Signing Git commits with GPG
This recipe will show you how to digitally sign Git commits and RPM packages using a GNU Privacy Guard (GPG) keypair. A GPG keypair consists of two parts: the public key and the private key.
This is done by creating a GPG keypair and using it to sign Git commits and RPM packages.
Getting ready
In order to work with GPG and Git, you first need to install a few packages. Normally GPG is installed by default when the package gnupg2 is installed.
Git should be installed using dnf install git -y.
How to do it…
The first step is to create a GPG key if you do not already have one. This key will be used to sign both your Git commits and RPM packages. To work with the GPG key, you can use the gpg or gpg2 commands; both are the same thing, as gpg links to gpg2.
The GPG key is created via the command line:
[erik@ol8 ~]$ gpg2 --gen-key
The command will ask for some information, mainly your real name and email address. After you enter...
