Commit signing - Pull-Request-Club/PRC GitHub Wiki
This is not specific to this project (and could be a short blog post), but still is here for reference for now. It's not necessary for contributing to PRC but is recommended.
-
Install GnuPG2
sudo apt-get install gnupg2
-
Generate a new key if you don't have already
gpg2 --full-gen-key
- These would be enough: RSA (sign only), 4096, 6m (three months)
-
If you want to see details of your key, run
gpg2 --list-secret-keys --keyid-format LONG
-
Copy key ID (Xs in 4096R/XXXXXXXXXX is the ID), then run
gpg2 --armor --export KEYID
-
Paste output to https://github.com/settings/gpg/new to add your key to GitHub
-
Additionally, you can paste the same output to http://pgp.mit.edu/ too.
-
Add following to your
~/.gnupg/gpg.conf
for auto-pulling public keys for auto verification. Note that this will slow down git commands with signatures: If it finds the key, subsequent commands will be fast. If it can't find the key, it will be slow each time.keyserver hkp://pool.sks-keyservers.net keyserver-options auto-key-retrieve