How to sign your git commit?
November 25, 2016 Leave a comment
First thing first,you are supposed to have a digital key. Haven’t you?? Get one!, but how? Here is how to create gpg key from command line.
I am assuming( o yeah I can’t help myself about that! thinking of you being smart enough to figure it out) ,if you haven’t already installed GNUPG yet , read it here about it and take advantage of your OS’s package manager to install the package .
Again, once you setup your gpg key and uploaded it into the one of the keyserver and it will sync with other keyservers too. Mind you, only share your public key , the private key should be reside with you.
Heads up! for heaven’s sake please remember the passphrase you enter while creating the key and do not forget to create a revocation certificate too.
Another way , you might start using keybase ,which quite new ,but has promise and will take over gnupg soon( thinking in that direction) . If you want to use , please let me know, I have few invite left with me. But please disclose your original identity .
Now, you need to tell git to use your private key to encrypt your commits ,but how? Here is how you should do ..read on:
I think, this page is very well explained. Give some effort to read it and understand it.
I believe you understood the previous link to gpg signing(again assuming you did!). Once you properly done with it . You can verify like below :
bhaskar@ArchLinux_17:34:07_Fri Nov 25:~/git-linux/Linux_Infrastructure_Management>git log –show-signature -1
gpg: Signature made Sun 20 Nov 2016 04:27:44 PM IST
gpg: using RSA key B23A9DB7114B2915
gpg: Good signature from “Bhaskar Chowdhury (Musing_with_GNU/Linux!!) <firstname.lastname@example.org>” [ultimate]
gpg: aka “[jpeg image of size 62428]” [ultimate]
Author: Bhaskar Chowdhury <email@example.com>
Date: Sun Nov 20 16:27:33 2016 +0530
modified few sentences
Signed-off-by: Bhaskar Chowdhury <firstname.lastname@example.org>
But hey! how do you sign the commit?? Two ways:
- You need to pass -S along the line with commit command and give the key hash.This is the laborious way to do thing and soon become very cumbersome.
Of course there is better way and that is second way of doing it:
2. You need to put in the global section of the git config (by doing git config add ) or by placing it for any project specific way . Like below ,I am having this configuration for this project.
bhaskar@ArchLinux_17:41:10_Fri Nov 25:~/git-linux/Linux_Infrastructure_Management>git config –list
user.signingkey=**Long hash for key**(hsg23ljfgdrtu456)
pretty.fixes=Fixes: %h (“%s”)
alias.logline=log –pretty=format:’%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset’ –abbrev-commit
You are good enough to read it through ..aren’t you? By the way , those are git config options ,you need to tell git to use it by providing the key value at the git command line ,like this :
bhaskar@ArchLinux_17:41:26_Fri Nov 25:~/git-linux/Linux_Infrastructure_Management>git config add user.email email@example.com
If you did that with your mail id for a the specific project ,it can how you the first line of output shown above. Likewise ,you need to do that for other options too.
Did you notice there is “singed-off-by” ? It can be achieved by using -s (small ess) along the commit message or automate it like other options mentioned above.Why that is there ? Because ,oftentimes ,commiter and the author of the patch is not the same person. Plus for reviewing purpose.So, both author and commiter get credit for the submission🙂 .
This post is very rudimentary and assuming the reader is capable enough to do lot of research .BTW if you have any genuine query about it ,please do let me know.