~bzr-pqm/bzr/bzr.dev : contents of doc/en/user-guide/gpg

~bzr-pqm/bzr/bzr.dev : (revision 6437.68.1)

GnuPG Signatures
=============================

Reasons to Sign Your Repository
--------------------------------

Bazaar can sign revisions using GnuPG, a Free Software implementation of the
OpenPGP digital signature format.  By signing commits a person wanting to
make use of a branch can be confident where the code came from, assuming the
GnuPG keys used can be verified.  This could for example prevent worry about
compromised code in the case where a server hosting Bazaar branches has been
hacked into.  It could also be used to verify that all code is written by a
select group of people, such as if contributor agreements are needed.

Signatures are passed around with commits during branch, push, merge and other
operations.

Setting up GnuPG
----------------

There are many guides to creating a digital signature key with GnuPG.  See
for example the `GnuPG Handbook
<http://www.gnupg.org/gph/en/manual.html#AEN26>`_ or the `Launchpad Wiki
<https://help.launchpad.net/YourAccount/ImportingYourPGPKey>`_.


Signing Commits
---------------

To sign commits as they are made turn on the ``create_signatures``
configuration option in your ``bazaar.conf`` or ``locations.conf`` file::

  create_signatures = always

When you next make a commit it will ask for the pass phrase for your GnuPG key. 
If you want GnuPG to remember your password ensure you have ``gnupg-agent``
installed.

To sign previous commits to a branch use ``sign-my-commits``.  This will go
through all revisions in the branch and sign any which match your
commit name.  You can also pass the name of a contributor to ``sign-my-commits``
to sign someone else's commits or if your GnuPG key does not match your Bazaar
name and e-mail::

  bzr sign-my-commits . "Amy Pond <amy@example.com>"

It will not sign commits which already have a signature.

To sign a single commit or a range of commits use the (hidden) command
``re-sign``::

  bzr re-sign -r 24

``re-sign`` is also useful to change an existing signature.

By default Bazaar will tell GnuPG to use a key with the same user
identity as the one set with ``whoami``.  To override this set
``gpg_signing_key`` in bazaar.conf or locations.conf.

  ``gpg_signing_key=DD4D5088``

  ``gpg_signing_key=amy@example.com``

Verifying Commits
-----------------

Signatures can be verified with the ``bzr verify-signatures`` command.  By
default this will check all commits in the branch and notify that all commits
are signed by known trusted signatures.  If not all commits have trusted
signatures it will give a summary of the number of commits which are invalid,
having missing keys or are not signed.

The ``verify-signatures`` command can be given a comma separated list of key
patters to specify a list of acceptable keys.  It can also take a range of
commits to verify in the current branch.  Finally using the verbose option will
list each key that is valid or authors for commits which failed::

  $bzr verify-signatures -kamy -v -r 1..5
  1 commit with valid signature
    Amy Pond <amy@example.com> signed 4 commits
  0 commits with unknown keys
  1 commit not valid
    1 commit by author The Doctor <doctor@example.com>
  0 commits not signed

Work in Progress
----------------

There is still a number of digital signature related features which
are hoped to be added to Bazaar soon.  These include bzr explorer
integration and setting branches to require signatures.

5967.3.4 by Jonathan Riddell Add user-guide page on GPG signatures.	1	GnuPG Signatures
	2	=============================
	3
	4	Reasons to Sign Your Repository
	5	--------------------------------
	6
	7	Bazaar can sign revisions using GnuPG, a Free Software implementation of the
	8	OpenPGP digital signature format. By signing commits a person wanting to
	9	make use of a branch can be confident where the code came from, assuming the
	10	GnuPG keys used can be verified. This could for example prevent worry about
	11	compromised code in the case where a server hosting Bazaar branches has been
	12	hacked into. It could also be used to verify that all code is written by a
	13	select group of people, such as if contributor agreements are needed.
	14
	15	Signatures are passed around with commits during branch, push, merge and other
	16	operations.
	17
	18	Setting up GnuPG
6059.4.7 by Vincent Ladeuil Fix doc some more.	19	----------------
5967.3.4 by Jonathan Riddell Add user-guide page on GPG signatures.	20
	21	There are many guides to creating a digital signature key with GnuPG. See
	22	for example the `GnuPG Handbook
	23	<http://www.gnupg.org/gph/en/manual.html#AEN26>`_ or the `Launchpad Wiki
	24	<https://help.launchpad.net/YourAccount/ImportingYourPGPKey>`_.
	25
	26
	27	Signing Commits
	28	---------------
	29
	30	To sign commits as they are made turn on the ``create_signatures``
	31	configuration option in your ``bazaar.conf`` or ``locations.conf`` file::
	32
	33	create_signatures = always
	34
	35	When you next make a commit it will ask for the pass phrase for your GnuPG key.
	36	If you want GnuPG to remember your password ensure you have ``gnupg-agent``
	37	installed.
	38
	39	To sign previous commits to a branch use ``sign-my-commits``. This will go
	40	through all revisions in the branch and sign any which match your
	41	commit name. You can also pass the name of a contributor to ``sign-my-commits``
	42	to sign someone else's commits or if your GnuPG key does not match your Bazaar
	43	name and e-mail::
	44
5967.3.6 by Jonathan Riddell use example.com for e-mails, make bzrlib/config.py pep8 happy	45	bzr sign-my-commits . "Amy Pond <amy@example.com>"
5967.3.4 by Jonathan Riddell Add user-guide page on GPG signatures.	46
	47	It will not sign commits which already have a signature.
	48
	49	To sign a single commit or a range of commits use the (hidden) command
	50	``re-sign``::
	51
	52	bzr re-sign -r 24
	53
	54	``re-sign`` is also useful to change an existing signature.
	55
6012.2.8 by Jonathan Riddell clearer text	56	By default Bazaar will tell GnuPG to use a key with the same user
6012.2.8 by Jonathan Riddell clearer text	57	identity as the one set with ``whoami``. To override this set
6012.2.11 by Jonathan Riddell rename config option signing_key to gpg_signing_key	58	``gpg_signing_key`` in bazaar.conf or locations.conf.
	59
	60	``gpg_signing_key=DD4D5088``
	61
	62	``gpg_signing_key=amy@example.com``
6012.2.5 by Jonathan Riddell add signing_key to docs	63
5967.3.4 by Jonathan Riddell Add user-guide page on GPG signatures.	64	Verifying Commits
	65	-----------------
	66
5971.1.65 by Jonathan Riddell update docs for new command name verify-signatures	67	Signatures can be verified with the ``bzr verify-signatures`` command. By
	68	default this will check all commits in the branch and notify that all commits
	69	are signed by known trusted signatures. If not all commits have trusted
	70	signatures it will give a summary of the number of commits which are invalid,
	71	having missing keys or are not signed.
	72
	73	The ``verify-signatures`` command can be given a comma separated list of key
	74	patters to specify a list of acceptable keys. It can also take a range of
	75	commits to verify in the current branch. Finally using the verbose option will
	76	list each key that is valid or authors for commits which failed::
	77
	78	$bzr verify-signatures -kamy -v -r 1..5
5971.1.38 by Jonathan Riddell update documentation	79	1 commit with valid signature
	80	Amy Pond <amy@example.com> signed 4 commits
	81	0 commits with unknown keys
	82	1 commit not valid
	83	1 commit by author The Doctor <doctor@example.com>
	84	0 commits not signed
5967.3.4 by Jonathan Riddell Add user-guide page on GPG signatures.	85
	86	Work in Progress
	87	----------------
	88
6012.2.6 by Jonathan Riddell update GPG Work in Progress	89	There is still a number of digital signature related features which
6012.2.6 by Jonathan Riddell update GPG Work in Progress	90	are hoped to be added to Bazaar soon. These include bzr explorer
5971.1.38 by Jonathan Riddell update documentation	91	integration and setting branches to require signatures.