-
-
Save trashSydowDev/2e7e3d5179d13b87db5e to your computer and use it in GitHub Desktop.
Revisions
-
rafaelrinaldi revised this gist
Dec 14, 2015 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -50,4 +50,5 @@ $ git config --global user.signingkey your-key ## Further Reading * [Email Self-defence](https://emailselfdefense.fsf.org) * [GNU Privacy Guard Howto](https://help.ubuntu.com/community/GnuPrivacyGuardHowto) * [Beginners Guide to GnuPG](http://ubuntuforums.org/showthread.php?t=680292) -
Dec 14, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,7 +13,7 @@ Because after reading [this blog post](http://mikegerwitz.com/papers/git-horror- ## The solution Since Git `1.7.2`, one can sign commits (and tags) using their own GPG key. ### How -
Dec 14, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ ## Why Because after reading [this blog post](http://mikegerwitz.com/papers/git-horror-story.html) (sent by my dear friend @hugobessaa) I got paranoid. It's a little effort that can avoid a lot of trouble. ## The problem -
Dec 14, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,7 +13,7 @@ Because after reading [this article](http://mikegerwitz.com/papers/git-horror-st ## The solution Since Git `1.7.2`, one can sign commits using their own GPG key. ### How -
Dec 14, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,7 +13,7 @@ Because after reading [this article](http://mikegerwitz.com/papers/git-horror-st ## The solution Since Git `1.7.2`, one can sign commits usign their own GPG key. ### How -
Dec 14, 2015 . 1 changed file with 6 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -45,4 +45,9 @@ $ git config --global user.signingkey your-key [alias] commit = commit -S ``` * Profit :moneybag: ## Further Reading * [Email Self-defence](https://emailselfdefense.fsf.org) * [GNU Privacy Guard Howto](https://help.ubuntu.com/community/GnuPrivacyGuardHowto) -
Dec 14, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,7 +25,7 @@ $ brew install gpg ```sh $ gpg --gen-key # Default options are fine ``` * Now list all secret keys and copy the content from the `sec` row after the first `/`. Something like this: ```sh $ gpg --list-secret-keys /Users/your-user/.gnupg/secring.gpg -
Dec 14, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,7 +21,7 @@ Since Git 1.7.2, one can sign commits usign their own GPG key. ```sh $ brew install gpg ``` * Generate a fresh key: ```sh $ gpg --gen-key # Default options are fine ``` -
Dec 14, 2015 . 1 changed file with 6 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -17,15 +17,15 @@ Since Git 1.7.2, one can sign commits usign their own GPG key. ### How * Install [`gpg`](https://www.gnupg.org). You can install it from Homebrew: ```sh $ brew install gpg ``` * Generate a fresh gpg key: ```sh $ gpg --gen-key # Default options are fine ``` * Run gpg `--list-secret-keys` and copy the code after the first `/`. Something like this: ```sh $ gpg --list-secret-keys /Users/your-user/.gnupg/secring.gpg @@ -36,13 +36,13 @@ ssb XXXXX/ZZZZZZZZ 2015-01-01 # What you want is that YYYYYYYY ``` * Register your key to your Git configuration file: ```sh $ git config --global user.signingkey your-key ``` * You can now sign commits by using `git commit -S`. You might want to add it as an alias to your `.gitconfig`: ```sh [alias] commit = commit -S ``` * Profit :moneybag: -
Dec 14, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -9,7 +9,7 @@ Because after reading [this article](http://mikegerwitz.com/papers/git-horror-st 1. User changes the commit author using the `--author` option 2. The commit then introduces a new bug (blaming the new author) 3. Crackers explore this breach :skull: 4. An audit will not be able to identify who was the commit author ## The solution -
Dec 14, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,7 @@ Because after reading [this article](http://mikegerwitz.com/papers/git-horror-st ## The problem 1. User changes the commit author using the `--author` option 2. The commit then introduces a new bug (blaming the new author) 3. Crackers explore this breach :skull: 4. Audits will not be able to know who was the commit author -
Dec 14, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,48 @@ # Signing Git commits ## Why Because after reading [this article](http://mikegerwitz.com/papers/git-horror-story.html) (sent by my dear friend @hugobessaa) I got paranoid. It's a little effort that can avoid a lot of trouble. ## The problem 1. User changes the commit author using the `--author` option 2. The commit then introduces a new bug (blame on the new author) 3. Crackers explore this breach :skull: 4. Audits will not be able to know who was the commit author ## The solution Since Git 1.7.2, one can sign commits usign their own GPG key. ### How 1. Install [`gpg`](https://www.gnupg.org). You can install it from Homebrew: ```sh $ brew install gpg ``` 2. Generate a fresh gpg key: ```sh $ gpg --gen-key # Default options are fine ``` 3. Run gpg `--list-secret-keys` and copy the code after the first `/`. Something like this: ```sh $ gpg --list-secret-keys /Users/your-user/.gnupg/secring.gpg --------------------------------------- sec XXXXX/YYYYYYYY 2015-01-01 uid Your Name (Your Comment) <[email protected]> ssb XXXXX/ZZZZZZZZ 2015-01-01 # What you want is that YYYYYYYY ``` 4. Register your key to your Git configuration file: ```sh $ git config --global user.signingkey your-key ``` 5. You can now sign commits by using `git commit -S`. You might want to add it as an alias to your `.gitconfig`: ```sh [alias] commit = commit -S ``` 6. Profit