使用 GPG 签名 commit 最大的好处就是有一个好看的 Verified 标签

image-20240304111601408 PM

当然主要是为了安全啦!

主要流程就是在本地生成一个,然后修改 git 的配置文件(可以借助 IDE),最后把这个密钥上传到 GitHub

https://www.jetbrains.com/help/go/2023.3/set-up-GPG-commit-signing.html

https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key

官方文档讲的其实很好了,当时我做下来发现有些问题

1
2
3
4
5
6
7
8
error: gpg failed to sign the data:
[GNUPG:] KEY_CONSIDERED FAD374693582B8AEE393EF000F3C2EC536BDA929 2
[GNUPG:] BEGIN_SIGNING H10
[GNUPG:] PINENTRY_LAUNCHED 91953 curses 1.2.1 not a tty xterm-256color :0.0 ? 501/20 0
gpg: signing failed: No such file or directory
[GNUPG:] FAILURE sign 83918929
gpg: signing failed: No such file or directory
fatal: failed to write commit object

最后参考下面这篇帖子搞定了

https://stackoverflow.com/questions/41502146/git-gpg-onto-mac-osx-error-gpg-failed-to-sign-the-data

具体来说就是要安装 pinentry-mac

1
brew install pinentry-mac

然后在 ~/.gnupg/gpg-agent.conf 中写入

1
pinentry-program /opt/homebrew/bin/pinentry-mac