IT数码 购物 网址 头条 软件 日历 阅读 图书馆
TxT小说阅读器
↓语音阅读,小说下载,古典文学↓
图片批量下载器
↓批量下载图片,美女图库↓
图片自动播放器
↓图片自动播放器↓
一键清除垃圾
↓轻轻一点,清除系统垃圾↓
开发: C++知识库 Java知识库 JavaScript Python PHP知识库 人工智能 区块链 大数据 移动开发 嵌入式 开发工具 数据结构与算法 开发测试 游戏开发 网络协议 系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑 笔记本 显卡 显示器 固态硬盘 硬盘 耳机 手机 iphone vivo oppo 小米 华为 单反 装机 图拉丁
 
   -> 开发工具 -> 使用 GPG 为极狐GitLab git commit 签名 -> 正文阅读

[开发工具]使用 GPG 为极狐GitLab git commit 签名

目录

git commit 签名

GPG key 生成

使用 GPG 为极狐GitLab git commit 签名

在极狐GitLab 中添加 GPG public key

配置 Git

进行 Git 提交

查看签名信息


git commit 签名

git commit 签名是对 git 的 commit 信息进行一个验证,确保代码提交者是代码修改者本身,防止恶意提交,保护代码的安全。git 有自身的扩展,用来对 commit 进行签名,比如使用 gpg 即可完成 commit 签名。

GPG key 生成

执行 gpg --full-generate-key?即可生成一对 gpg key pair:

gpg --full-generate-key
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
  (14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Wed Jun 28 21:45:26 2023 CST
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: xiaomage
Email address: devops008@sina.com
Comment: gpg signature git commit
You selected this USER-ID:
    "xiaomage (gpg signature git commit) <devops008@sina.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key C9DE119E4E550644 marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/9D6DA2C807767AD9ECB335AEC9DE119E4E550644.rev'
public and secret key created and signed.

pub   rsa4096 2022-06-28 [SC] [expires: 2023-06-28]
      9D6DA2C807767AD9ECB335AEC9DE119E4E550644
uid                      xiaomage (gpg signature git commit) <devops008@sina.com>
sub   rsa4096 2022-06-28 [E] [expires: 2023-06-28]

在交互的过程中填写必要的信息,即可完成 gpg key pair 的生成,然后用 gpg -k/-K 查看:

$ gpg -k
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2023-06-28
/root/.gnupg/pubring.kbx
------------------------
pub   rsa4096 2022-06-28 [SC] [expires: 2023-06-28]
      9D6DA2C807767AD9ECB335AEC9DE119E4E550644
uid           [ultimate] xiaomage (gpg signature git commit) <devops008@sina.com>
sub   rsa4096 2022-06-28 [E] [expires: 2023-06-28]

$ gpg -K
/root/.gnupg/pubring.kbx
------------------------
sec   rsa4096 2022-06-28 [SC] [expires: 2023-06-28]
      9D6DA2C807767AD9ECB335AEC9DE119E4E550644
uid           [ultimate] xiaomage (gpg signature git commit) <devops008@sina.com>
ssb   rsa4096 2022-06-28 [E] [expires: 2023-06-28]

使用 GPG 为极狐GitLab git commit 签名

在极狐GitLab 中添加 GPG public key

使用 gpg 为极狐GitLab git commit 签名之前,需要将 gpg public key 导出。用如下命令即可导出 gpg public key:


$ gpg --armor --export 9D6DA2C807767AD9ECB335AEC9DE119E4E550644
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGK7BhcBEADmWE3Kp5KtevdVmj964EQT2pCB9rugw+kCqQcfnM0Ge5Jj63QG
FSaRvnt8ylq/DktnPPkx7zf/koL464SpiIJu3blWqf9OBOhIiRRRhzSo8znYT8z9
0ttkXZ6SLoMYtzaAgaBkk0IcZJMd8exdYBdqPQEZIiNl2RbQ58xwaOpCkircs4S2
YPm2crhtc7wG2POtkdAeO6YmoY69cQ21RAt2RJZujU4zd4kZsDEgnlXCirnQ+orm
Ek4a70+VUg54+LxUQxG8Ld0lyUuUDsKmvrgr9NFDdwngF4wyn445Su3Hlr0UwmSx
en98b76hbzUoXbjkdGOWw27qK2kqw34dNns04sGygJCH0MjxG4XMnO/cMo8Yhp86
Xcz1H7th0OzTJ3TMTc8APXktBWDaEffhu6n61IaZVNF+M22RDMcbq0Mqu1LnHYof
3v0WR5ME6CtgGWaFSuFNw31kHVS0LI3JYBIivQbvuOGHjxHrOIF/pRweoDcnAzaC
wFDGyJl5e01FhQSZOOdtP1ukmwOUcJvBQkH9H4fVOgV1Ys8TEJdOn3r8K806SD6K
xtKNEtaa4enIlk/Gp7VmvHBOIExZrd+e+sVkeOAvAWI9KavYlu+p5DuacJDHorNY
vycDjnw/olOuw2ttLfqQs52NZi+3cSc6BhhHJ5uFuGdgo5i6OcXa9LKdhQARAQAB
tDh4aWFvbWFnZSAoZ3BnIHNpZ25hdHVyZSBnaXQgY29tbWl0KSA8ZGV2b3BzMDA4
QHNpbmEuY29tPokCVAQTAQoAPhYhBJ1tosgHdnrZ7LM1rsneEZ5OVQZEBQJiuwYX
AhsDBQkB4TOABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEMneEZ5OVQZEEBAP
/3nPeF+sPKNRPRlfXDqkprIrvAybxRSxKT5a/sok6mGtELkI0lj/LXNqd9tY/4nV
3uRqUAEyq2jAg5YnXir5YcnF7ZTsKyq+J7y3FJ4+pvhvRX1syEXvrxj0GFklX9bS
fgnsziY5WrMrpZUx+uTTs2OOyF8cMfCU/aihuZgDwFpiik0Mot3pNxmWzojTzUlk
ttGvlDDwQCcRmYRBpj9B7i9G5AzKefu6QSZ9o1aBcdI6hIpFXcd+ED5TvVU+qlzc
bFXR0gE+GEA1N2zDP2qdeCTXwYvXrZVTUq/mCuK+WTMrrzVd6DoG5VUzfcSeXi4Z
muP2LLq+OGxRtBCoIYCqo+spAQNaAGyjVAN2YFl3H4zkswUG4Xeqr1wQ63m9VAJa
4qiGo63JZ41GLgknlimm+9Pe6Bp+qTA4lvRU2tXjV0HT9+JESB1hPYzDFoTHC6Qm
4KV3V3VjULr+oCDUnJV4oLPHpHhi5tVd1UwN769zTJRmDxRzZuUdsKmjI82iEXR5
8vD65ZPBJJulb0qynReK6NQXY+qDUQy6fGYcEljP+QIWzAmzzBrMqttHRbAV4KpT
sGAiD68iAuKzILVXvX8pcEz9Mf1fYmOMxDOBDyNSefmXf/g6d3gdifNLkRd6JHGW
GrIInbKN1f546N09IuZ/PU9C1dRpuaETEwXatGRMTSjfuQINBGK7BhcBEAC+Uowg
6aT+Vzd3kCFx27L6q3Xe0YFY8YPsq3lC1/QtV7nozbxye/gghAEVKK7vHtzYqNoz
eTjp4T8eQsXgr5f+eN3BjUqbcTBcVP2+/1lV9bZTIcuYkaK32Z8ld6w3mHwQvdwV
aw0qKK00O7ATEfCNdvKBQ6kZIUs0IQCmVBCbDPyI57m96huyHZ+s5zQ6L1PoE0j/
FoVpXz09QHwRlWzfGPaUyHtK4A+CSWq1usYCwhW1/Yjy5q8M0qd/InXvXRQvz+vH
XBI7oa4DoEAp2MsGYov3H9oqjQxqPBw6s347eocHJ2sdLII7TUqpoJ0ou/jhauPf
wyz3XzJZ8Kvvg8rYP7Bxjfo81k6JTE88F1UxHs02H+Ppuu2/0Ggv9vWJW1hcsh5L
Ccr3jnQGAkUWNl7I2/X8B3131/TICKdvEy4x1EXJgp/6KAJNo4lvUKjcMxzrf/SK
9ERiM0GADGPh6D09DBzNhnmKyAftLK+EySTdvtuFZYDr2XYip94+NSzZujkDmfDT
OmvrBeOYVJjvt1eU67U5FVfsT/MHQQp+AfmjDklfjCA/wgJU6uolNf9ARwl4FOTw
QfW+6E1qGX/ySLIn+1VhAiEKSqIblJr7OvevsY3QHpR+CTvCmRBYZoBciYINCrBO
dWu0BUH32XvuQ3xoTvHx0FTiAA9rmebiqop/UQARAQABiQI8BBgBCgAmFiEEnW2i
yAd2etnsszWuyd4Rnk5VBkQFAmK7BhcCGwwFCQHhM4AACgkQyd4Rnk5VBkQy8RAA
rjOckyOoh0KBcZ55UtliB850Lq31kVz07J2+bkWyCCS9WTOjyKwxUdm5tKEZBUpl
wvp+JurnysIKmRGjYl4tTAJLqtk8KLDo/pxZm36x/jCJ57S/d7+Mu3a85sieUZNq
ASI+vgTWscPLB0eJxke7DqwFb8qhiF3n8S7JGO0GDYd9tZj+X3EzSvXs6PPekt20
LPm8GO3EbLsuDdaHAePTIpPTlYKmwH3RZA40aWuQ8feWCHizL1lDUTra842sORBm
l88U6Cub+cpzHO6kCel1HC/zNA37x66rDUdeDB6LuzIpmO94ECSNydkgLn7vxsvv
pECtNsNTahoC6pBgGdtqzodwKDMCKHkG4UFp3mAfeEUntO8EXd87G3CB/ylS7g1A
ePaaMwTj0ZCkTaVSB6f8uqatShQlDsaSSETdEj2TRHJfj5qwos9ztww52qO0MVCh
5SllMZ2VjBYPjks9vSjufnc0glFFqUsZTVZa6RfJLBgcUUqjE5qemy9wkztXFOF+
mLb+Xi8Slj9f2h2yKPxsg8Nb5KcVlA+XG5+kLOaxxupXPibvf9IywBNaGrLnqHsN
W/t/yAcynuyheFPXQLUHeTmL2ODORkRrwjgP0fTYL4YPGoA15XLKHwk315ZxKPaK
hsVsC/wdkOeP2lYFqhC0VsisyUwxBVBGVH6+GQ6CPpg=
=zNIV
-----END PGP PUBLIC KEY BLOCK-----

然后添加到极狐GitLab 实例中。通过右上角账号 --> preference --> GPG keys,找到添加 gpg

public key 的地方:

?

将上述导出的 public key 添加到右侧方框中:

?点击 Add?key之后,可以看到,添加成功:

?

配置 Git

配置 Git 之前,需要先获取 signingkey:

$ gpg --list-secret-keys --keyid-format LONG devops008@sina.com
sec   rsa4096/C9DE119E4E550644 2022-06-28 [SC] [expires: 2023-06-28]
      9D6DA2C807767AD9ECB335AEC9DE119E4E550644
uid                 [ultimate] xiaomage (gpg signature git commit) <devops008@sina.com>
ssb   rsa4096/B3350C8C4DF966BF 2022-06-28 [E] [expires: 2023-06-28]

sec 后面的 ID 就是 signingkey,也即 signingkey 是 C9DE119E4E550644。接着用 git config 命令配置 signingkey 即可:

$ git config --global user.signingkey C9DE119E4E550644

进行 Git 提交

找一个 Demo repo 进行测试。以 Repo git@jihulab.com:keyboard-man/tekton-image.git 为例来验证。先 clone 代码到本地:

$ git clone git@jihulab.com:keyboard-man/tekton-image.git

对其中的 main.go 文件做一个修改(比如修改 port,从 9999 到 9909),然后提交代码:

$ git add . && git commit -S -m "jihu gpg git singture commit"
[main 094d378] jihu gpg git singture commit
 1 file changed, 1 insertion(+), 1 deletion(-)

$ git push
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 4 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 968 bytes | 968.00 KiB/s, done.
Total 3 (delta 2), reused 0 (delta 0)

接着就可以查看签名信息了。

查看签名信息

在对应的仓库 commit 信息中,查看上述的提交:

?

可以看到在 commit 信息的右侧有一个 Verified 的标志,上面显示的内容有 This commit was signed with a verified signature and the committer email is verified to belong to the same user. 。这也证明,用上述生成的 gpg key 对极狐GitLab 的 git commit 进行了签名。

  开发工具 最新文章
Postman接口测试之Mock快速入门
ASCII码空格替换查表_最全ASCII码对照表0-2
如何使用 ssh 建立 socks 代理
Typora配合PicGo阿里云图床配置
SoapUI、Jmeter、Postman三种接口测试工具的
github用相对路径显示图片_GitHub 中 readm
Windows编译g2o及其g2o viewer
解决jupyter notebook无法连接/ jupyter连接
Git恢复到之前版本
VScode常用快捷键
上一篇文章      下一篇文章      查看所有文章
加:2022-07-03 11:02:22  更:2022-07-03 11:03:18 
 
开发: C++知识库 Java知识库 JavaScript Python PHP知识库 人工智能 区块链 大数据 移动开发 嵌入式 开发工具 数据结构与算法 开发测试 游戏开发 网络协议 系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑 笔记本 显卡 显示器 固态硬盘 硬盘 耳机 手机 iphone vivo oppo 小米 华为 单反 装机 图拉丁

360图书馆 购物 三丰科技 阅读网 日历 万年历 2024年11日历 -2024/11/26 1:58:29-

图片自动播放器
↓图片自动播放器↓
TxT小说阅读器
↓语音阅读,小说下载,古典文学↓
一键清除垃圾
↓轻轻一点,清除系统垃圾↓
图片批量下载器
↓批量下载图片,美女图库↓
  网站联系: qq:121756557 email:121756557@qq.com  IT数码