Every developer loves swag. No exception. Almost every developers siting around me in office has some stickers on their shine laptops. Most of them has cool tshirts collected on conferences or meetups. Oh yeah! We, developers, love swag. There is even site where you can buy cool stuff for developer - DevSwag.com. Today I will show you, dear reader, some gitswag.

Who doesn’t want to be verified as git commit author? git-swag

git loves gnupg

git works nicely with GnuPG. It allows to sign and verify commits and other git objects. But swag is only a side-effect. If you are not signing commit basically everyone can set your name and email is its git config. Signature is the ultimate proof that you are author of this change.

First you need to generate your key. It is easy, just use gpg --full-generate-key and pass couple of information. When your key is ready upload it to your Github account. To make sure your copy-paste all without any crap run this command gpg --armor export your-key-id | pbcopy (but keep in mind that pbcopy is OSX specific).

Now you can sign your commit with git commit -S option. But it is super easy to forget about -S when commiting. That’s why I added to my git config entries that will sign every commit I made.

git config user.signingKey you-key-id
git config commit.gpgsign true

Done! Now every commit will be signed.

But there are some drawbacks. Signing every commit means that after you type you commit message you will be asked to type password for you key. It is very annoying when you are performing git rebase master because you will be asked for password for every commit that is not in master branch. There are some options to remember your passphrase but honestly I think it is a no-no.

You can always verify commit you just pulled with git verify-commit