Skip to content

Add instructions how to sign a commit to contribution guidelines #1377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
yubiuser wants to merge 2 commits into
base: master
Choose a base branch
from
+62 −0
Open

Add instructions how to sign a commit to contribution guidelines #1377

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
084ccf0
Add notice about test requirement
yubiuser May 3, 2026
b05cd6c
Add instructions how to sign a commit.
yubiuser May 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/guides/github/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ When requesting or submitting new features, first consider whether it might be u
- Check the codebase to ensure that your feature doesn't already exist.
- Check the pull requests to ensure that another person hasn't already submitted the feature or fix.
- Read and understand the [DCO guidelines](./dco.md) for the project.
- Our repos require users to (cryptographically) sign their commits (which is different to sign-off!). Our recommendation is to use `ssh` keys. Basics steps are [outlined here](./sign.md).
- Before a pull requets can be accepted, the repo-specific tests need to pass. Please test them locally first.

### Technical Requirements

Expand Down
59 changes: 59 additions & 0 deletions docs/guides/github/sign.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# Signing Git Commits with SSH Keys

## Why Sign Commits?

Signing commits provides:

- **Authentication**: Proves the commit actually came from you
- **Integrity**: Ensures the commit content hasn't been tampered with
- **Trust**: GitHub displays a "Verified" badge for signed commits
- **Security**: Protects against commit spoofing attacks

## Prerequisites

- An SSH key pair (if you don't have one, generate with `ssh-keygen -t ed25519 -C "your_email@example.com"`)
- SSH key added to your GitHub account

## Setup Instructions

### 1. Configure Git to Use SSH Signing

```bash
# Set SSH as the signing format
git config --global gpg.format ssh

# Specify your SSH public key for signing
git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB

# Optional: Enable automatic signing for all commits
git config --global commit.gpgsign true
```

### 2. Add SSH Key to GitHub

1. Copy your SSH public key: `/PATH/TO/.SSH/KEY.PUB`
2. Go to GitHub → Settings → SSH and GPG keys
3. Click "New SSH key"
4. Set Key type to "Signing Key"
5. Paste your public key and save

### 3. Sign Commits

```bash
# Sign a single commit
git commit -S -m "Your commit message"

# If auto-signing is enabled, just commit normally
git commit -m "Your commit message"
```

## Verification

- On GitHub: Look for the "Verified" badge next to your commits
- Locally: `git log --show-signature` displays signature information


## Notes

- SSH signing requires Git 2.34+ and GitHub support
- Your SSH key must be added as a "Signing Key" type in GitHub, not just an authentication key
1 change: 1 addition & 0 deletions mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,7 @@ nav:
- 'Developer Certificate of Origin (DCO)': guides/github/dco.md
- 'How to sign-off commits': guides/github/how-to-signoff.md
- 'How to fork and rebase': guides/github/how-to-fork-rebase.md
- 'How to sign commits': guides/github/sign.md
- 'Guides':
- 'DNS':
- 'unbound': guides/dns/unbound.md
Expand Down
Loading