2

I am trying to setup my private git SSH server to accept GPG-signed push requests.

I have tried to follow Konstantin's instructions: https://people.kernel.org/monsieuricon/signed-git-pushes

On my server machine I configured the config file of the git repository on my server as Konstantin recommended:

[core]
        repositoryformatversion = 0
        filemode = true
        bare = true

[receive]
        advertisePushOptions = true
        certNonceSeed = "<nonce seed here>"

[push]
        gpgSign = true

On my server and client machine I configured the following:

git config push.gpgSign

git config receive.certNonceSeed "<nonce seed here>"

I do the following commands on my client machine:

  1. git add -A

  2. git commit -S -m "Message here"

  3. git push origin main --signed --repo=ssh://url_of_server:/path/to/repo

But git prints the following error message:

fatal: the receiving end does not support --signed push

When I type git-receive-pack ../RaiderHacks/ on my server git prints the following:

git-receive-pack

I looked over documentation for git push using man git-push and man git-receive-pack and I am still confused.

I am simply trying to ensure I can GPG-sign my git push requests with the GPG private key I set using the user.signingkey config option

T. Salim
  • 121
  • 2
  • 4
  • 2
    If it's your private server, then you don't really get any benefit out of enabling signed git pushes. It's a service that is best suited for shared hosting environments. Overall, these settings should enable signed pushes for you -- if it's not working, I suggest you check that the git version on your server is new enough to support them. – mricon Dec 17 '20 at 15:15
  • Thank you for the response mricon. I just decided to clone a fresh repository. This time, the branch I was at was the default master branch. So once I set the git config push.gpgSign to true and the git config receive.certNonceSeed to the actual seed value, the git push reported no errors. I am actually doing this for educational purposes since GPG signing git pushes is a new feature. I just have one question, how do you best verify GPG signed git pushes? – T. Salim Dec 17 '20 at 15:26

0 Answers0