Git source control
For your identity (e.g. once, or more if you have separate work identity and private one for example).
- Create GPG key
- Create SSH key
For new git server (new user in a git server) :
- Upload your PUBLIC ssh key into the git server (e.g. to gitlab-based server in settings - my SSH keys, or github.com if you sadly use that, or configure ssh / sshd / authorized_keys on your ssh server in case of bare git-over-ssh).
I recommend to NOT use git over https (besides just downloading code in read-only manner, adding git-remote and so on).
- Upload your public GPG key to git interface, e.g. to gitlab web interface (settings - my GPG/PGP keys).
To see the full GPG public key, the command is like
gpg --export --armor 83A093E922F5F7B74DFD7559A7C0F8D6F7983D22
gpg --export --armor bitwolfEXAMPLE@peerfreedom.org
- Clone it
Get address of repository, e.g. in Gitlab (or Github) button "clone" on top, there choose SSH. In console, choose a working directory like ~/work/project-x/ and there do:
git clone URL_HERE
git clone email@example.com:ncbrvote-bc/organize.git
(that should be the SSH URL, not the HTTPS URL).
- Configure your identity in this repository - for example if you want name "bitwolf" with email "bitwolfEXAMPLE@peerfreedom.org", and if you use PGP with key fingerprint "83A093E922F5F7B74DFD7559A7C0F8D6F7983D22" (check your GPG keys with command
gpg -Kto see list of your keys, in each the first main ID is the fingerprint you want)
git config user.name "bitwolf" git config user.email "bitwolfEXAMPLE@peerfreedom.org" git config user.signingkey "83A093E922F5F7B74DFD7559A7C0F8D6F7983D22"
To download all updates that server has, from all repositories you've connected (see them via
git fetch --all
To update your working branch to the updates done on server do one of following:
git merge --ff-only origin/master # for project where main repo you have named as "origin", and we just work on "master" branch git merge --ff-only origin/dev # for project where main repo you have named as "origin", but most work is accepted into "dev" branch (and e.g. master is for more stable releases) git merge --ff-only upstream/master # as above, but when the "main repository" is called "upstream", because "origin" is your local (forked) copy git merge --ff-only upstream/dev # combination of above
If git merge FF only is not possible (fails) then full merge, but sign it:
git merge --ff-only ... # easy merge: when you expect there is no interesting "other work" - for simple repositories git merge -S ... # regular merge, for changes that are not so trivial (not fast-forward changes). "-S" means to GPG sign this merge (as you will create a merge commit here). It can prompt to name the merge commit, use the suggested defaults.
Before commit, check what changes you've made.
Any new files?
git add new files, or add to .gitignore .
What exactly was changed in content of files?
git diff git diff --cached # for things you already staged e.g. with git add
If you've created new files:
git add newfile git add newdir/*
- Commit data with PGP/GPG signature:
git commit -Se.g.
git commit -S -a -m "some changes"
and then send it to server e.g. using
git push origin somebranchname.
- When you download commits of others, you can verify them
git log --show-signatureto see commits done by others (make sure it says each commit is signed, and signed by a TRUSTED key!).
Encryption with Git/git-crypt
Encryption with encfs inside git (mount).