X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=doc%2FGnuPG-signature.md;h=b0028d557c8c71f08ca0e0e1738b8c1f607eae1a;hb=5409ade28c5f0acf99dbadd4d95e6f8efda5d395;hp=e8dbdb11ffacafca9c7226c3c12c90e371c68524;hpb=9f400b0dad68b82d65692bd6ab6190f6a787fa89;p=github%2Fshaarli%2FShaarli.git diff --git a/doc/GnuPG-signature.md b/doc/GnuPG-signature.md index e8dbdb11..b0028d55 100644 --- a/doc/GnuPG-signature.md +++ b/doc/GnuPG-signature.md @@ -20,7 +20,8 @@ Trust can be gained by having your key signed by other people (and signing their - [Web of trust](https://en.wikipedia.org/wiki/Web_of_trust)[](.html) ## Generate a GPG key -See [Generating a GPG key for Git tagging](http://stackoverflow.com/a/16725717).[](.html) +- [Generating a GPG key for Git tagging](http://stackoverflow.com/a/16725717) (StackOverflow)[](.html) +- [Generating a GPG key](https://help.github.com/articles/generating-a-gpg-key/) (GitHub)[](.html) ### gpg - provide identity information ```bash @@ -72,70 +73,5 @@ gpg: sending key A9D53A3E to hkp server pgp.mit.edu ``` ## Create and push a GPG-signed tag -See [Git - Maintaining a project - Tagging your [](.html) -releases](http://git-scm.com/book/en/v2/Distributed-Git-Maintaining-a-Project#Tagging-Your-Releases). - -### Prerequisites -This guide assumes that you have: -- a GPG key matching your GitHub authentication credentials - - i.e., the email address identified by the GPG key is the same as the one in your `~/.gitconfig` -- a GitHub fork of Shaarli -- a local clone of your Shaarli fork, with the following remotes: - - `origin` pointing to your GitHub fork - - `upstream` pointing to the main Shaarli repository -- maintainer permissions on the main Shaarli repository (to push the signed tag) - -### Bump Shaarli's version -```bash -$ cd /path/to/shaarli - -# create a new branch -$ git fetch upstream -$ git checkout upstream/master -b v0.5.0 - -# bump the version number -$ vim index.php shaarli_version.php - -# commit the changes -$ git add index.php shaarli_version.php -$ git commit -s -m "Bump version to v0.5.0" - -# push the commit on your GitHub fork -$ git push origin v0.5.0 -``` - -### Create and merge a Pull Request -This one is pretty straightforward ;-) - -### Create and push a signed tag -```bash -# update your local copy -$ git checkout master -$ git fetch upstream -$ git pull upstream master -# create a signed tag -$ git tag -s -m "Release v0.5.0" v0.5.0 - -# push it to "upstream" -$ git push --tags upstream -``` - -### Verify a signed tag -[`v0.5.0`](https://github.com/shaarli/Shaarli/releases/tag/v0.5.0) is the first GPG-signed tag pushed on the Community Shaarli.[](.html) - -Let's have a look at its signature! - -```bash -$ cd /path/to/shaarli -$ git fetch upstream - -# get the SHA1 reference of the tag -$ git show-ref tags/v0.5.0 -f7762cf803f03f5caf4b8078359a63783d0090c1 refs/tags/v0.5.0 - -# verify the tag signature information -$ git verify-tag f7762cf803f03f5caf4b8078359a63783d0090c1 -gpg: Signature made Thu 30 Jul 2015 11:46:34 CEST using RSA key ID 4100DF6F -gpg: Good signature from "VirtualTam " [ultimate][](.html) -``` +See [Release Shaarli](Release-Shaarli.html).