Every developer loves swag. No exception. Almost every developers
siting around me in office has some stickers on their shine
laptops. Most of them has cool tshirts collected on conferences or
meetups. Oh yeah! We, developers, love swag. There is even site where
you can buy cool stuff for developer -
DevSwag.com. Today I will show you, dear
Who doesn’t want to be
verified as git commit author?
git loves gnupg
git works nicely with
GnuPG. It allows to sign and verify commits and
other git objects. But swag is only a side-effect. If you are not
signing commit basically everyone can set your name and email is its
git config. Signature is the ultimate proof that you are author of
First you need to generate your key. It is easy, just use
--full-generate-key and pass couple of information. When your key is
ready upload it to your Github
account. To make sure your
copy-paste all without any crap run this command
gpg --armor export
your-key-id | pbcopy (but keep in mind that
pbcopy is OSX specific).
Now you can sign your commit with
git commit -S option. But it is
super easy to forget about
-S when commiting. That’s why I added to
git config entries that will sign every commit I made.
git config user.signingKey you-key-id git config commit.gpgsign true
Done! Now every commit will be signed.
But there are some drawbacks. Signing every commit means that after
you type you commit message you will be asked to type password for you
key. It is very annoying when you are performing
git rebase master
because you will be asked for password for every commit that is not in
master branch. There are some options to remember your passphrase
but honestly I think it is a no-no.
You can always verify commit you just pulled with