📅 Original date posted:2014-05-21
📝 Original message:Hello all,
When you're contributing to Bitcoin Core development please sign your
git commits. This is easy to do and will help in assuring the
integrity of the tree.
How to sign your commits?
------------------------------------------
Provide the `-S` flag (or `--gpg-sign`) to git commit when you commit
your changes, for example
git commit -m "Commit message" -S
Optionally you can provide a key id after the -S option to sign with a
specific key.
What if I forgot?
-------------------------
You can retroactively sign your previous commit using --amend, for example
git commit -S --amend
If you need to go further back, you can use the interactive rebase
command with 'edit'. Replace HEAD~3 with the base commit from which
you want to start.
git rebase -i HEAD~3
Replace 'pick' by 'edit' for the commit that you want to sign and the
rebasing will stop after that commit. Then you can amend the commit as
above. Afterwards, do
git rebase --continue
As this will rewrite history, you cannot do this when your commit is
already merged. In that case, too bad, better luck next time.
If you rewrite history for another reason - for example when squashing
commits - make sure that you re-sign as the signatures will be lost.
How to check if commits are signed?
-------------------------------------------------------
Use git log with show-signature,
git log --show-signature
commit 6fcdad787f1fb381a3a0fe6b1a1e45477426dccb
gpg: Signature made Wed 21 May 2014 12:27:55 PM CEST using RSA key
ID 2346C9A6
gpg: Good signature from "Wladimir J. van der Laan <laanwj at gmail.com>"
Author: Wladimir J. van der Laan <laanwj at gmail.com>
Date: Wed May 21 12:27:37 2014 +0200
qt: Periodic language update
...
You can also pass the --show-signature option to `git show` to check a
single commit.
If you do this on the current repository you'll see that I'm almost
the only person signing commits. I would like more people to get into
this habit.
How to sign merges?
--------------------------------
When using the github interface to merge a pull request, the resulting
merge commit is not signed.
Pieter Wullie wrote a script that simplifies merging and signing. It
can be found in contrib/devtools. Setup instructions can be found in
the README.md in that directory. After setting it up for the
repository you can use the script in the following way:
contrib/devtools/github-merge.sh 1234
Replace 1234 by the pull request number that you want to merge. It
will merge the pull request and drop you into a shell so you can
verify changes and test. Once satisfied, exit the shell and answer the
questions to merge and sign it and push upstream automatically (or
not).
Please use this script when possible for merging instead of the github
interface.
--------------------------
Wladimir
Wladimir [ARCHIVE] /
npub1xq…ymc2p
2023-06-07 15:21:52
in reply to nevent1q…pcmu
Author Public Key
npub1xqshkqv2g7uea4xzqwvmgjcz7u8vfavw6aazs999v0azsv3w7u3qpymc2pPublished at
2023-06-07 15:21:52Event JSON
{
"id": "0488b008c1cab6a05b7c476048ce185686b90cc1df09df331cbc855c9ca52cd7",
"pubkey": "30217b018a47b99ed4c20399b44b02f70ec4f58ed77a2814a563fa28322ef722",
"created_at": 1686151312,
"kind": 1,
"tags": [
[
"e",
"6ed0060b87c02af20d6af6fded563264095ae2a36fee168b566cb3b0da703edb",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2014-05-21\n📝 Original message:Hello all,\n\nWhen you're contributing to Bitcoin Core development please sign your\ngit commits. This is easy to do and will help in assuring the\nintegrity of the tree.\n\nHow to sign your commits?\n------------------------------------------\n\nProvide the `-S` flag (or `--gpg-sign`) to git commit when you commit\nyour changes, for example\n\n git commit -m \"Commit message\" -S\n\nOptionally you can provide a key id after the -S option to sign with a\nspecific key.\n\nWhat if I forgot?\n-------------------------\n\nYou can retroactively sign your previous commit using --amend, for example\n\n git commit -S --amend\n\nIf you need to go further back, you can use the interactive rebase\ncommand with 'edit'. Replace HEAD~3 with the base commit from which\nyou want to start.\n\n git rebase -i HEAD~3\n\nReplace 'pick' by 'edit' for the commit that you want to sign and the\nrebasing will stop after that commit. Then you can amend the commit as\nabove. Afterwards, do\n\n git rebase --continue\n\nAs this will rewrite history, you cannot do this when your commit is\nalready merged. In that case, too bad, better luck next time.\n\nIf you rewrite history for another reason - for example when squashing\ncommits - make sure that you re-sign as the signatures will be lost.\n\nHow to check if commits are signed?\n-------------------------------------------------------\n\nUse git log with show-signature,\n\n git log --show-signature\n\n commit 6fcdad787f1fb381a3a0fe6b1a1e45477426dccb\n gpg: Signature made Wed 21 May 2014 12:27:55 PM CEST using RSA key\nID 2346C9A6\n gpg: Good signature from \"Wladimir J. van der Laan \u003claanwj at gmail.com\u003e\"\n Author: Wladimir J. van der Laan \u003claanwj at gmail.com\u003e\n Date: Wed May 21 12:27:37 2014 +0200\n\n qt: Periodic language update\n ...\n\nYou can also pass the --show-signature option to `git show` to check a\nsingle commit.\n\nIf you do this on the current repository you'll see that I'm almost\nthe only person signing commits. I would like more people to get into\nthis habit.\n\nHow to sign merges?\n--------------------------------\n\nWhen using the github interface to merge a pull request, the resulting\nmerge commit is not signed.\n\nPieter Wullie wrote a script that simplifies merging and signing. It\ncan be found in contrib/devtools. Setup instructions can be found in\nthe README.md in that directory. After setting it up for the\nrepository you can use the script in the following way:\n\n contrib/devtools/github-merge.sh 1234\n\nReplace 1234 by the pull request number that you want to merge. It\nwill merge the pull request and drop you into a shell so you can\nverify changes and test. Once satisfied, exit the shell and answer the\nquestions to merge and sign it and push upstream automatically (or\nnot).\n\nPlease use this script when possible for merging instead of the github\ninterface.\n\n--------------------------\n\nWladimir",
"sig": "6dd4d94292de797a5a582f28453a8ad4e81dc56f113bb7a366db58db6628002c44cfe75ef7857108111b0aa91a86e884cfa0c8ff333a9b5c6f006b4c3dc78f64"
}