git gpg 签名
查找到需要用于 gpg 签名的密钥对 id:
~$ gpg -k
/home/runsisi/.gnupg/pubring.gpg
--------------------------------
pub rsa2048/759D8517 2018-01-06 [SC]
2915D352D6652715FB9AB146C08D7AE1759D8517
uid [ultimate] dev <dev@example.com>
sub rsa2048/1B971CBF 2018-01-06 [E]
pub rsa3072/C7E8A950 2019-04-13 [SC] [expires: 2021-04-12]
6DF6CFC20424F5CA2BC540E768CCC50DC7E8A950
uid [ultimate] luo.runbing (https://www.example.com/) <luo.runbing@example.com>
uid [ultimate] runsisi (https://runsisi.com/) <runsisi@hust.edu.cn>
sub rsa3072/D2E0CB2D 2019-04-13 [E] [expires: 2021-04-12]
sub rsa3072/8D77F675 2019-04-13 [S] [expires: 2020-04-12]
配置 git 显式使用 gpg2 以及用于签名的私钥:
~$ git config --global gpg.program gpg2
~$ git config --global commit.gpgSign true
~$ git config --global user.signingkey 8D77F675
创建 commit 时使用签名(由于配置了 commit.gpgSign 为 true,因此可以不显式指定 -S
):
-S
~$ git ci -asS -m 'add x.sh'
[master 048c9a7] add x.sh
1 file changed, 13 insertions(+)
create mode 100755 x.sh
~$ git log --show-signature -1
commit 048c9a717272535d8c3fc1a0eebbedf484a04ae2 (HEAD -> master)
gpg: Signature made Mon 15 Apr 2019 08:06:48 AM CST
gpg: using RSA key DFD781A7C8334975F2FD0DC7DA3BFDCF8D77F675
gpg: Good signature from "luo.runbing (https://www.example.com/) <luo.runbing@example.com>" [ultimate]
gpg: aka "runsisi (https://runsisi.com/) <runsisi@hust.edu.cn>" [ultimate]
Author: runsisi@hust.edu.cn <runsisi@hust.edu.cn>
Date: Mon Apr 15 08:06:48 2019
add x.sh
Signed-off-by: runsisi@hust.edu.cn <runsisi@hust.edu.cn>
~$ git verify-commit HEAD
gpg: Signature made Mon 15 Apr 2019 08:06:48 AM CST
gpg: using RSA key DFD781A7C8334975F2FD0DC7DA3BFDCF8D77F675
gpg: Good signature from "luo.runbing (https://www.example.com/) <luo.runbing@example.com>" [ultimate]
gpg: aka "runsisi (https://runsisi.com/) <runsisi@hust.edu.cn>" [ultimate]
创建 tag 时使用签名:
-s
~$ git tag -as -m 'tag v1.0' v1.0
~$ git show v1.0
tag v1.0
Tagger: runsisi@hust.edu.cn <runsisi@hust.edu.cn>
Date: Mon Apr 15 08:09:32 2019
tag v1.0
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE39eBp8gzSXXy/Q3H2jv9z4139nUFAlyzy7wACgkQ2jv9z413
9nUEPgv+K7GoE4mqpP5dBzQC1xYrexuu0Tz21HXtXuvh3AC3TLECNjFmkofA/Z0+
/taA2g2zHx+PpRuR8jUazH7R1LWoKvKYGsLwf878O4aRpLUptUx4fwyywlFeJ6g4
DWGZZCQO7eXoSCNtGtrjg9yqC/fl/mNjh19rosFM1+jd9FnloIWWNmjdabP5vkZ9
wvNLyxEFwwOrEIhhnxaHKCncwS7RGlxsUGRhmgVMJ+B8XTQxB76Wx9iIQnNQhbYw
1AFosR0W58LAaDssoVE5Bqyi08n9RFpv+HV1Kk+F8w7MpliqNW6LpAx/+z+89PSz
sqKfCncZjvng9O8sMhOlUoEYRiAzp9LfXrcGdVLZZRCrLZvfgspHZ5WFoWEZNGFm
jbF4HtgCrNWe1t/H2tzh5ip52g/MaK+3JAIHJeK7qArOQeyuiBLwXT+joh3WOuZB
NnGPgpU/rkyZFphW53b7Fj/k0QjK/lb0QjfEx7eIkWELH/5E+MakB4A0Qaiz6y8J
Kxhh4pfv
=3F9X
-----END PGP SIGNATURE-----
commit 048c9a717272535d8c3fc1a0eebbedf484a04ae2 (HEAD -> master, tag: v1.0)
Author: runsisi@hust.edu.cn <runsisi@hust.edu.cn>
Date: Mon Apr 15 08:06:48 2019
...
~$ git verify-tag v1.0
gpg: Signature made Mon 15 Apr 2019 08:09:32 AM CST
gpg: using RSA key DFD781A7C8334975F2FD0DC7DA3BFDCF8D77F675
gpg: Good signature from "luo.runbing (https://www.example.com/) <luo.runbing@example.com>" [ultimate]
gpg: aka "runsisi (https://runsisi.com/) <runsisi@hust.edu.cn>" [ultimate]
参考资料
Git error - gpg failed to sign data
Set up Keybase.io, GPG & Git to sign commits on GitHub
https://github.com/pstadler/keybase-gpg-github
最后修改于 2019-04-15