diff options
author | Arthur <arthur@hoa.ro> | 2016-04-14 14:25:50 +0100 |
---|---|---|
committer | Arthur <arthur@hoa.ro> | 2016-04-14 14:25:50 +0100 |
commit | 62a5ba083d5137feaef9f4293c401521bad603b0 (patch) | |
tree | 4c8b55010ad02d91b524b0cb8cc02ddf318fcaa2 /doc/GnuPG-signature.md | |
parent | 9f400b0dad68b82d65692bd6ab6190f6a787fa89 (diff) | |
parent | 5409ade28c5f0acf99dbadd4d95e6f8efda5d395 (diff) | |
download | Shaarli-62a5ba083d5137feaef9f4293c401521bad603b0.tar.gz Shaarli-62a5ba083d5137feaef9f4293c401521bad603b0.tar.zst Shaarli-62a5ba083d5137feaef9f4293c401521bad603b0.zip |
Merge pull request #540 from ArthurHoaro/doc/update20160414
Update docs from Wiki
Diffstat (limited to 'doc/GnuPG-signature.md')
-rw-r--r-- | doc/GnuPG-signature.md | 70 |
1 files changed, 3 insertions, 67 deletions
diff --git a/doc/GnuPG-signature.md b/doc/GnuPG-signature.md index e8dbdb11..b0028d55 100644 --- a/doc/GnuPG-signature.md +++ b/doc/GnuPG-signature.md | |||
@@ -20,7 +20,8 @@ Trust can be gained by having your key signed by other people (and signing their | |||
20 | - [Web of trust](https://en.wikipedia.org/wiki/Web_of_trust)[](.html) | 20 | - [Web of trust](https://en.wikipedia.org/wiki/Web_of_trust)[](.html) |
21 | 21 | ||
22 | ## Generate a GPG key | 22 | ## Generate a GPG key |
23 | See [Generating a GPG key for Git tagging](http://stackoverflow.com/a/16725717).[](.html) | 23 | - [Generating a GPG key for Git tagging](http://stackoverflow.com/a/16725717) (StackOverflow)[](.html) |
24 | - [Generating a GPG key](https://help.github.com/articles/generating-a-gpg-key/) (GitHub)[](.html) | ||
24 | 25 | ||
25 | ### gpg - provide identity information | 26 | ### gpg - provide identity information |
26 | ```bash | 27 | ```bash |
@@ -72,70 +73,5 @@ gpg: sending key A9D53A3E to hkp server pgp.mit.edu | |||
72 | ``` | 73 | ``` |
73 | 74 | ||
74 | ## Create and push a GPG-signed tag | 75 | ## Create and push a GPG-signed tag |
75 | See [Git - Maintaining a project - Tagging your [](.html) | ||
76 | releases](http://git-scm.com/book/en/v2/Distributed-Git-Maintaining-a-Project#Tagging-Your-Releases). | ||
77 | |||
78 | ### Prerequisites | ||
79 | This guide assumes that you have: | ||
80 | - a GPG key matching your GitHub authentication credentials | ||
81 | - i.e., the email address identified by the GPG key is the same as the one in your `~/.gitconfig` | ||
82 | - a GitHub fork of Shaarli | ||
83 | - a local clone of your Shaarli fork, with the following remotes: | ||
84 | - `origin` pointing to your GitHub fork | ||
85 | - `upstream` pointing to the main Shaarli repository | ||
86 | - maintainer permissions on the main Shaarli repository (to push the signed tag) | ||
87 | |||
88 | ### Bump Shaarli's version | ||
89 | ```bash | ||
90 | $ cd /path/to/shaarli | ||
91 | |||
92 | # create a new branch | ||
93 | $ git fetch upstream | ||
94 | $ git checkout upstream/master -b v0.5.0 | ||
95 | |||
96 | # bump the version number | ||
97 | $ vim index.php shaarli_version.php | ||
98 | |||
99 | # commit the changes | ||
100 | $ git add index.php shaarli_version.php | ||
101 | $ git commit -s -m "Bump version to v0.5.0" | ||
102 | |||
103 | # push the commit on your GitHub fork | ||
104 | $ git push origin v0.5.0 | ||
105 | ``` | ||
106 | |||
107 | ### Create and merge a Pull Request | ||
108 | This one is pretty straightforward ;-) | ||
109 | |||
110 | ### Create and push a signed tag | ||
111 | ```bash | ||
112 | # update your local copy | ||
113 | $ git checkout master | ||
114 | $ git fetch upstream | ||
115 | $ git pull upstream master | ||
116 | 76 | ||
117 | # create a signed tag | 77 | See [Release Shaarli](Release-Shaarli.html). |
118 | $ git tag -s -m "Release v0.5.0" v0.5.0 | ||
119 | |||
120 | # push it to "upstream" | ||
121 | $ git push --tags upstream | ||
122 | ``` | ||
123 | |||
124 | ### Verify a signed tag | ||
125 | [`v0.5.0`](https://github.com/shaarli/Shaarli/releases/tag/v0.5.0) is the first GPG-signed tag pushed on the Community Shaarli.[](.html) | ||
126 | |||
127 | Let's have a look at its signature! | ||
128 | |||
129 | ```bash | ||
130 | $ cd /path/to/shaarli | ||
131 | $ git fetch upstream | ||
132 | |||
133 | # get the SHA1 reference of the tag | ||
134 | $ git show-ref tags/v0.5.0 | ||
135 | f7762cf803f03f5caf4b8078359a63783d0090c1 refs/tags/v0.5.0 | ||
136 | |||
137 | # verify the tag signature information | ||
138 | $ git verify-tag f7762cf803f03f5caf4b8078359a63783d0090c1 | ||
139 | gpg: Signature made Thu 30 Jul 2015 11:46:34 CEST using RSA key ID 4100DF6F | ||
140 | gpg: Good signature from "VirtualTam <virtualtam@flibidi.net>" [ultimate][](.html) | ||
141 | ``` | ||