-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor: replace
types
tag with typing
- Loading branch information
Showing
9 changed files
with
227 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,216 @@ | ||
--- | ||
title: Verified Commits | ||
seoTitle: Quick guide for the impatient on how to use GPG and SSH to sign commits, on GitHub | ||
summary: Sign commits with SSH and GPG | ||
isReleased: true | ||
isSequel: false | ||
lastModDate: 2019-12-05T09:15:00-0401 | ||
firstModDate: 2019-12-05T09:15:00-0401 | ||
minutesToRead: 4 | ||
tags: | ||
- 'SSH' | ||
- 'GPG' | ||
- 'git' | ||
--- | ||
<C> | ||
*Guide for the impatient* | ||
</C> | ||
<H2>Only Using SSH To Sign Commits</H2> | ||
<C>First generate an SSH key, you must have ``ssh`` installed, to verify, run this</C> | ||
<Code | ||
code={`ssh -V | ||
`} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
<C> | ||
You should get the version info, with no errors. | ||
</C> | ||
<C> | ||
To generate keys for GitHub specifically, here I'll save you some time, paste <L href="https://github.com/AshGw/dotfiles/blob/main/.ssh/_gh_gen.sh">this</L> in your terminal. | ||
</C> | ||
<C> | ||
This will will generate an SSH key pair, `ashgw` is my username, yours will be different. | ||
</C> | ||
<Code | ||
code={`Generating public/private ed25519 key pair. | ||
Created directory '/home/ashgw/.ssh'. | ||
Enter passphrase (empty for no passphrase):`} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
<C> | ||
Optionally enter a key phrase, that's on you. | ||
</C> | ||
<Code | ||
code={`Your identification has been saved in /home/ashgw/.ssh/github | ||
Your public key has been saved in /home/ashgw/.ssh/github.pub | ||
The key fingerprint is: | ||
SHA256:A7vCUer8pc+IPmTOHS5ULS4hOXX4SElUA0lbVj9SbgI ashgw@ashx | ||
The key's randomart image is: | ||
+--[ED25519 256]--+ | ||
| +=*E.. . | | ||
| *+.o + | | ||
| +.+o.o = | | ||
| + oo+o.+ . | | ||
| oo+..S | | ||
| +=.o. . | | ||
| *=+... | | ||
| =+o= | | ||
| .oo+.o | | ||
+----[SHA256]-----+ | ||
Agent pid 3606 | ||
Identity added: /home/ashgw/.ssh/github (ashgw@ashx) | ||
➜ ~`} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
<C> | ||
You should get the same output with no problems. | ||
Now if you run the command, while `xclip` is installed, the public key will be copied to your clipboard, if you don't have `xclip`, then manually copy it. | ||
</C> | ||
<Code | ||
code={`cat ~/.ssh/github.pub`} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
<C>You should get the public key</C> | ||
<Code | ||
code={`➜ ~ cat ~/.ssh/github.pub | ||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMoih/l+dazF/waAOFry1h0i5kT4+cislDxfFRreE2I2 ashgw@ashx | ||
➜ ~ `} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
<H2>Where To Paste It?</H2> | ||
<C> | ||
Go <L href='https://github.com/settings/keys'>here</L>, Under SSH keys section, you'll find an "authentication keys" section as well as "signing key" section, paste your public key in **BOTH**. Before that works though, you need to modify your ``~/.gitconfig`` | ||
</C> | ||
<Code | ||
code={`[user] | ||
email = <YOUR_ACTUAL_VERIFIED_EMAIL_ON_GITHUB> | ||
name = <YOUR_NAME_CAN_BE_FAKE_THO> | ||
signingkey = /home/<YOUR_USERNAME_HERE>/.ssh/github.pub | ||
# other stuff ...`} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
<C> | ||
That's it. If you're wondering what else can be put inside ``~/.gitconfig`` you can checkout mine <L href='https://github.com/AshGw/dotfiles/blob/main/.gitconfig'>here</L>. Now your commits will be verified. | ||
</C> | ||
<H2>Connect With SSH, Sign With GPG</H2> | ||
<C> | ||
Do the steps above, then try to clone one of your repo's with `SSH`, if not problem occurs, you're good. Next, you must have `gpg` installed. You're probably on ``Debian``, here's how to cop it. | ||
</C> | ||
<Code | ||
code={`sudo apt update && install gnupg`} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
|
||
<C> | ||
Verify with: | ||
</C> | ||
|
||
<Code | ||
code={`gpg -version `} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
|
||
<C> | ||
Second, if you don't have a key laying around, generate a new one with: | ||
</C> | ||
|
||
<Code | ||
code={`gpg --full-generate-key`} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
|
||
<C> | ||
If you've successfully generated your key, then if you list your keys with | ||
</C> | ||
|
||
<Code | ||
code={`➜ ~ gpg -k `} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
|
||
<C> | ||
You should get something like this | ||
</C> | ||
|
||
<Code | ||
code={`➜ ~ gpg -k | ||
/home/ashgw/.gnupg/pubring.kbx | ||
------------------------------ | ||
pub rsa4096 2018-02-20 [SC] | ||
79821E0224D34EC4969FF6A8E5168EE090AE80D0 | ||
uid [ultimate] Ashref Gwader (personal) <ashrefgw@proton.me> | ||
sub rsa4096 2018-02-20 [E] | ||
➜ ~`} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
|
||
<C> | ||
You see that large number? That's your key ID. Copy it and paste it in your ``~/.gitconfig`` file | ||
</C> | ||
|
||
<Code | ||
code={`[user] | ||
email = <SAME_AS_ABOVE> | ||
name = <SAME_AS_ABOVE> | ||
signingkey = <THAT_ID> | ||
[gpg] # mandatory | ||
program = gpg | ||
[commit] # mandatory | ||
gpgsign = true | ||
# other stuff...`} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
|
||
<C> | ||
Next thing you need to export your public GPG key. | ||
</C> | ||
|
||
|
||
|
||
<Code | ||
code={`gpg --armor --export <THAT_KEY_ID> | xclip -selection clipboard`} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
|
||
|
||
<C> | ||
If you have `xclip` installed you'll get it copied to your clipboard, else, just run this | ||
</C> | ||
|
||
<Code | ||
code={`gpg --armor --export <THAT_KEY_ID> `} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
|
||
<C> | ||
You'll get your public key ID, it should start with | ||
</C> | ||
<Code | ||
code={`-----BEGIN PGP PUBLIC KEY BLOCK-----`} | ||
language="shell" | ||
showLineNumbers={false} | ||
/> | ||
<C> | ||
It's a long chain of characters, you can find mine <L href="https://github.com/ashgw.gpg">here</L>, yours will be there too if you use it to sign commits, at `https://github.com/<YOUR_USERNAME>.gpg`. | ||
|
||
Next, take the key you just copied and paste it <L href='https://github.com/settings/gpg/new'>here</L>, give the key a title so you don't forget it and paste the public key. | ||
That's it, your commits are now verified with your ``GPG`` key, while you're still able to use ``SSH`` with GitHub. | ||
</C> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters