document how to set up splitgpg for git

[mfc]

https://www.qubes-os.org/doc/split-gpg/

I know most Qubes folks have set it up, I imagine it is not too complicated.

https://help.github.com/articles/telling-git-about-your-gpg-key/
https://help.github.com/articles/signing-commits-using-gpg/

this would be really nice to highlight for developers.

[marmarek]

Besides standard gpg setup in git (setting keyid, automatic signing etc), the only thing required to enable usage of split gpg is:

git config --global gpg.program /usr/bin/qubes-gpg-client-wrapper

And of course set gpg backend domain name in /rw/config/gpg-split-domain, but that's a standard step in split gpg configuration in general.

[marmarek]

Besides standard gpg setup in git (setting keyid, automatic signing etc), the only thing required to enable usage of split gpg is:

git config --global gpg.program /usr/bin/qubes-gpg-client-wrapper

And of course set gpg backend domain name in /rw/config/gpg-split-domain, but that's a standard step in split gpg configuration in general.

[adrelanos]

Not sure this will require #474. I am using split gpg, but failed setting up split gpg a while ago for git. Don't remember anymore exactly why. A new try just now revealed, that my config works. If someone has time to test and document this, please do so.

1. Get split gpg to work.

2. ~/.gitconfig

[user]
name = Patrick Schleizer
email = adrelanos@riseup.net
signingkey = 0x8D66066A2EEACCDA

[commit]
gpgsign = true

[gpg]
program = qubes-gpg-client-wrapper

## {{ https://forums.whonix.org/t/git-users-enable-fsck-by-default-for-better-security

[transfer]
        fsckobjects = true
        fsckobjects = true
[fetch]
        fsckobjects = true
        fsckobjects = true
[receive]
        fsckobjects = true
        fsckobjects = true

## }}

3. usage: theupdateframework/tuf#255

[adrelanos]

Not sure this will require #474. I am using split gpg, but failed setting up split gpg a while ago for git. Don't remember anymore exactly why. A new try just now revealed, that my config works. If someone has time to test and document this, please do so.

1. Get split gpg to work.

2. ~/.gitconfig

[user]
name = Patrick Schleizer
email = adrelanos@riseup.net
signingkey = 0x8D66066A2EEACCDA

[commit]
gpgsign = true

[gpg]
program = qubes-gpg-client-wrapper

## {{ https://forums.whonix.org/t/git-users-enable-fsck-by-default-for-better-security

[transfer]
        fsckobjects = true
        fsckobjects = true
[fetch]
        fsckobjects = true
        fsckobjects = true
[receive]
        fsckobjects = true
        fsckobjects = true

## }}

3. usage: theupdateframework/tuf#255

[andrewdavidwong]

Another helpful thing to add: signing and verifying tags (using conventions specific to the Qubes OS Project). I seem to recall documenting this somewhere. Anyway, here's how I do it:

[alias]
        stag = "!id=`git rev-parse --verify HEAD`; git tag -s adw_${id:0:8} -m \"Tag for commit $id\""
        vtag = !git tag -v `git describe`

[andrewdavidwong]

Another helpful thing to add: signing and verifying tags (using conventions specific to the Qubes OS Project). I seem to recall documenting this somewhere. Anyway, here's how I do it:

[alias]
        stag = "!id=`git rev-parse --verify HEAD`; git tag -s adw_${id:0:8} -m \"Tag for commit $id\""
        vtag = !git tag -v `git describe`

[mfc]

great! it would be awesome to have the Table of Contents of the page highlight that there is documentation on split-gpg & email and split-gpg & git within, not sure if I should make a separate ticket for that?

[mfc]

great! it would be awesome to have the Table of Contents of the page highlight that there is documentation on split-gpg & email and split-gpg & git within, not sure if I should make a separate ticket for that?

[andrewdavidwong]

@mfc: Done.

[andrewdavidwong]

@mfc: Done.

[mfc]

awesome! looks great, thanks.

[mfc]

awesome! looks great, thanks.