Hugging Face's logo

Spaces:
isayahc
/
tutorial-space
Runtime error

App Files Community
tutorial-space / GPG.md
isayahc's picture
isayahc
added instructions for configuring GPG to accounts
e359d57 verified
preview code
|
raw
history blame contribute delete
2.3 kB

A newer version of the Gradio SDK is available: 5.6.0

Upgrade

Setting up a GPG (GNU Privacy Guard) key for signing your commits is a good way to secure your work and prove that the commits are indeed from you. Here's a step-by-step guide to setting up a GPG key on a Unix-like system:

Step 1: Install GPG

If you don't already have GPG installed, you can install it using your package manager. For example, on Debian-based systems, use:

sudo apt-get install gnupg

Step 2: Generate a GPG Key Pair 

gpg --full-generate-key

Follow the prompts to generate your key pair. You’ll need to specify the kind of key you want, the key size (a 4096-bit key is recommended), and the duration the key should be valid. You will also need to provide your name and the email address associated with your Git commits.

Step 3: List GPG Keys

Once you've generated your GPG key, list your keys by typing:

gpg --list-secret-keys --keyid-format=long

Look for the key that matches your Git commit email.

Step 4: Get the GPG Key ID

Take note of the GPG key ID of the key you just created. It's the part after the / in the sec line.

Step 5: Export the GPG Key 

gpg --armor --export YOUR_GPG_KEY_ID

Replace YOUR_GPG_KEY_ID with the ID you found in the previous step. This will print your GPG key in the ASCII armor format, which you'll need to copy.

Step 6: Add the GPG Key to Your GitHub Account

  • Go to your GitHub settings.
  • Click on "SSH and GPG keys".
  • Click on "New GPG key".
  • Paste your GPG key into the text area and save.

Step 7: Configure Git to Use Your GPG Key 

git config --global user.signingkey YOUR_GPG_KEY_ID

Step 8: Sign Your Commits

To sign a commit, you just need to add -S to your git commit command:

git commit -S -m "Your commit message"

Step 9: Tell Git to Sign All Your Commits

If you want to sign all your commits by default, you can configure Git to do so:

git config --global commit.gpgsign true

Step 10: Push Your Commit to GitHub

When you push your signed commit to GitHub, it should now show up as "Verified".

Remember to always keep your private key secure and never share it with anyone. If you forget your passphrase, you will lose access to anything encrypted with your private key, so keep it in a safe place.