You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@ItalyPaleAle - First off, thanks so much for your thorough and very helpful blog post! After all the shenanigans here and there involving unsigned commits, your post is a welcome breath of fresh air ;)
I had some minor feedback, and saw you host your blog on GH, so am opening an issue. However, I see there's no issues (closed or open), so feel free to just say, "Thanks!" and close this ticket if it's inappropriate.
emails matching usernames
One problem I had in getting GH to mark my commits as "verfied" was to ensure my email and my GH username match in the uids. That is, I have many email addresses associated with my GH account. When adding them via gpg --edit-key and then adduid, I was skipping/miss-matching the Real name::
gpg> adduid
Real name:
Email address: some-email@example.com
Comment:
You selected this USER-ID:
"some-email@example.com"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
In order to go from "unverified" to "verified", I had to:
first see which emails I'd defined in the current repo: egrep 'email|name' .git/config
take the result of name and email and ensure the exact pair was shown in gpg --list-secret-keys --keyid-format SHORT
when uploading you keys, enusre GH shows you the expected validited email addresses it accepted on the keys page.
My issue is that I hadn't bothered to enter in my Real name when editing the key. These email addresses show in the gpg --list-secret-keys command, but do not show up in GH keys page (nor on their API).
I suspect the happy path of "one username, one email, one GH account" will be fine. However, devs who sign commits are likely to have wonky, bespoke set ups, as you likely know ;)
agents
On both Ubuntu 18.04 and 20.04 I skipped the use-agent and gpgconf --launch gpg-agent parts of your post because it Just Worked such that the existing agent was already running (seahorse I believe). On first trying to use the private key, I was prompted once for the password by the OS with a "remember password in keychain" option.
Indeed, running use-agent gives me command not found. Though...doing a bit of research, I see that this command is totally a thing, and is even in my ~/.gnupg/gpg.conf, so it's clearly used somewhere!
The text was updated successfully, but these errors were encountered:
@ItalyPaleAle - First off, thanks so much for your thorough and very helpful blog post! After all the shenanigans here and there involving unsigned commits, your post is a welcome breath of fresh air ;)
I had some minor feedback, and saw you host your blog on GH, so am opening an issue. However, I see there's no issues (closed or open), so feel free to just say, "Thanks!" and close this ticket if it's inappropriate.
emails matching usernames
One problem I had in getting GH to mark my commits as "verfied" was to ensure my email and my GH username match in the uids. That is, I have many email addresses associated with my GH account. When adding them via
gpg --edit-keyand thenadduid, I was skipping/miss-matching theReal name::In order to go from "unverified" to "verified", I had to:
egrep 'email|name' .git/confignameandemailand ensure the exact pair was shown ingpg --list-secret-keys --keyid-format SHORTMy issue is that I hadn't bothered to enter in my
Real namewhen editing the key. These email addresses show in thegpg --list-secret-keyscommand, but do not show up in GH keys page (nor on their API).I suspect the happy path of "one username, one email, one GH account" will be fine. However, devs who sign commits are likely to have wonky, bespoke set ups, as you likely know ;)
agents
On both Ubuntu 18.04 and 20.04 I skipped the
use-agentandgpgconf --launch gpg-agentparts of your post because it Just Worked such that the existing agent was already running (seahorse I believe). On first trying to use the private key, I was prompted once for the password by the OS with a "remember password in keychain" option.Indeed, running
use-agentgives mecommand not found. Though...doing a bit of research, I see that this command is totally a thing, and is even in my~/.gnupg/gpg.conf, so it's clearly used somewhere!The text was updated successfully, but these errors were encountered: