01 Git 的多账户配置

在安装完成 Git 后,就可以开始配置啦~

首先清除之前配置的全局用户信息(新安装 Git 的用户无需执行此步骤):

git config --global --unset user.name "你的名字"
git config --global --unset user.email "你的邮箱"

分别生成 GitHub、GitLab 以及 Gitee 的 SSH keys:

ssh-keygen -t rsa -f ~/.ssh/id_rsa.github -C "你的邮箱"
ssh-keygen -t rsa -f ~/.ssh/id_rsa.gitlab -C "你的邮箱"
ssh-keygen -t rsa -f ~/.ssh/id_rsa.gitee -C "你的邮箱"

完成后会在C:/Users/[用户名]/.ssh/目录下生成以下文件:

  • id_rsa.github
  • id_rsa.github.pub
  • id_rsa.gitlab
  • id_rsa.gitlab.pub
  • id_rsa.gitee
  • id_rsa.gitee.pub

为了让 SSH 能够识别新的私钥,我们需要将新的私钥加入到 SSH agent 中,依次执行:

ssh-agent bash
ssh-add ~/.ssh/id_rsa.github
ssh-add ~/.ssh/id_rsa.gitlab
ssh-add ~/.ssh/id_rsa.gitee

创建config文件:

touch ~/.ssh/config

根据实际情况编辑config文件,该文件的完整配置如下:

# Default GitHub user
Host github.com
    HostName github.com
    User git # 自定义的用户名,默认为git
    IdentityFile ~/.ssh/id_rsa.github

# Add GitLab user 
Host git@gitlab.com
    HostName gitlab.com
    User git
    IdentityFile ~/.ssh/id_rsa.gitlab

# Add Gitee user
Host gitee.com
    Port 22
    HostName gitee.com
    User git
    IdentityFile ~/.ssh/id_rsa.gitee

# 其他自己搭建的
Host git@git.startdt.net
    Port 22
    HostName http://git.startdt.net
    User git
    IdentityFile ~/.ssh/lab_rsa.startdt

之后在网站中添加 SSH keys,以 GitHub 为例,拷贝C:/Users/[用户名]/.ssh/id_rsa.github.pub的文件内容,粘贴至下图中Key一栏,之后点击Add SSH key添加即可:

全部完成后就可以开始配置仓库的用户信息啦~

在 Git 中,我们使用git config命令用来配置仓库的用户信息,按照优先级从高至低依次为:

  1. 只对当前仓库有效(配置文件是当前仓库下的.git/config),需要先使用cd命令切换至仓库根目录:
    git config --local user.name "你的名字"
git config --local user.email "你的邮箱"
  2. 对登录用户的所有仓库有效(配置文件是C:/Users/[用户名]/.gitconfig):
    git config --global user.name "你的名字"
git config --global user.email "你的邮箱"
  3. 对系统的所有用户有效(配置文件是 Git 安装目录下的etc/gitconfig):
    git config --system user.name "你的名字"
git config --system user.email "你的邮箱"

根据实际情况配置好仓库的用户信息即可,例如我们为登录用户配置 GitHub 账号githubuser,其对应邮箱为githubuser@angustar.com

git config --global user.name "githubuser"
git config --global user.email "githubuser@angustar.com"

同时为某一仓库配置 GitLab 账号gitlabuser,其对应邮箱为gitlabuser@angustar.com(需要提前切换到仓库根目录):

git config --local user.name "gitlabuser"
git config --local user.email "gitlabuser@angustar.com"

更多关于git config命令的使用可以参考:git config配置 - fireporsche - 博客园 (cnblogs.com)

02 为 Git 增加 GPG 签名验证

为了防止身份信息被冒用,我们需要为 Git 增加 GPG 签名验证。

生成一对 GPG 密钥:

gpg --full-generate-key

需要注意的是:

  • 密钥种类:选择默认 RSA and RSA 即可;
  • 密钥长度:GitHub 的要求是 4096 bits;
  • 密钥过期时间:按照自己的需要选择,默认为永不过期;
  • 用户 ID 和邮箱:填写常用的用户名,并填入在 GitHub/GitLab/Gitee 上面认证过的邮箱

完整的输出如下:

$ gpg --full-generate-key
gpg (GnuPG) 2.2.29-unknown; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/c/Users/ZSL/.gnupg' created
gpg: keybox '/c/Users/ZSL/.gnupg/pubring.kbx' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
  (14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: githubuser
Email address: githubuser@angustar.com
Comment:
You selected this USER-ID:
    "githubuser <githubuser@angustar.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /c/Users/ZSL/.gnupg/trustdb.gpg: trustdb created
gpg: key 4B2F74BB690E114B marked as ultimately trusted
gpg: directory '/c/Users/ZSL/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/c/Users/ZSL/.gnupg/openpgp-revocs.d/DA77D24EEE8C4D1175727BB04B2F74BB690E114B.rev'
public and secret key created and signed.

pub   rsa4096 2021-08-19 [SC]
      DA77D24EEE8C4D1175727BB04B2F74BB690E114B
uid                      githubuser <githubuser@angustar.com>
sub   rsa4096 2021-08-19 [E]

这样,我们就生成了我们的第一对 GPG 密钥!

之后使用gpg --list-secret-keys --keyid-format=long命令列出长形式 GPG 密钥,完整输出如下:

$ gpg --list-secret-keys --keyid-format=long
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/c/Users/ZSL/.gnupg/pubring.kbx
-------------------------------
sec   rsa4096/4B2F74BB690E114B 2021-08-19 [SC]
      DA77D24EEE8C4D1175727BB04B2F74BB690E114B
uid                 [ultimate] githubuser <githubuser@angustar.com>
ssb   rsa4096/8BC9A15A5D5D59B6 2021-08-19 [E]

在此例中,GPG 密钥 ID 是位于sec行的 4B2F74BB690E114B

将签名密钥告知 Git 并用这一 GPG key 为我们的 commit 进行签名:

# 注意替换为自己的GPG密钥ID
git config --global user.signingkey 4B2F74BB690E114B
git config --global commit.gpgsign true

最后,我们需要告诉 GitHub/GitLab/Gitee 我们使用的 GPG 公钥。

对于刚刚我们拿到的ID为 4B2F74BB690E114B的私钥 ,我们可以使用以下命令输出 GPG 公钥并将其上传至 GitHub/GitLab/Gitee:

# 注意替换为自己的GPG密钥ID
gpg --armor --export 4B2F74BB690E114B

这样,之后我们的每个 commit 就都有小绿标啦,这也表明了我们的提交经过签名验证,提交者确实为本人~

 

最后修改:2021 年 08 月 19 日 04 : 52 PM
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏