WELCOME TO EHOST.COM.NP

Monday, June 27, 2016

Signing Git Commits & Tags with GPG2 and Verified on GitHub

ads space

So i got myself a MacBook PRO and finally made the switch to Mac world after a long time being a Windows user.

One of the things i have been meaning to do was to GPG sign my git commits. Setting up my new MacBook proves to be the perfect time and finally, i did it.

The web has a number of tutorials that shows how to sign git commits with GnuPG (GPG) but none with GPG version 2.

In this tutorial, i will be showing us how to sign Git commits and tag with GPG2.

FWIW, my Mac was running OSX Yosemite 10.10.3 at the time of writing. I am quite sure the guide below is pretty much the same for OSX 10.10 and greater.

For windows users, you should be able to follow this guide too. No? let me know in comments and I will see what I can do to help.

Ready? Let’s Go

Firstly, download and install GPG2 command line tools if you don’t have one installed already in your machine. You can test by running gpg2 command in terminal.

Open terminal

Run this command to generate a GPG key pair.

You will be asked to enter your name, email address. Ensure the email address matches your GitHub email address if you want Github to show your commits as verified otherwise ignore this advice.

To save your entry, type letter “O” and hit enter/return. You will be asking for a passphrase to continue. The passphrase will come in handy when signing your commits.

You should now see your GPG info displayed as follows:

Run the command below to output your GPG key, substituting in your GPG key ID. Our tutorial generated GPG key ID is 89456D5E759E1A6AEEAF590AEDC2699358643879.

Copy your GPG key, beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----.

Login to your GitHub account. In the top right corner of any page, click your profile photo, then click Settings.
Click SSH and GPG keys menu.

Click New GPG key.

In the “Key” textarea, paste the GPG key you copied earlier and save.

Telling Git about your GPG key

If you have forgotten your key ID, you can always retrieve it by running gpg2 --list-secret-keys command.

To set your GPG signing key in Git, run the command below, substituting in the GPG key ID you’d like to use. In this example, the GPG key ID is 89456D5E759E1A6AEEAF590AEDC2699358643879.

Signing commits and Tags using GPG

To sign your Git commits with GPG, add the -S flag to the git commit command like so:

To sign a tag, add -s flag to your git tag command like so:

After you create your commit and/or tags, provide the passphrase you set up when you generated your GPG key.

When you’ve finished creating commits locally, run the command below to push your commits and tag to your remote repository on GitHub.

Go to the tag and commit description page, you should now see the verified badge.

GPG signed git commit

GPG signed git tag

Common Problem and Solutions

If you got an error similar to the message below when trying to sign a Git commit or tag, the error is as a result of Git not able to find GPG in your machine.

Mind you, we installed GPG2 and not the version 1.x which by default is in /usr/local/bin/gpg2. Apparently, Git was looking into /usr/local/bin/gpg which doesn’t exist.

Running the command below explicitly tell Git where to find GPG.

Automatically Signing Your Git Commits

You can configure Git to automatically sign your commits (and tags) without specifying the -S (and -s) flags by running git config --global commit.gpgsign true or adding the following to ~/.gitconfig

Conclusion

I suck at writing conclusion. Please make do without one.

ADS SPACE

0 comments:

Post a Comment

Categories

Article How-to All Posts WordPress Android Web design Blogger Plugins CSS Google JQuery Plugins Programming Reviews Web Hosting Blogger Blogging Blogging Tips Tricks Web Development Facebook Git Internet Make Money Online Social Plugins Tips Tips and Tricks Tools Tutorials Windows WordPress Plugins Blogging Tips and Tricks Freebies GSM Google Analytics HTML How To's JavaScript Plugin Development S.E.O SEO SMS SmartPhone Social Media Tips amp; Tricks Top-Most Updates Webmaster Tools Whatsapp Applications Apps Blogger Basics Documentary Downloads Entertainment Gadgets Games Gmail Google AdSense Guest Post IPhone Make Money Blogging SVN Security Softwares Web Hosting Tips and Tricks Wordpress Tips Wordpress Tips and Tricks hostgator iOS Advertising Networks Advertising Technology Affiliates Antivirus Audience amp; Traffic Biography Blog post Blog post Blogger Blogger Errors Blogger Tips Blogger Tools Blogger Widget Blogosphere Bogger Widgets CSS selectors CSS symbols CSS3 Computer amp; Internet Content Writing Coupon Codes Data amp; Analytics Deleted blog Design DoubleClick for Publishers Email and newsletter marketting Email marketing Excel Tips Excel Tips and Tricks Facebook Tricks Feed Feedburner Feedburner subscribers Font Fun GitHub Giveaways Gmail primary inbox Gmail tabs Google sign-in Guides HTML amp; CSS HTML5 Infographics Inspirational Instagram Internet Marketing Internet Tips amp; Tricks Job Listings Knowledge Life Hacks Lists Make-Money Monetization amp; Conversion Monetize Navigation Online Marketing Other PHP Tutorials Passport Publishing amp; Content Quotes RSS Sidebar Smartphones Social Networking Status Tech Tech Blog Technology Telegram Themes UI / UX User Psychology amp; Research VB.Net Web Tools Web browser Widget Windows Tips Windows-10 ad viewability admin notice blogging tools bluehost cherry-pick clone cors custom scrollbar customizer dismissible notices duplicate post feed title git branch git clone gpg gpg2 hybridauth iPad icon font notice responsive wordpress theme same origin policy scrollbar signed git commit smartsvn theme customizer vcs wordpress theme wordpress themes

Blog Archive