Please familiarise yourself with our:
- Code of conduct
- Code Standards
- Contributing guidelines
- Guide to Code Reviews
- Github Project Board Guide
- GPG Signing Guide (you are here)
- Primary README
This document explains how to set up GPG Signing on MacOS for Simorgh and its relating projects.
GPG Signing is an added layer of security to commits. By enforcing a GPG signature on the key, Github verifies that the commits are indeed written by you. (As long as you keep the private side of the key secure) You can also use your GPG key to sign messages, files and even your emails. But for the purpose of this doc we are only interested in commits.
Setting up GPG on a MacOS is actually quite simple. Please follow the links for the detailed documentation given by Github.
- Download and install GPG Tools
- Uninstall GPG Tools Mail
- Open the app and create a new key pair
- The application will automatically prompt you
- Add your public GPG key to GitHub
- Tell git about the gpg sign
- Turn on commit signing
In your local repository you can turn on automatic signing with this command:
git config commit.gpgsign true
If you want git to globally sign all commits that you make use this command:
git config --global commit.gpgsign true
- Make sure you follow the following step: https://help.github.com/en/articles/telling-git-about-your-signing-key
- Install Pineentry from link or
homebrew
brew install pinentry-mac