aboutsummaryrefslogtreecommitdiffstats
GIT-SIGN-FOR-CGIT(1) General Commands Manual GIT-SIGN-FOR-CGIT(1)

git-sign-for-cgit
store a signature of an object for release with cgit

git sign-for-cgit [-f format] object

git-sign-for-cgit creates a signed checksum list for an archive of the named object. The list is stored in refs/notes/signatures/<format> using git-notes(1), and is suitable for distribution via cgit.

To publish the signature, push refs/notes/signatures/<format> to the remote cgit repository. cgit will then automatically pick the right signature for the respective archive format. See NOTES for an in-depth discussion of how this works.

Signatures are created with signify(1) using the secret key defined in SIGNIFY_SECKEY. If unset, the key at ~/.signify/release.sec is used instead.

For supported archive formats, see git-archive(1). A default archive format can be set via git-config(1), using the package.format option. Note that the chosen archive format must also be supported by cgit.

The options are as follows:

format
The format of the underlying archive. Defaults to package.format, or tar.gz if unset.

The secret key to use for signing.

~/.signify/release.sec
The secret key to use if SIGNIFY_SECKEY is unset or empty.

  1. Hosting signify signatures on cgit

    https://oriole.systems/posts/signify-cgit

git(1), git-archive(1), git-config(1), git-notes(1), signify(1), cgitrc(5)

git-sign-for-cgit was written by Wolfgang Müller .
July 17, 2021
powered by cgit and git | oriole.systems | how to verify signatures