Jazzy Coding
The Art of Structured Improvisation. By Carsten Nielsen
Signing git commits with your GPG key
February 9, 2012
Posted by on With the release of Git v1.7.9 it’s possible to sign your commits now.
To activate this on your machine, you have to configure git:
1. Get your key-id in the terminal:
$> gpg --list-keys ... pub 1024D/123ABC89 2011-09-27 uid Carsten Nielsen ...
Locate your relevant key and copy the ID to git:
$> git config --global user.signingkey 123ABC89
Now you are able to sign your commits by using the option -S
$> git commit -S
If you want to check the origin of a commit you can now show the signing by:
$> git log --show-signature commit 01b817f3e3bfe1fb1143a172539162bf6bf7aca5 gpg: Signature made 2012-02-09T11:30:57 CET using RSA key ID 123ABC89 gpg: Good signature from "Carsten Nielsen " Author: Carsten Nielsen Date: Thu Feb 9 11:30:48 2012 +0100 Lets sign something
With this we should be able to create an infrastructure on the repo- or deploy-server to check and ensure the origin of the commits.
But this is another story for another time…
Howdy! Someone in my Myspace group shared this website with us so
I came to check it out. I’m definitely loving the information. I’m book-marking and will be tweeting this to my followers!
Wonderful blog and superb design.
Pingback: B:datenbrei : Blog Archive : Bookmarks for August 23rd from 09:50 to 09:50
I’ve just tried this and it seems to work fine, however the signature isn’t included with you do a git send-email or similar, making it substantially useless in workflows that use that.