aboutsummaryrefslogtreecommitdiffhomepage
path: root/doc/GnuPG-signature.md
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2016-04-14 14:20:23 +0200
committerArthurHoaro <arthur@hoa.ro>2016-04-14 15:18:25 +0200
commit5409ade28c5f0acf99dbadd4d95e6f8efda5d395 (patch)
tree4c8b55010ad02d91b524b0cb8cc02ddf318fcaa2 /doc/GnuPG-signature.md
parent9f400b0dad68b82d65692bd6ab6190f6a787fa89 (diff)
downloadShaarli-5409ade28c5f0acf99dbadd4d95e6f8efda5d395.tar.gz
Shaarli-5409ade28c5f0acf99dbadd4d95e6f8efda5d395.tar.zst
Shaarli-5409ade28c5f0acf99dbadd4d95e6f8efda5d395.zip
Update docs from Wiki
Diffstat (limited to 'doc/GnuPG-signature.md')
-rw-r--r--doc/GnuPG-signature.md70
1 files changed, 3 insertions, 67 deletions
diff --git a/doc/GnuPG-signature.md b/doc/GnuPG-signature.md
index e8dbdb11..b0028d55 100644
--- a/doc/GnuPG-signature.md
+++ b/doc/GnuPG-signature.md
@@ -20,7 +20,8 @@ Trust can be gained by having your key signed by other people (and signing their
20- [Web of trust](https://en.wikipedia.org/wiki/Web_of_trust)[](.html) 20- [Web of trust](https://en.wikipedia.org/wiki/Web_of_trust)[](.html)
21 21
22## Generate a GPG key 22## Generate a GPG key
23See [Generating a GPG key for Git tagging](http://stackoverflow.com/a/16725717).[](.html) 23- [Generating a GPG key for Git tagging](http://stackoverflow.com/a/16725717) (StackOverflow)[](.html)
24- [Generating a GPG key](https://help.github.com/articles/generating-a-gpg-key/) (GitHub)[](.html)
24 25
25### gpg - provide identity information 26### gpg - provide identity information
26```bash 27```bash
@@ -72,70 +73,5 @@ gpg: sending key A9D53A3E to hkp server pgp.mit.edu
72``` 73```
73 74
74## Create and push a GPG-signed tag 75## Create and push a GPG-signed tag
75See [Git - Maintaining a project - Tagging your [](.html)
76releases](http://git-scm.com/book/en/v2/Distributed-Git-Maintaining-a-Project#Tagging-Your-Releases).
77
78### Prerequisites
79This guide assumes that you have:
80- a GPG key matching your GitHub authentication credentials
81 - i.e., the email address identified by the GPG key is the same as the one in your `~/.gitconfig`
82- a GitHub fork of Shaarli
83- a local clone of your Shaarli fork, with the following remotes:
84 - `origin` pointing to your GitHub fork
85 - `upstream` pointing to the main Shaarli repository
86- maintainer permissions on the main Shaarli repository (to push the signed tag)
87
88### Bump Shaarli's version
89```bash
90$ cd /path/to/shaarli
91
92# create a new branch
93$ git fetch upstream
94$ git checkout upstream/master -b v0.5.0
95
96# bump the version number
97$ vim index.php shaarli_version.php
98
99# commit the changes
100$ git add index.php shaarli_version.php
101$ git commit -s -m "Bump version to v0.5.0"
102
103# push the commit on your GitHub fork
104$ git push origin v0.5.0
105```
106
107### Create and merge a Pull Request
108This one is pretty straightforward ;-)
109
110### Create and push a signed tag
111```bash
112# update your local copy
113$ git checkout master
114$ git fetch upstream
115$ git pull upstream master
116 76
117# create a signed tag 77See [Release Shaarli](Release-Shaarli.html).
118$ git tag -s -m "Release v0.5.0" v0.5.0
119
120# push it to "upstream"
121$ git push --tags upstream
122```
123
124### Verify a signed tag
125[`v0.5.0`](https://github.com/shaarli/Shaarli/releases/tag/v0.5.0) is the first GPG-signed tag pushed on the Community Shaarli.[](.html)
126
127Let's have a look at its signature!
128
129```bash
130$ cd /path/to/shaarli
131$ git fetch upstream
132
133# get the SHA1 reference of the tag
134$ git show-ref tags/v0.5.0
135f7762cf803f03f5caf4b8078359a63783d0090c1 refs/tags/v0.5.0
136
137# verify the tag signature information
138$ git verify-tag f7762cf803f03f5caf4b8078359a63783d0090c1
139gpg: Signature made Thu 30 Jul 2015 11:46:34 CEST using RSA key ID 4100DF6F
140gpg: Good signature from "VirtualTam <virtualtam@flibidi.net>" [ultimate][](.html)
141```