How to sign your git commit?

First thing first,you are supposed to have a digital key. Haven’t you?? Get one!, but how? Here is how to create gpg key from command line.

I am assuming( o yeah I can’t help myself about that! thinking of you being smart enough to figure it out) ,if  you haven’t already installed GNUPG yet , read it here about it and take advantage of your OS’s package manager to install the package .

Again, once you setup your gpg key and uploaded it into the one of the keyserver and it will sync with other keyservers too.  Mind you, only share your public key , the private key should be reside with you.

Heads up! for heaven’s sake please remember the passphrase you enter while creating the key and do not forget to create a revocation certificate too.

Another way , you might start using keybase ,which quite new ,but has promise and will take over gnupg soon( thinking in that direction) . If you want to use , please let me know, I have few invite left with me. But please disclose your original identity .

Now, you need to tell git to use your private key to encrypt your commits ,but how? Here is how you should do ..read on:

I think, this page is very well explained. Give some effort to read it and understand it.

I believe you understood the previous link to gpg signing(again assuming you did!). Once you properly done with it . You can verify like below :

bhaskar@ArchLinux_17:34:07_Fri Nov 25:~/git-linux/Linux_Infrastructure_Management>git log –show-signature -1
commit a825344b39e962dcf3df91a276cfb53fd57db4dc
gpg: Signature made Sun 20 Nov 2016 04:27:44 PM IST
gpg:                using RSA key B23A9DB7114B2915
gpg: Good signature from “Bhaskar Chowdhury (Musing_with_GNU/Linux!!) <unixbhaskar@gmail.com>” [ultimate]
gpg:                 aka “[jpeg image of size 62428]” [ultimate]
Author: Bhaskar Chowdhury <unixbhaskar@gmail.com>
Date:   Sun Nov 20 16:27:33 2016 +0530

modified few sentences

Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com>

 

But hey! how do you sign the commit??  Two ways:

  1. You need to pass -S  along the line with commit command and give the key hash.This is the laborious way to do thing and soon become very cumbersome.

Of course there is better way and that is second way of doing it:

2. You need to put in the global section of the git config (by doing git config add ) or by placing it for any project specific way . Like below ,I am having this configuration for this project.

bhaskar@ArchLinux_17:41:10_Fri Nov 25:~/git-linux/Linux_Infrastructure_Management>git config –list
user.email=unixbhaskar@gmail.com
user.name=Bhaskar Chowdhury
user.signingkey=**Long hash for key**(hsg23ljfgdrtu456)
push.default=matching
gpg.program=gpg2
commit.gpgsign=true
core.editor=vim
core.abbrev=12
color.ui=true
pretty.fixes=Fixes: %h (“%s”)
log.showsignature=true
alias.logline=log  –pretty=format:’%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset’ –abbrev-commit
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=https://github.com/unixbhaskar/Linux_Infrastructure_Management.git
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
branch.master.remote=origin
branch.master.merge=refs/heads/master

 

You are good enough to read it through ..aren’t you? By the way , those are git config options ,you need to tell git to use it by providing the key value at the git command line ,like this :

bhaskar@ArchLinux_17:41:26_Fri Nov 25:~/git-linux/Linux_Infrastructure_Management>git config add user.email unixbhaskar@gmail.com

If you did that with your mail id for a the specific project ,it can how you the first line of output shown above. Likewise ,you need to do that for other options too.

Did you notice there is “singed-off-by” ? It can be achieved by using -s (small ess) along the commit message or automate it like other options mentioned above.Why that is there ? Because ,oftentimes ,commiter and the author of the patch is not the same person. Plus for reviewing purpose.So, both author and commiter get credit for the submission🙂 .

This post is very rudimentary and assuming the reader is capable enough to do lot of research .BTW if you have any genuine query about it ,please do let me know.

 

 

 

About unixbhaskar
GNU/Linux Consultant

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: