This post is a guide to sign Git commits.

macOS

1. Install gnupg and pinentry-mac.

   1	brew install gnupg pinentry-mac

2. Generate a GPG key. You can also refer to the GitHub Docuemnt.

   1	gpg --full-generate-key

   1. At the prompt, specify the kind of key you want (e.g. RSA (sign only)).
   2. At the prompt, specify the key size (>= 4096) you want (e.g. 4096).

3. Get the GPG key ID from the output of the following command.

   1	gpg --list-secret-keys --keyid-format=long

4. Export the GPG key.

   1	gpg --armor --export <some GPG key ID>

5. Add the GPG key to GitHub. You can refer to the GitHub Docuemnt.

6. Set gpg-agent up.

   1 2	echo "pinentry-program $(which pinentry-mac)" >> ~/.gnupg/gpg-agent.conf killall gpg-agent

7. Add Git configurations.

   1 2	git config --global gpg.program gpg git config --global commit.gpgsign true

8. Check whether a commit was signed.

   1	git log --show-signature -1

Ubuntu Server (22.04)

1. Install gnupg.

   1	sudo apt install gpg

2. Follow the above steps (described for macOS) from 2 to 5.

3. Set the environment variable.

   1	export GPG_TTY="$(tty)"

4. Add Git configurations.

   1 2	git config --global gpg.program gpg git config --global commit.gpgsign true

5. Check whether a commit was signed.

   1	git log --show-signature -1