git commit 签名

git commit 签名是对 git 的 commit 信息进行一个验证，确保代码提交者是代码修改者本身，防止恶意提交，保护代码的安全。git 有自身的扩展，用来对 commit 进行签名，比如使用 gpg 即可完成 commit 签名。

GPG key 生成

执行 gpg --full-generate-key 即可生成一对 gpg key pair：

gpg --full-generate-key
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.Please select what kind of key you want:(1) RSA and RSA (default)(2) DSA and Elgamal(3) DSA (sign only)(4) RSA (sign only)(14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.0 = key does not expire<n>  = key expires in n days<n>w = key expires in n weeks<n>m = key expires in n months<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Wed Jun 28 21:45:26 2023 CST
Is this correct? (y/N) yGnuPG needs to construct a user ID to identify your key.Real name: xiaomage
Email address: devops008@sina.com
Comment: gpg signature git commit
You selected this USER-ID:"xiaomage (gpg signature git commit) <devops008@sina.com>"Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key C9DE119E4E550644 marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/9D6DA2C807767AD9ECB335AEC9DE119E4E550644.rev'
public and secret key created and signed.pub   rsa4096 2022-06-28 [SC] [expires: 2023-06-28]9D6DA2C807767AD9ECB335AEC9DE119E4E550644
uid                      xiaomage (gpg signature git commit) <devops008@sina.com>
sub   rsa4096 2022-06-28 [E] [expires: 2023-06-28]

在交互的过程中填写必要的信息，即可完成 gpg key pair 的生成，然后用 gpg -k/-K 查看：

$ gpg -k
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2023-06-28
/root/.gnupg/pubring.kbx
------------------------
pub   rsa4096 2022-06-28 [SC] [expires: 2023-06-28]9D6DA2C807767AD9ECB335AEC9DE119E4E550644
uid           [ultimate] xiaomage (gpg signature git commit) <devops008@sina.com>
sub   rsa4096 2022-06-28 [E] [expires: 2023-06-28]$ gpg -K
/root/.gnupg/pubring.kbx
------------------------
sec   rsa4096 2022-06-28 [SC] [expires: 2023-06-28]9D6DA2C807767AD9ECB335AEC9DE119E4E550644
uid           [ultimate] xiaomage (gpg signature git commit) <devops008@sina.com>
ssb   rsa4096 2022-06-28 [E] [expires: 2023-06-28]

使用 GPG 为极狐GitLab git commit 签名

在极狐GitLab 中添加 GPG public key

使用 gpg 为极狐GitLab git commit 签名之前，需要将 gpg public key 导出。用如下命令即可导出 gpg public key：


$ gpg --armor --export 9D6DA2C807767AD9ECB335AEC9DE119E4E550644
-----BEGIN PGP PUBLIC KEY BLOCK-----mQINBGK7BhcBEADmWE3Kp5KtevdVmj964EQT2pCB9rugw+kCqQcfnM0Ge5Jj63QG
FSaRvnt8ylq/DktnPPkx7zf/koL464SpiIJu3blWqf9OBOhIiRRRhzSo8znYT8z9
0ttkXZ6SLoMYtzaAgaBkk0IcZJMd8exdYBdqPQEZIiNl2RbQ58xwaOpCkircs4S2
YPm2crhtc7wG2POtkdAeO6YmoY69cQ21RAt2RJZujU4zd4kZsDEgnlXCirnQ+orm
Ek4a70+VUg54+LxUQxG8Ld0lyUuUDsKmvrgr9NFDdwngF4wyn445Su3Hlr0UwmSx
en98b76hbzUoXbjkdGOWw27qK2kqw34dNns04sGygJCH0MjxG4XMnO/cMo8Yhp86
Xcz1H7th0OzTJ3TMTc8APXktBWDaEffhu6n61IaZVNF+M22RDMcbq0Mqu1LnHYof
3v0WR5ME6CtgGWaFSuFNw31kHVS0LI3JYBIivQbvuOGHjxHrOIF/pRweoDcnAzaC
wFDGyJl5e01FhQSZOOdtP1ukmwOUcJvBQkH9H4fVOgV1Ys8TEJdOn3r8K806SD6K
xtKNEtaa4enIlk/Gp7VmvHBOIExZrd+e+sVkeOAvAWI9KavYlu+p5DuacJDHorNY
vycDjnw/olOuw2ttLfqQs52NZi+3cSc6BhhHJ5uFuGdgo5i6OcXa9LKdhQARAQAB
tDh4aWFvbWFnZSAoZ3BnIHNpZ25hdHVyZSBnaXQgY29tbWl0KSA8ZGV2b3BzMDA4
QHNpbmEuY29tPokCVAQTAQoAPhYhBJ1tosgHdnrZ7LM1rsneEZ5OVQZEBQJiuwYX
AhsDBQkB4TOABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEMneEZ5OVQZEEBAP
/3nPeF+sPKNRPRlfXDqkprIrvAybxRSxKT5a/sok6mGtELkI0lj/LXNqd9tY/4nV
3uRqUAEyq2jAg5YnXir5YcnF7ZTsKyq+J7y3FJ4+pvhvRX1syEXvrxj0GFklX9bS
fgnsziY5WrMrpZUx+uTTs2OOyF8cMfCU/aihuZgDwFpiik0Mot3pNxmWzojTzUlk
ttGvlDDwQCcRmYRBpj9B7i9G5AzKefu6QSZ9o1aBcdI6hIpFXcd+ED5TvVU+qlzc
bFXR0gE+GEA1N2zDP2qdeCTXwYvXrZVTUq/mCuK+WTMrrzVd6DoG5VUzfcSeXi4Z
muP2LLq+OGxRtBCoIYCqo+spAQNaAGyjVAN2YFl3H4zkswUG4Xeqr1wQ63m9VAJa
4qiGo63JZ41GLgknlimm+9Pe6Bp+qTA4lvRU2tXjV0HT9+JESB1hPYzDFoTHC6Qm
4KV3V3VjULr+oCDUnJV4oLPHpHhi5tVd1UwN769zTJRmDxRzZuUdsKmjI82iEXR5
8vD65ZPBJJulb0qynReK6NQXY+qDUQy6fGYcEljP+QIWzAmzzBrMqttHRbAV4KpT
sGAiD68iAuKzILVXvX8pcEz9Mf1fYmOMxDOBDyNSefmXf/g6d3gdifNLkRd6JHGW
GrIInbKN1f546N09IuZ/PU9C1dRpuaETEwXatGRMTSjfuQINBGK7BhcBEAC+Uowg
6aT+Vzd3kCFx27L6q3Xe0YFY8YPsq3lC1/QtV7nozbxye/gghAEVKK7vHtzYqNoz
eTjp4T8eQsXgr5f+eN3BjUqbcTBcVP2+/1lV9bZTIcuYkaK32Z8ld6w3mHwQvdwV
aw0qKK00O7ATEfCNdvKBQ6kZIUs0IQCmVBCbDPyI57m96huyHZ+s5zQ6L1PoE0j/
FoVpXz09QHwRlWzfGPaUyHtK4A+CSWq1usYCwhW1/Yjy5q8M0qd/InXvXRQvz+vH
XBI7oa4DoEAp2MsGYov3H9oqjQxqPBw6s347eocHJ2sdLII7TUqpoJ0ou/jhauPf
wyz3XzJZ8Kvvg8rYP7Bxjfo81k6JTE88F1UxHs02H+Ppuu2/0Ggv9vWJW1hcsh5L
Ccr3jnQGAkUWNl7I2/X8B3131/TICKdvEy4x1EXJgp/6KAJNo4lvUKjcMxzrf/SK
9ERiM0GADGPh6D09DBzNhnmKyAftLK+EySTdvtuFZYDr2XYip94+NSzZujkDmfDT
OmvrBeOYVJjvt1eU67U5FVfsT/MHQQp+AfmjDklfjCA/wgJU6uolNf9ARwl4FOTw
QfW+6E1qGX/ySLIn+1VhAiEKSqIblJr7OvevsY3QHpR+CTvCmRBYZoBciYINCrBO
dWu0BUH32XvuQ3xoTvHx0FTiAA9rmebiqop/UQARAQABiQI8BBgBCgAmFiEEnW2i
yAd2etnsszWuyd4Rnk5VBkQFAmK7BhcCGwwFCQHhM4AACgkQyd4Rnk5VBkQy8RAA
rjOckyOoh0KBcZ55UtliB850Lq31kVz07J2+bkWyCCS9WTOjyKwxUdm5tKEZBUpl
wvp+JurnysIKmRGjYl4tTAJLqtk8KLDo/pxZm36x/jCJ57S/d7+Mu3a85sieUZNq
ASI+vgTWscPLB0eJxke7DqwFb8qhiF3n8S7JGO0GDYd9tZj+X3EzSvXs6PPekt20
LPm8GO3EbLsuDdaHAePTIpPTlYKmwH3RZA40aWuQ8feWCHizL1lDUTra842sORBm
l88U6Cub+cpzHO6kCel1HC/zNA37x66rDUdeDB6LuzIpmO94ECSNydkgLn7vxsvv
pECtNsNTahoC6pBgGdtqzodwKDMCKHkG4UFp3mAfeEUntO8EXd87G3CB/ylS7g1A
ePaaMwTj0ZCkTaVSB6f8uqatShQlDsaSSETdEj2TRHJfj5qwos9ztww52qO0MVCh
5SllMZ2VjBYPjks9vSjufnc0glFFqUsZTVZa6RfJLBgcUUqjE5qemy9wkztXFOF+
mLb+Xi8Slj9f2h2yKPxsg8Nb5KcVlA+XG5+kLOaxxupXPibvf9IywBNaGrLnqHsN
W/t/yAcynuyheFPXQLUHeTmL2ODORkRrwjgP0fTYL4YPGoA15XLKHwk315ZxKPaK
hsVsC/wdkOeP2lYFqhC0VsisyUwxBVBGVH6+GQ6CPpg=
=zNIV
-----END PGP PUBLIC KEY BLOCK-----

然后添加到极狐GitLab 实例中。通过右上角账号 --> preference --> GPG keys，找到添加 gpg

public key 的地方：

将上述导出的 public key 添加到右侧方框中：

点击 Add key之后，可以看到，添加成功：

配置 Git

配置 Git 之前，需要先获取 signingkey：

$ gpg --list-secret-keys --keyid-format LONG devops008@sina.com
sec   rsa4096/C9DE119E4E550644 2022-06-28 [SC] [expires: 2023-06-28]9D6DA2C807767AD9ECB335AEC9DE119E4E550644
uid                 [ultimate] xiaomage (gpg signature git commit) <devops008@sina.com>
ssb   rsa4096/B3350C8C4DF966BF 2022-06-28 [E] [expires: 2023-06-28]

sec 后面的 ID 就是 signingkey，也即 signingkey 是 C9DE119E4E550644。接着用 git config 命令配置 signingkey 即可：

$ git config --global user.signingkey C9DE119E4E550644

进行 Git 提交

找一个 Demo repo 进行测试。以 Repo git@jihulab.com:keyboard-man/tekton-image.git 为例来验证。先 clone 代码到本地：

$ git clone git@jihulab.com:keyboard-man/tekton-image.git

对其中的 main.go 文件做一个修改（比如修改 port，从 9999 到 9909），然后提交代码：

$ git add . && git commit -S -m "jihu gpg git singture commit"
[main 094d378] jihu gpg git singture commit1 file changed, 1 insertion(+), 1 deletion(-)$ git push
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 4 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 968 bytes | 968.00 KiB/s, done.
Total 3 (delta 2), reused 0 (delta 0)

接着就可以查看签名信息了。

查看签名信息

在对应的仓库 commit 信息中，查看上述的提交：

可以看到在 commit 信息的右侧有一个 Verified 的标志，上面显示的内容有 This commit was signed with a verified signature and the committer email is verified to belong to the same user. 。这也证明，用上述生成的 gpg key 对极狐GitLab 的 git commit 进行了签名。

使用 GPG 为极狐GitLab git commit 签名相关推荐

极狐GitLab 和 ArgoCD 的集成实践
极狐GitLab ArgoCD 和 GitOps 概述 ArgoCD 是一款开源且主要针对 Kubernetes 来做 GitOps 的持续交付工具.现在是 CNCF 的孵化项目.其整体架构图如下: ...
极狐(GitLab)发布首款“GitNative”DevOps云一体化解决方案
2022年1月5日,极狐(GitLab)正式宣布推出业界首款"GitNative"--"Git原生" DevOps 云一体化解决方案(以下简称"Git ...
版本更新 | 极狐 GitLab 15.2 发布飞书通知机器人、多层史诗调整至专业版、实时 Wiki 图表预览和全新设计的合并请求报告
沿袭我们28日发布的传统,今天带来了极狐GitLab 15.2 版本,新功能包括极狐版专享 - 飞书通知机器人,极狐版专享 - 多层史诗调整至专业版,实时 Wiki 图表预览.事件(Incident ...
官宣 | 极狐GitLab SaaS来了！
GitLab点击蓝字关注我们虎力全开的极狐(GitLab) 如虎添翼极狐GitLab SaaS正式上线极狐(GitLab)正式宣布推出极狐GitLab SaaS (JihuLab.com),为 ...
从 SVN 到极狐GitLab的迁移指南
目录前提条件 SVN 的安装和配置使用 SVN 的安装 SVN 配置使用 SVN 协议配置使用 HTTP/HTTPS 协议配置使用 SVN 到极狐GitLab的迁移使用 svn2git 来迁移使 ...
极狐GitLab 15.3 | issues 中建任务、许可证合规分析，超 30 项更新全面来袭！
沿袭我们月度发布的传统,今天带来了极狐GitLab 15.3 版本,新功能包括议题中的任务.免费的 GitOps 功能.SAML 群组链接的 API 维护.高级密码复杂度要求等. 这些只是该版本中 6 ...
极狐(GitLab)宣布获数亿元A轮融资，将加速推动中国开源DevOps生态
2022年4月11日,极狐(GitLab)(以下简称"极狐公司")正式宣布A轮融资签约完成,融资金额达数亿元人民币.本轮融资分两阶段进行,第一阶段由淡马锡领投,Alpha Prim ...
极狐GitLab硬实力助力中国开源生态建设
近两年,我国开源生态发展势头迅猛,在推动信息技术产业创新,促进产业协作,加快各行业数字化进程等方面的作用日益突出.为满足各类企业级用户技术创新与敏捷迭代的需求,9月23日,极狐GitLab在京举办了& ...
使用 KubeSphere 和极狐GitLab 打造云原生持续交付系统
KubeSphere 简介 Kubernetes 是一个非常复杂的容器编排平台,学习成本非常高,KubeSphere 所做的事情就是高度产品化和抽象了底层 Kubernetes,是一个面向云原生的操作 ...

使用 GPG 为极狐GitLab git commit 签名

git commit 签名

GPG key 生成

使用 GPG 为极狐GitLab git commit 签名

在极狐GitLab 中添加 GPG public key

配置 Git

进行 Git 提交

查看签名信息

使用 GPG 为极狐GitLab git commit 签名相关推荐

最新文章

热门文章