Dotfiles

🇮🇹 Italiano

🇬🇧 English
🇸🇦 العربية
🇩🇪 Deutsch
🇪🇸 Español
🇫🇷 Français
🇮🇱 עברית
🇮🇳 हिंदी
🇮🇩 Bahasa Indonesia
🇯🇵 日本語
🇰🇷 한국어
🇳🇱 Nederlands
🇧🇷 Português
🇵🇱 Polski
🇷🇴 Română
🇷🇺 Русский
🇹🇭 ไทย
🇹🇷 Türkçe
🇺🇦 Українська
🇻🇳 Tiếng Việt
🇨🇳 简体中文
🇹🇼 繁體中文

🇮🇹 Italiano

🇬🇧 English
🇸🇦 العربية
🇩🇪 Deutsch
🇪🇸 Español
🇫🇷 Français
🇮🇱 עברית
🇮🇳 हिंदी
🇮🇩 Bahasa Indonesia
🇯🇵 日本語
🇰🇷 한국어
🇳🇱 Nederlands
🇧🇷 Português
🇵🇱 Polski
🇷🇴 Română
🇷🇺 Русский
🇹🇭 ไทย
🇹🇷 Türkçe
🇺🇦 Українська
🇻🇳 Tiếng Việt
🇨🇳 简体中文
🇹🇼 繁體中文

Appearance

Guida alla firma dei commit con SSH

I commit non firmati possono essere creati da chiunque. La firma dimostra:

Perché firmare i commit?

  • Identità — il commit è stato fatto dal detentore della chiave.
  • Integrità — il commit non è stato alterato dalla firma.
  • Fiducia — le piattaforme mostrano un badge "Verificato".

Prerequisiti

  • Git 2.34+ (git --version)
  • SSH (Ed25519)
  • GitHub / GitLab

Passaggio 1: Generare una chiave di firma

bash
# Generate an Ed25519 key for signing
ssh-keygen -t ed25519 -C "your@email.com" -f ~/.ssh/id_signing

# Verify the key was created
ls -la ~/.ssh/id_signing*

Passaggio 2: Configurare Git

bash
# Set the signing format to SSH
git config --global gpg.format ssh

# Point to your signing key
git config --global user.signingkey ~/.ssh/id_signing.pub

# Enable automatic commit signing
git config --global commit.gpgsign true

# Enable automatic tag signing
git config --global tag.gpgsign true
ini
[gpg]
    format = ssh
[user]
    signingkey = ~/.ssh/id_signing.pub
[commit]
    gpgsign = true
[tag]
    gpgsign = true

Passaggio 3: Configurare i firmatari autorizzati

bash
# Create the allowed signers file
mkdir -p ~/.config/git
echo "your@email.com $(cat ~/.ssh/id_signing.pub)" > ~/.config/git/allowed_signers

# Tell Git where to find it
git config --global gpg.ssh.allowedSignersFile ~/.config/git/allowed_signers

Passaggio 4: Firmare e verificare

bash
# Commits are now signed automatically
git commit -m "feat: add new feature"

# Or sign a single commit explicitly
git commit -S -m "feat: signed commit"

# Sign a tag
git tag -s v1.0.0 -m "Release v1.0.0"

# Verify the last commit
git log --show-signature -1

# Verify a tag
git tag -v v1.0.0

Passaggio 5: Registrare su GitHub / GitLab

GitHub

  1. Settings → SSH and GPG keys → New SSH key
  2. Key type: Signing Key
  3. ~/.ssh/id_signing.pub

GitLab

  1. Preferences → SSH Keys
  2. Usage type: Signing
  3. ~/.ssh/id_signing.pub

Integrazione Chezmoi

bash
# Add your Git config
chezmoi add ~/.gitconfig

# Add your allowed signers file
chezmoi add ~/.config/git/allowed_signers

# Add your signing key (encrypt it!)
chezmoi add --encrypt ~/.ssh/id_signing
ini
[gpg]
    format = ssh
[user]
    signingkey = {{ .chezmoi.homeDir }}/.ssh/id_signing.pub
[gpg "ssh"]
    allowedSignersFile = {{ .chezmoi.homeDir }}/.config/git/allowed_signers
[commit]
    gpgsign = true
[tag]
    gpgsign = true

Risoluzione dei problemi

ProblemSolution
error: unsupported value: sshGit 2.34+
error: Load key: No such fileuser.signingkey
No principal matchedallowed_signers
SSH agent promptssh-add ~/.ssh/id_signing

Note sulla piattaforma

FeaturemacOSLinuxWSL
Git 2.34+
ssh-agent✅ Keychain✅ systemd
1Password SSH agent⚠️
Chezmoi

Correlati