X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=doc%2FGnuPG-signature.html;h=c431f9ad3bd0b6d5caca986449c842361c37a794;hb=7329118e9cfb41e4db0d898183304fcb0b204f7b;hp=c9e0455a23759c4bedec81212081947f757ba0cb;hpb=27cf2e671d1f35bd8c9383d008cd3733fc1c6e0d;p=github%2Fshaarli%2FShaarli.git diff --git a/doc/GnuPG-signature.html b/doc/GnuPG-signature.html index c9e0455a..c431f9ad 100644 --- a/doc/GnuPG-signature.html +++ b/doc/GnuPG-signature.html @@ -4,31 +4,49 @@ -
Gnu Privacy Guard (GnuPG) is an Open Source implementation of the Pretty Good [](.html)
Privacy (OpenPGP) specification. Its main purposes are digital authentication,
signature and encryption.
Gnu Privacy Guard (GnuPG) is an Open Source implementation of the Pretty Good [](.html)
+Privacy (OpenPGP) specification. Its main purposes are digital authentication,
+signature and encryption.
It is often used by the FLOSS community to verify:
See Generating a GPG key for Git tagging.
+$ gpg --gen-key
+$ gpg --gen-key
gpg (GnuPG) 2.1.6; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
@@ -114,7 +148,7 @@ code > span.er { color: #ff0000; font-weight: bold; }
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
-generator a better chance to gain enough entropy.
+generator a better chance to gain enough entropy.
gpg - entropy interlude
At this point, you will:
@@ -122,7 +156,7 @@ code > span.er { color: #ff0000; font-weight: bold; }
- be asked to use your machine's input devices (mouse, keyboard, etc.) to generate random entropy; this step may take some time
gpg - key creation confirmation
-gpg: key A9D53A3E marked as ultimately trusted
+gpg: key A9D53A3E marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
@@ -131,69 +165,11 @@ code > span.er { color: #ff0000; font-weight: bold; }
pub rsa2048/A9D53A3E 2015-07-31
Key fingerprint = AF2A 5381 E54B 2FD2 14C4 A9A3 0E35 ACA4 A9D5 3A3E
uid [ultimate] Marvin the Paranoid Android <marvin@h2g2.net>[](.html)
-sub rsa2048/8C0EACF1 2015-07-31
+sub rsa2048/8C0EACF1 2015-07-31
gpg - submit your public key to a PGP server (Optional)
-$ gpg --keyserver pgp.mit.edu --send-keys A9D53A3E
-gpg: sending key A9D53A3E to hkp server pgp.mit.edu
+$ gpg --keyserver pgp.mit.edu --send-keys A9D53A3E
+gpg: sending key A9D53A3E to hkp server pgp.mit.edu
Create and push a GPG-signed tag
-See Git - Maintaining a project - Tagging your [](.html)
releases.
-Prerequisites
-This guide assumes that you have:
-
-- a GPG key matching your GitHub authentication credentials
-
-- i.e., the email address identified by the GPG key is the same as the one in your
~/.gitconfig
-
-- a GitHub fork of Shaarli
-- a local clone of your Shaarli fork, with the following remotes:
-
-origin
pointing to your GitHub fork
-upstream
pointing to the main Shaarli repository
-
-- maintainer permissions on the main Shaarli repository (to push the signed tag)
-
-Bump Shaarli's version
-$ cd /path/to/shaarli
-
-# create a new branch
-$ git fetch upstream
-$ git checkout upstream/master -b v0.5.0
-
-# bump the version number
-$ vim index.php shaarli_version.php
-
-# commit the changes
-$ git add index.php shaarli_version.php
-$ git commit -s -m "Bump version to v0.5.0"
-
-# push the commit on your GitHub fork
-$ git push origin v0.5.0
-Create and merge a Pull Request
-This one is pretty straightforward ;-)
-Create and push a signed tag
-# update your local copy
-$ git checkout master
-$ git fetch upstream
-$ git pull upstream master
-
-# create a signed tag
-$ git tag -s -m "Release v0.5.0" v0.5.0
-
-# push it to "upstream"
-$ git push --tags upstream
-Verify a signed tag
-v0.5.0
is the first GPG-signed tag pushed on the Community Shaarli.
-Let's have a look at its signature!
-$ cd /path/to/shaarli
-$ git fetch upstream
-
-# get the SHA1 reference of the tag
-$ git show-ref tags/v0.5.0
-f7762cf803f03f5caf4b8078359a63783d0090c1 refs/tags/v0.5.0
-
-# verify the tag signature information
-$ git verify-tag f7762cf803f03f5caf4b8078359a63783d0090c1
-gpg: Signature made Thu 30 Jul 2015 11:46:34 CEST using RSA key ID 4100DF6F
-gpg: Good signature from "VirtualTam <virtualtam@flibidi.net>" [ultimate][](.html)
+See Release Shaarli.