verify-commits.md(файл создан)
| @@ -0,0 +1,52 @@ | |||
| 1 | + | # How to Verify Your Commits | |
| 2 | + | ||
| 3 | + | Anyone can be anyone when it comes to commits. For example, [here is a commit where ""Linus Torvalds"" deletes Linux](https://github.com/torvalds/linux/tree/8bcab0346d4fcf21b97046eb44db8cf37ddd6da0). I put this document together for myself a while back, but I thought I would share it with other people who want a straightforward guide to setting up commit signing with GPG. | |
| 4 | + | ||
| 5 | + | ## Instructions | |
| 6 | + | ||
| 7 | + | 1. Install gpg `brew install gnupg2` (or `sudo apt-get install gnupg2`, etc) | |
| 8 | + | 2. Generate the key with `gpg --full-generate-key` (the default type is probably fine) | |
| 9 | + | 3. Make sure it is at least `4096` bits | |
| 10 | + | 4. Make sure you use your Github no-reply email or an email provided to your Github account. | |
| 11 | + | 5. Get the signing key by running `gpg --list-secret-keys --keyid-format=long` | |
| 12 | + | * In the following list, the signing key is `3AA5C34371567BD2` | |
| 13 | + | ```shell | |
| 14 | + | sec 4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10] | |
| 15 | + | uid Hubot | |
| 16 | + | ssb 4096R/42B317FD4BA89E7A 2016-03-10 | |
| 17 | + | ``` | |
| 18 | + | 6. Get your public key by running `gpg --armor --export YOUR-SIGNING-KEY-HERE | pbcopy` | |
| 19 | + | 7. Add your gpg key to your [Github key settings](https://github.com/settings/keys) | |
| 20 | + | 8. Turn on Vigilant mode at the bottom of that page. | |
| 21 | + | 9. Add your signing key to your Git config `git config --global user.signingkey YOUR-SIGNING-KEY-HERE` | |
| 22 | + | 10. To sign all commits run `git config --global commit.gpgsign true` | |
| 23 | + | 11. Add the GPG export to your zshconfig `echo 'export GPG_TTY=$(tty)' >> ~/.zshrc;` | |
| 24 | + | ||
| 25 | + | ||
| 26 | + | ## For Mac | |
| 27 | + | ||
| 28 | + | 1. Mac: You can let Keychain manage your pin entry by running `brew install pinentry-mac` | |
| 29 | + | 2. Tell gpg about it with `echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf` | |
| 30 | + | 3. Restart gpg agent `killall gpg-agent` | |
| 31 | + | ||
| 32 | + | ||
| 33 | + | ## Backup Key | |
| 34 | + | ||
| 35 | + | 1. Export the public key `gpg --export -a YOUR-SIGNING-KEY-HERE > gpg-public.asc` | |
| 36 | + | 2. Export the private key `gpg --export-secret-keys -a YOUR-SIGNING-KEY-HERE > gpg-secret.asc` | |
| 37 | + | 3. You now should have two files `gpg-public.asc` and `gpg-secret.asc` in your current directory | |
| 38 | + | ||
| 39 | + | ||
| 40 | + | ## Restore Key | |
| 41 | + | ||
| 42 | + | 1. Import the public key `gpg --import gpg-pub.asc` | |
| 43 | + | 2. Import the secret key `gpg --import gpg-sc.asc` | |
| 44 | + | ||
| 45 | + | ||
| 46 | + | ## References | |
| 47 | + | ||
| 48 | + | - [Generating a new GPG key](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key) | |
| 49 | + | - [Adding a new GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account) | |
| 50 | + | - [Enabling Vigilant mode](https://docs.github.com/en/authentication/managing-commit-signature-verification/displaying-verification-statuses-for-all-of-your-commits#enabling-vigilant-mode) | |
| 51 | + | - [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key) | |
| 52 | + | - [Migrate GPG Keys from One Workstation to Another](https://gist.github.com/angela-d/8b27670bac26e4bf7c431715fef5cc51) | |
Новее
Позже