How to Create GitHub Verified Commits on a MacBook M1

Background

One day, I impulsively turned on GitHub’s Vigilant mode.

test

As a result, all my commits started looking like this.

test

To figure out how to make them Verified, I found the following method.

Method

I actually referred to this link. However, it wasn’t quite enough, as there might be authentication-related issues on MacBooks that lead to commit errors. So, I found this solution.

In summary, to verify, you need to enter a password. The issue on a Mac is the prompt for entering the password, which needs to be replaced with pinentry-mac, which most people install via homebrew.

Moreover, this solution thoughtfully provides a way to verify:

echo "test" | gpg --clearsign

GPG Experience

  1. It doesn’t replace the ssh key. After successfully setting it up, I deleted my GitHub ssh key and discovered that I couldn’t log in. Actually, it only verifies the legitimacy of commits.
  2. On the local machine, in any repo, you only need to enter the password once, and that makes it a verified commit. It doesn’t affect daily use; it just adds a green check mark for verification.
  3. Using the https protocol + token seems more reliable than this method, but I’m not sure if it provides a verified mark.

Comments

comments powered by Disqus