Every commit no signed or with unknown user, will be reported in graft. Maintain the .gitroot/allowed_signers file.
Stigma, also add a .gitroot/init.sh file to help you configure your local git client.
Running unknow sh is risky. Please be sure to review the script before run it. In case you prefer to do it manually this are the steps.
GitRoot need all your commits to be signed, to configure your local git client:
1git config commit.gpgSign true
2git config gpg.format ssh
3git config user.signingkey $SSH_PUB_KEY
4git config gpg.ssh.allowedSignersFile "$(pwd)/.gitroot/allowed_signers"
5git config core.sshCommand "ssh -i ${SSH_PRIV_KEY} -o IdentitiesOnly=yes"
And don’t forget to add yourself in the users.yml of GitRoot. See Add a user for mode details.
Don’t forget to configure user.name and user.email like any other git repository:
1git config user.email "$EMAIL"
2git config user.name "$NAME"