From PeerFreedom Wiki
Jump to navigation Jump to search

Git source control

Configure usage

per Identity

For your identity (e.g. once, or more if you have separate work identity and private one for example).

  • Create GPG key
  • Create SSH key

per Server

For new git server (new user in a git server) :

  • Upload your PUBLIC ssh key into the git server (e.g. to gitlab-based server in settings - my SSH keys, or if you sadly use that, or configure ssh / sshd / authorized_keys on your ssh server in case of bare git-over-ssh).

I recommend to NOT use git over https (besides just downloading code in read-only manner, adding git-remote and so on).

  • Upload your public GPG key to git interface, e.g. to gitlab web interface (settings - my GPG/PGP keys).

To see the full GPG public key, the command is like gpg --export --armor 83A093E922F5F7B74DFD7559A7C0F8D6F7983D22 or gpg --export --armor

per Repository

  • Clone it

Get address of repository, e.g. in Gitlab (or Github) button "clone" on top, there choose SSH. In console, choose a working directory like ~/work/project-x/ and there do:

git clone URL_HERE


git clone (that should be the SSH URL, not the HTTPS URL).

  • Configure your identity in this repository - for example if you want name "bitwolf" with email "", and if you use PGP with key fingerprint "83A093E922F5F7B74DFD7559A7C0F8D6F7983D22" (check your GPG keys with command gpg -K to see list of your keys, in each the first main ID is the fingerprint you want)
git config "bitwolf"
git config ""
git config  user.signingkey "83A093E922F5F7B74DFD7559A7C0F8D6F7983D22"

Daily use

Get data

To download all updates that server has, from all repositories you've connected (see them via git remote)

git fetch --all

To update your working branch to the updates done on server do one of following:

git merge --ff-only origin/master  # for project where main repo you have named as "origin", and we just work on "master" branch
git merge --ff-only origin/dev # for project where main repo you have named as "origin", but most work is accepted into "dev" branch (and e.g. master is for more stable releases)
git merge --ff-only upstream/master  # as above, but when the "main repository" is called "upstream", because "origin" is your local (forked) copy
git merge --ff-only upstream/dev  # combination of above

If git merge FF only is not possible (fails) then full merge, but sign it:

git merge --ff-only ...  # easy merge: when you expect there is no interesting "other work" - for simple repositories
git merge -S ... # regular merge, for changes that are not so trivial (not fast-forward changes). "-S" means to GPG sign this merge (as you will create a merge commit here). It can prompt to name the merge commit, use the suggested defaults.

Commit changes

Before commit, check what changes you've made.

Any new files?

git status

git add new files, or add to .gitignore .

What exactly was changed in content of files?

git diff
git diff --cached # for things you already staged e.g. with git add

If you've created new files:

git add newfile
git add newdir/*
  • Commit data with PGP/GPG signature: git commit -S e.g. git commit -S -a -m "some changes"

and then send it to server e.g. using git push origin somebranchname.

  • When you download commits of others, you can verify them git log --show-signature to see commits done by others (make sure it says each commit is signed, and signed by a TRUSTED key!).


Encryption with Git/git-crypt

Encryption with encfs inside git (mount).