gpgsign true`
23	+	11. Add the GPG export to your zshconfig `echo 'export GPG_TTY=$(tty)' >> ~/.zshrc;`
24	+
25	+
26	+	## For Mac
27	+
28	+	1. Mac: You can let Keychain manage your pin entry by running `brew install pinentry-mac`
29	+	2. Tell gpg about it with `echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf`
30	+	3. Restart gpg agent `killall gpg-agent`
31	+
32	+
33	+	## Backup Key
34	+
35	+	1. Export the public key `gpg --export -a YOUR-SIGNING-KEY-HERE > gpg-public.asc`
36	+	2. Export the private key `gpg --export-secret-keys -a YOUR-SIGNING-KEY-HERE > gpg-secret.asc`
37	+	3. You now should have two files `gpg-public.asc` and `gpg-secret.asc` in your current directory
38	+
39	+
40	+	## Restore Key
41	+
42	+	1. Import the public key `gpg --import gpg-pub.asc`
43	+	2. Import the secret key `gpg --import gpg-sc.asc`
44	+
45	+
46	+	## References
47	+
48	+	- [Generating a new GPG key](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key)
49	+	- [Adding a new GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account)
50	+	- [Enabling Vigilant mode](https://docs.github.com/en/authentication/managing-commit-signature-verification/displaying-verification-statuses-for-all-of-your-commits#enabling-vigilant-mode)
51	+	- [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
52	+	- [Migrate GPG Keys from One Workstation to Another](https://gist.github.com/angela-d/8b27670bac26e4bf7c431715fef5cc51)

Újabb Régebbi