The Codeberg Documentation website by The Codeberg Documentation Contributors is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
It bundles third-party font software licensed under a different license. Please look at the LICENSE file for details.
Changes to the original versions of the article as well as its individual authors can be looked up in this article's commit history
Codeberg and the Codeberg Logo are trademarks of Codeberg e.V.
GPG is an open-source cryptographic software application that implements the OpenPGP standard. With a GPG keypair, you can sign or encrypt text. Git allows you to sign your commits, so other collaborators can be assured it was you who created them.
If you have your public key in an easy-to-find location, great! You can skip to adding it to your account. If not, we will be using the GnuPG software to check.
If you are using Linux, this might already be installed. Check by typing gpg --version in the terminal.
gpg --list-secret-keys --keyid-format LONG into your terminal, and it will list all the keys that you have both a public and a private key for.Make sure that your selected key uses the same email as your Codeberg account.
If you haven’t already, be sure to install GnuPG, as you will be using it to generate your keys.
gpg --full-generate-key into your terminal.1 and press Enter to select RSA and RSA.y and press Enter to confirm.gpg --list-secret-keys --keyid-format LONG into the terminal.3AA5C34371567BD2:$ gpg --list-secret-keys --keyid-format LONG
/home/knut/.gnupg/pubring.kbx
--------------------------
sec rsa4096/3AA5C34371567BD2 2021-06-06 [SC] [expires: 2022-06-06]
6CD8F2B4F3E2E8F08274B563480F8962730149C7
uid [ultimate] knut <knut@codeberg.org>
ssb rsa4096/42B317FD4BA89E7A 2021-06-06 [E] [expires: 2022-06-06]gpg --armor --export <GPG KEY ID> into the terminal. This will output your public key.-----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----.Anyone can add a random public key; but fortunately, Codeberg provides a mechanism to verify that the key belongs to you. Every keypair consists of a public and a private key that are connected to one another. Using this private key, you can sign the provided message. If the signed message is valid, Codeberg can confirm that the added key is yours.
-----BEGIN PGP SIGNATURE----- and -----END PGP SIGNATURE-----.You will need to tell Git about your key and have it sign new commits for you.
git config --global user.signingkey <GPG KEY ID>git config --global commit.gpgsign trueJust in case you have a similar error to the one below when signing a commit.
error: gpg failed to sign the data
fatal: failed to write commit objectThen you need to execute the following command in order to add the GPG_TTY variable to your ~/bashrc file.
[ -f ~/.bashrc ] && echo -e '\nexport GPG_TTY=$(tty)' >> ~/.bashrcAfter that, log out your session (there's no need to reboot) and you will be able to sign your commits.
Attribution
This guide is derived from GitHub Docs, used under CC-BY 4.0.
Hey there! 👋 Thank you for reading this article!
Is there something missing, or do you have an idea on how to improve the documentation? Do you want to write your own article?
You're invited to contribute to the Codeberg Documentation at its source code repository, for example, by adding a pull request or joining in on the discussion in the issue tracker.
For an introduction on contributing to Codeberg Documentation, please have a look at the Contributor FAQ.
© Codeberg Docs Contributors. See LICENSE