Use Gpg Signing for Github
A few days ago, I notiecd that when creating a new file or delete that on Github, on the right-hand side, the commits will display a “Verified” sign. Just look like following:
Looks really cool, isn’t it? So, I’ve tried to make this thing appear on every commit(especially on local pc/laptop, using git client) I’ve submit, but not soon I’ve encountered a lot and a lot troubles(when your os is OS X). Here is an instruction of how to turn this feature on(which means signing commits with G(nu)PG).
?
So, let me guide you how to make this “Verified” sign come out.
- install brew if not
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
- install gpg and pinentry
brew update && brew install gpg && brew install pinentry-mac && echo "pinentry-program /usr/local/bin/pinentry-mac" > ~/.gnupg/gpg-agent.conf && killall gpg-agent
- use
echo "test" | gpg --clearsign
to test of gpg is installed correctly.
- generate gpg key and import into Github(just use the new key for gpg sign by ignoring any existed gpg key)
gpg --default-new-key-algo rsa4096 --gen-key
When asked to enter your email address, ensure that you enter the verified email address for your GitHub account.
Now, the terminal displays like following:
1 | -----BEGIN PGP PUBLIC KEY BLOCK----- |
Copy your GPG key, beginning with —–BEGIN PGP PUBLIC KEY BLOCK—– and ending with —–END PGP PUBLIC KEY BLOCK—– and paste into Github-Settings-SSH and GPG keys-new GPG key.
- set up local git client
gpg --list-secret-keys --keyid-format SHORT | grep ^sec
when the command entered, the terminal displays like following:
sec rsa4096/3AA5C343 2018-07-22 [SC]
Which is need to denote, the keyid format should be SHORT instead of LONG, and this step is different from Github official instruction. You should copy ‘3AA5C343’ this part and we will use this key:
git config --global user.signingkey 3AA5C343 && git config --global gpg.program $(which gpg)
test if git know how to sign your commit
mkdir test && cd test && git init && touch a && git add . && git commit -S -m "test" && cd .. && rm -rf test
if no error shows, that means you are safe now and from now on you can use -S
argument to order git to sign with Gpg. In addition, to sign all commits by default in any local repository on your computer, run git config --global commit.gpgsign true
.
Ref:
Author: d0zingcat
Link: https://infloop.life/2018/07/28/use-gpg-signing-for-github/
License: 知识共享署名-非商业性使用 4.0 国际许可协议