Signing commits
We would appricate that all commits to Blockcore be signed by the contributors.
Windows
- Install GPG4Win
- Run Kleopatra
- Generate a key, preferably 4096 bytes. Avoid pass phrase if you don't want to supply it on every commit or use tools to cache it locally.
- Fill out your details, name and e-mail. The e-mail must be a verified address on Github, or your no-reply address on Github.
- Find your key by opening cmd.exe
1gpg --list-secret-keys --keyid-format LONG
Above command will return your keys, starting with their strength and then ID. Make sure you use the "sec" key and not the "ssb" key. "sec" is for Certify and Signing, the "ssb" is for Encrypting.
Depending on your environment variables, cmd and git bash will store keys in different locations. Kleopatra will put keys in the location that cmd.exe looks at.
cmd.exe: C:\Users\USER\AppData\Roaming\gnupg
git bash: C:\Users\USER.gnupg
To fix this, open git bash and search for pgb:
1 | |
Copy the path that goes to the recent GnuPG folder, for example:
1 | |
Then create a new file, if it doesn't exists, under your user profile (C:\Users\USER\.bash_profile) named .bash_profile and fill out this into the file:
1 | |
Then run the same gpg command to list keys, and you should see same result in cmd and git bash.
- Configure git repo to always sign. You can do this globally with the flag --global if you want to.
1 2 3 | |
1 2 3 | |
You might also want to inform git to use the custom GPG you installed and not the one included with for example Github Desktop:
1 | |
- Get your public key:
1 | |
- Add your Public Key to Github.
Linux
TBA
Addtional links
How to enable auto-signing Git commits with GnuPG for programs that don't support it natively
Since git 2.19.1, gpg2 is supported!