Skip to content

Instantly share code, notes, and snippets.

@LosAlamosAl

LosAlamosAl/signed-commits.md

Last active February 22, 2018 01:22
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save LosAlamosAl/e80211c9b0192eba37cba496a3e7456a to your computer and use it in GitHub Desktop.
Save LosAlamosAl/e80211c9b0192eba37cba496a3e7456a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
signed-commits.md

In order to PGP sign GitHub commits we need to:

  1. Install GnuPG via brew install gnupg
  2. Add export GPG_TTY=$(tty) to .zshrc
  3. Create keys and add to GitHub
  4. Test gpg: echo "test" | gpg --clearsign
  5. Tell git (locally) about stuff or it screws up:
  6. gpg --list-secret-keys --keyid-format LONG
  7. Grab the long hex key and git config user.signingKey A...
  8. Tell git where pgp command is: git config gpg.program gpg Why?
  9. Tell git you want to sign commits: git config commit.gpgsign true
  10. Try a commit: git commit -S -am "Added ES6 class"
  11. If that fails, try GIT_TRACE=1 git commit -S -am "Added ..."
  12. When you finally, successfully, commit: git log --show-signature -1
  13. git push
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment