nextcloud
/
server
mirror of https://github.com/nextcloud/server
0
0
Fork 0
Code Issues Releases Wiki Activity
Page: How to sign your commits using PGP
Pages
Cross platform coordination Diversity Tickets Google Summer of Code 2017 Google Summer of Code 2018 Home How to sign your commits using PGP How to test LDAP? How to test S3 primary storage Maintenance and Release Schedule Rails Girls Summer of Code 2018 RailsGirls Summer of Code application Releases and PHP versions Todos before a release Translation knowledge (valid for whole nextcloud project)
4 How to sign your commits using PGP
violoncello.ch edited this page 2019-02-04 01:11:12 +01:00
Table of Contents

Git signing on Windows

Prerequisites

  1. Install gpg4win
  2. Install Git

Note: Make sure to install the Git bash component

PGP

Open a Git Bash shell window and check if your key is available:

$ gpg --list-keys

If it isn't, then import your combined private + public key with this command:

$ gpg --import /path/to/yourkey.pub-sec.asc
gpg: key NCB0X317: public key "Nextcloud Packager <nextcloudpackager@nextcloud.com>" imported
gpg: key NCB0X317: secret key imported
gpg: key NCB0X317: "Nextcloud Packager <nextcloudpackager@nextcloud.com>" 1 new signature
gpg: Total number processed: 2
gpg:               imported: 1  (RSA: 1)
gpg:         new signatures: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

Trust the key by typing the following:

$  gpg --edit-key "Nextcloud Packager" trust quit

Answer 5: I trust ultimately and confirm with y.

Note: You can do all of this from the Kleopatra app if you prefer

Git

Add your full name and email address

$ git config --global user.name Nextcloud Packager (ncpkger)
$ git config --global user.email nextcloudpackager@nextcloud.com

Let git use the pinentry app which comes with gpg4win

$ git config --global gpg.program "c:/Program Files (x86)/GNU/GnuPG/gpg2.exe"

if you use gpg4win version 3 use this file location/command instead:

$ git config --global gpg.program "c:/Program Files (x86)/GnuPG/bin/gpg.exe"

Tell git to always sign your commits:

git config --global commit.gpgsign true

Add your key to git by first listing your key and memorizing the alphanumerical sequence after 4096R/:

$ gpg --list-keys
/c/Users/nextcloud/.gnupg/pubring.gpg
----------------------------------
pub   4096R/NCB0X317 2016-01-01 [expires: 2020-01-01]
uid                  Nextcloud Packager <nextcloudpackager@nextcloud.com>
sub   4096R/BOXFTW16 2016-08-13 [expires: 2021-08-12]

and then linking that key to your git user

git config --global user.signingkey NCB0X317

That's it! You should now be able to sign your commits using your GPG key.

Testing

Create a test commit from your IDE or the command line. You should see a window poping up, asking for your password.

Back in Git Bash, you can check your signature by typing:

$  git log 45cf201 --show-signature -1
commit 45cf201ac70f8acc06916184c4e2392cdfa05467
gpg: Signature made 09/28/16 23:33:56 W. Europe Summer Time
gpg:                using RSA key 123E4567NCB0X317
gpg: Good signature from "Nextcloud Packager <nextcloudpackager@nextcloud.com>" [ultimate]
Author: Nextcloud Packager (ncpkger) <nextcloudpackager@nextcloud.com>
Date:   Wed Sep 28 23:33:38 2016 +0200

    Create a test signature for our contributors

Git signing on Linux

TBW

Nextcloud is an open source project and an open company. That means it is yours to make a difference!

Learn more and join our community

Enterprise? Public Sector or Education user? You may want to have a look into our Enterprise Support Subscriptions.

Get in touch