Git: Difference between revisions

Git (view source)

Revision as of 09:06, 30 September 2016

1,267 bytes added , 30 September 2016

→‎signing work

← Older edit Newer edit →

Mhan

Bureaucrats, Interface administrators, Administrators

4,348

edits

@@ Line 1: / Line 1: @@
-= signing work =
+= Signing work =
-This is an example of GPG key.
+Get your GPG configured, and a personal key installed.  Configure Git to use your personal key.
-<source lang="bash">
+<syntaxhighlight lang="bash">
 $ git config --global user.signingkey 0A46826A
-</source>
+</syntaxhighlight>
+Signing tags:
+<syntaxhighlight lang="bash">
+$ git tag -s v2.17 -m 'version 2.17 signed by MH'
+$ git show v2.17
+</syntaxhighlight>
+With the signer's public key in the keyring, you can verify the tag:
+<syntaxhighlight lang="bash">
+$ git tag -v v2.17
+</syntaxhighlight>
+== Signing commits ==
+You can sign commits simply by adding -S once your environment is configured.
+<syntaxhighlight lang="bash">
+$ git commit -S -m 'push a signed commit'
+</syntaxhighlight>
+You can check and verify via <span class="package">git log</span>:
+<syntaxhighlight lang="bash">
+$ git log --show-signature -1
+</syntaxhighlight>
+You can configure <span class="package">git log</span> to check any signatures and list them in output via <span class="package">%G?</span> format.
+<syntaxhighlight lang="bash">
+$ git log --pretty="format:%h %G? %aN  %s"
+</syntaxhighlight>
+You can also reject commits that are unsigned and invalid:
+<syntaxhighlight lang="bash">
+$ git merge --verify-signature non-verify
+$ git merge --verify-signatures signed-branch
+</syntaxhighlight>
+Sign the merge commit itself:
+<syntaxhighlight lang="bash">
+$ git merge --verify-signatures -S signed-branch
+</syntaxhighlight>
 = Commands =