esoko/mapguesser
esoko/mapguesser
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity

Add 'Configure Git to sign your commits'

Bence Pőcze 2021-05-09 14:35:16 +02:00
commit c1aa8662d4
1 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
Configure-Git-to-sign-your-commits.md Normal file

@ -0,0 +1,48 @@
# Genarate GPG key
If you don't have an own GPG key, generate one with this command:
```bash
gpg --gen-key
```
*Note:* Name and email address of GPG key should match your Git settings which you use to commit (**user.name** and **user.email**), otherwise Gitea won't show your commits "trusted". Additionally, the configured email address should be listed on your Gitea profile (your avatar -> Settings -> Account): https://gitea.e5tv.hu/user/settings/account, otherwise you won't be able to add the public key to Gitea.
After the key is generated, you will see a summary about the new key:
```
pub rsa3072 2021-05-09 [SC] [expires: 2023-05-09]
DADC33A688BA1D2983BA6AA521BE5534738520D0
uid John Doe <john.doe@example.com>
sub rsa3072 2021-05-09 [E] [expires: 2023-05-09]
```
You can get this information about your keys with the this command:
```bash
gpg --list-keys
```
# Configure Git to use the key
Configure Git to use this key to sign your work:
```bash
git config --global user.signingkey <key-id> # DADC33A688BA1D2983BA6AA521BE5534738520D0 in this example
```
Recommended: Configure Git to automatically sign your commits and tags:
```bash
git config --global commit.gpgSign true
git config --global tag.gpgSign true
```
If you don't configure the automatic signing, you have to manually request it for each commit/tag.
You can find further information about Git & GPG signing here: https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work.
# Configure Gitea to rezognize your GPG key
Retrieve your GPG public key with this command:
```bash
gpg --export -a <key-id> # DADC33A688BA1D2983BA6AA521BE5534738520D0 in this example
```
The output of the above command should be copied to your Gitea profile. Navigate to this page (your avatar -> Settings -> SSH / GPG keys): https://gitea.e5tv.hu/user/settings/keys. Click on **Add Key** next to Manage GPG Keys and paste your public key.
If a pull request contains only signed commits, it is possible to sign the merge commit with Gitea's key. Two factor authentication should be activated on your profile for this! You can activate it on this page (your avatar -> Settings -> Security): https://gitea.e5tv.hu/user/settings/security.