nautilus-cyberneering / secure-git-guide Goto Github PK
View Code? Open in Web Editor NEWA collections of articles about Git, GitHub and GPG focused on security.
Home Page: https://secure-git.guide
A collections of articles about Git, GitHub and GPG focused on security.
Home Page: https://secure-git.guide
Somehow, overnight, the custom url doesn't load. At least for me.
Hmm.
Bitcoin has a file within their repository that lists the GPG key-fingerprints that are used by the developers and builders.
https://github.com/bitcoin/bitcoin/tree/master/contrib/builder-keys
This is a good way to authenticate a new developer for the project.
I think that the GPG-Bootcamp could explain how to upload a key to the keysever, and request for listing in the keys.txt
file.
The document needs a little fun and color.
It is a little boring so we would like you to add some cool emojis!!
๐ค
You can use the emojis from here:
https://emojis.github.io/
Use consistent infrastructure as https://github.com/torrust/torrust-website
@da2ce7, @cgbosse and I were discussing yesterday renaming this repo: secure-git-guide
.
The reasons are:
We have a custom domain for the site: https://secure-git.guide/
We have to update mkdocs configuration.
We want to offer the same content on a webpage using GitHub Pages.
We want to use MKDocs for the time being since we are also using it on other projects.
TASKS:
main
branch) could be the MKDocs page. We do not need a docs
folder. Setup gh-pages with root
.NOTES:
In the "links" section at the end of the article 008_GPG-How-to-create-a-subkey-for-signing, there is two white spaces that should not be rendered:
I checked for this small bug in two different browsers and OS (Firefox and Edge on Windows and Firefox on Ubuntu) and all show the same white spaces.
The .md file that contains the article seems correct, and if we visualize the file on github, the "preview" window renders the links with one space for each link.
Github preview window
However, the final .html file that gets rendered adds a "p" tag before the "a" tag that contains the link in the first two, causing them to render a white space:
I'm moving this article to this repo.
We are going to split the article into at least two smaller ones.
The search bar present on all pages could be optimised in a number of ways. I would add pagination to limit the amount of results which appear with each search as too many might be overwhelming for the user and it doesn't look as nice when the user has to scroll so much.
As Bootstrap is being used, here are some possible options for this: https://getbootstrap.com/docs/4.0/components/pagination/
Also, filter out results which lead to the same location. I searched 'gpg' and the first two results (https://secure-git.guide/002_GPG-Why-we-use-GPG/ and https://secure-git.guide/002_GPG-Why-we-use-GPG/#gpg-why-we-use-gpg) led to the same page, as well as other results appearing more than once, which is unnecessary. A Set could be used to store unique results which can then be displayed to the user.
When you build the app there are a lot of errors:
$ npm run build
> secure-git-guide-branch@0.0.1 build
> vite build
vite v4.4.9 building SSR bundle for production...
transforming (59) node_modules/@sveltejs/kit/src/runtime/hash.js1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/001_GPG-What-is-GPG.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-001.jpg"
8: alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/002_GPG-Why-we-use-GPG.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-002.jpg"
8: alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/003-GPG-101-How-to-get-your-first-GPG-Keys.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-003.jpg"
8: alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-004.jpg"
8: alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-005.jpg"
8: alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:16:3 A11y: Screenreaders already announce <img> elements as an image.
14: href="#understanding-gpg-defaults"
15: ><span>#</span></a>Understanding GPG Defaults</h2>
16: <p><img
^
17: src="https://nautilus-cyberneering.de/wp-content/uploads/2022/01/gpg_gITHUB.jpg"
18: alt="IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:57:3 A11y: Screenreaders already announce <img> elements as an image.
55: ><span>#</span></a>How to create further sub-keys</h3>
56: <hr>
57: <p><img
^
58: src="https://nautilus-cyberneering.de/wp-content/uploads/2022/01/MOTHERkEY-1024x384.jpg"
59: alt="IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/006_GPG-Other-Uses.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-006.jpg"
8: alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/007_GPG-How-to-create-a-subkey-for-signing.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-008.jpg"
8: alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-009.jpg"
8: alt="HEADER IMAGE"
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/009_GPG-Git-commits-partially-verified.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-010.jpg"
8: alt="HEADER IMAGE"
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/010_How-to-remove-commits-by-commit-message.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-011.jpg"
8: alt="HEADER IMAGE"
transforming (89) src/posts/010_How-to-remove-commits-by-commit-message.md1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/011_How-to-import-the-dependabot-gpg-public-key.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-012.jpg"
8: alt="HEADER IMAGE"
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/013_Sharing-GitHub-secrets-with-third-party-actions.md:207:3 A11y: Screenreaders already announce <img> elements as an image.
205: rel="nofollow"
206: >MegaLinter</a> is part of <a href="https://www.ox.security" rel="nofollow">ox.security</a>, its own sources are watched by Ox services to detect security issues, including supply chain attacks</p>
207: <p><img
^
208: src="https://user-images.githubusercontent.com/17500430/198858440-3c8c7a3d-60c8-4035-a8af-b97c96e385a8.png"
209: alt="image"
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:127:3 A11y: Screenreaders already announce <img> elements as an image.
125: >Git Garbage Collector</a> from removing the object. If the <code>blob</code> object is not referenced anywhere it could be deleted.</p>
126: <p>This diagram shows how to different processes can write objects:</p>
127: <p><img src="docs/media/015/store-only-the-latest-state.png" alt="image"></p>
^
128: <p>Pros:</p>
129: <ul>
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:161:3 A11y: Screenreaders already announce <img> elements as an image.
159: โ โโโ my-objects-object-1
160: โโโ tags</code>`}</pre>
161: <p><img src="docs/media/015/store-state-change-history.png" alt="image"></p>
^
162: <p>Pros:</p>
163: <ul>
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:189:3 A11y: Screenreaders already announce <img> elements as an image.
187: cat counter-1.txt</code>`}</pre>
188: <p>An independent processes could checkout the repository and increment the counter. After cloning the repository you have an old version of the data because other processes could have cloned and updated the counter.</p>
189: <p><img src="docs/media/015/race-conditions.png" alt="image"></p>
^
190: <p>Git is a decentralized data structure and the only way to reconciliate things is by using <code>pull</code> and <code>push</code> commands. Git will tell you when you are trying to merge data with conflicts.</p>
191: <h3 id='optimistic-concurrency-control'>Optimistic concurrency control</h3>
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:197:3 A11y: Screenreaders already announce <img> elements as an image.
195: rel="nofollow"
196: >optimistic approach</a>. When you try to โpushโ your object version by updating the reference in the origin repo you will get an error if the reference (branch) was already changed.</p>
197: <p><img
^
198: src="docs/media/015/using-git-push-conflicts-to-implement-optimistic-concurrency-control.png"
199: alt="image"
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/curated-resources.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-007.jpg"
8: alt="HEADER IMAGE"
โ 1382 modules transformed.
vite v4.4.9 building for production...
transforming (16) src/routes/+page.ts1:51:00 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/001_GPG-What-is-GPG.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-001.jpg"
8: alt="HEADER IMAGE"
1:51:00 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/003-GPG-101-How-to-get-your-first-GPG-Keys.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-003.jpg"
8: alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/002_GPG-Why-we-use-GPG.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-002.jpg"
8: alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-004.jpg"
8: alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-005.jpg"
8: alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:16:3 A11y: Screenreaders already announce <img> elements as an image.
14: href="#understanding-gpg-defaults"
15: ><span>#</span></a>Understanding GPG Defaults</h2>
16: <p><img
^
17: src="https://nautilus-cyberneering.de/wp-content/uploads/2022/01/gpg_gITHUB.jpg"
18: alt="IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:57:3 A11y: Screenreaders already announce <img> elements as an image.
55: ><span>#</span></a>How to create further sub-keys</h3>
56: <hr>
57: <p><img
^
58: src="https://nautilus-cyberneering.de/wp-content/uploads/2022/01/MOTHERkEY-1024x384.jpg"
59: alt="IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/006_GPG-Other-Uses.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-006.jpg"
8: alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/007_GPG-How-to-create-a-subkey-for-signing.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-008.jpg"
8: alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-009.jpg"
8: alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/009_GPG-Git-commits-partially-verified.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-010.jpg"
8: alt="HEADER IMAGE"
transforming (51) src/posts/009_GPG-Git-commits-partially-verified.md1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/010_How-to-remove-commits-by-commit-message.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-011.jpg"
8: alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/011_How-to-import-the-dependabot-gpg-public-key.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-012.jpg"
8: alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/013_Sharing-GitHub-secrets-with-third-party-actions.md:207:3 A11y: Screenreaders already announce <img> elements as an image.
205: rel="nofollow"
206: >MegaLinter</a> is part of <a href="https://www.ox.security" rel="nofollow">ox.security</a>, its own sources are watched by Ox services to detect security issues, including supply chain attacks</p>
207: <p><img
^
208: src="https://user-images.githubusercontent.com/17500430/198858440-3c8c7a3d-60c8-4035-a8af-b97c96e385a8.png"
209: alt="image"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:127:3 A11y: Screenreaders already announce <img> elements as an image.
125: >Git Garbage Collector</a> from removing the object. If the <code>blob</code> object is not referenced anywhere it could be deleted.</p>
126: <p>This diagram shows how to different processes can write objects:</p>
127: <p><img src="docs/media/015/store-only-the-latest-state.png" alt="image"></p>
^
128: <p>Pros:</p>
129: <ul>
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:161:3 A11y: Screenreaders already announce <img> elements as an image.
159: โ โโโ my-objects-object-1
160: โโโ tags</code>`}</pre>
161: <p><img src="docs/media/015/store-state-change-history.png" alt="image"></p>
^
162: <p>Pros:</p>
163: <ul>
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:189:3 A11y: Screenreaders already announce <img> elements as an image.
187: cat counter-1.txt</code>`}</pre>
188: <p>An independent processes could checkout the repository and increment the counter. After cloning the repository you have an old version of the data because other processes could have cloned and updated the counter.</p>
189: <p><img src="docs/media/015/race-conditions.png" alt="image"></p>
^
190: <p>Git is a decentralized data structure and the only way to reconciliate things is by using <code>pull</code> and <code>push</code> commands. Git will tell you when you are trying to merge data with conflicts.</p>
191: <h3 id='optimistic-concurrency-control'>Optimistic concurrency control</h3>
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:197:3 A11y: Screenreaders already announce <img> elements as an image.
195: rel="nofollow"
196: >optimistic approach</a>. When you try to โpushโ your object version by updating the reference in the origin repo you will get an error if the reference (branch) was already changed.</p>
197: <p><img
^
198: src="docs/media/015/using-git-push-conflicts-to-implement-optimistic-concurrency-control.png"
199: alt="image"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/curated-resources.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5:
6: <p><img
^
7: src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-007.jpg"
8: alt="HEADER IMAGE"
โ 1373 modules transformed.
.svelte-kit/output/client/_app/version.json 0.03 kB โ gzip: 0.05 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-greek-400-normal.4e44607d.woff2 4.22 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-cyrillic-400-normal.9f48e746.woff2 5.29 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-vietnamese-400-normal.42e6680f.woff 5.34 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-greek-400-normal.f95fabcf.woff 5.64 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-cyrillic-400-normal.9fbeb3ad.woff 6.94 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-latin-ext-400-normal.a6e389bf.woff2 7.08 kB
.svelte-kit/output/client/_app/immutable/assets/manrope-vietnamese-wght-normal.41fac913.woff2 8.31 kB
.svelte-kit/output/client/_app/immutable/assets/manrope-greek-wght-normal.bdfac7ad.woff2 9.19 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-latin-ext-400-normal.3087ce38.woff 9.83 kB
.svelte-kit/output/client/_app/immutable/assets/manrope-cyrillic-wght-normal.26287892.woff2 14.20 kB
.svelte-kit/output/client/.vite/manifest.json 14.62 kB โ gzip: 1.72 kB
.svelte-kit/output/client/_app/immutable/assets/manrope-latin-ext-wght-normal.c184517a.woff2 14.80 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-latin-400-normal.7c53386f.woff2 21.09 kB
.svelte-kit/output/client/_app/immutable/assets/manrope-latin-wght-normal.14be4114.woff2 24.38 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-latin-400-normal.f1ba9869.woff 27.90 kB
.svelte-kit/output/client/_app/immutable/assets/3.b794562a.css 0.24 kB โ gzip: 0.14 kB
.svelte-kit/output/client/_app/immutable/assets/2.2ae3df69.css 4.59 kB โ gzip: 1.02 kB
.svelte-kit/output/client/_app/immutable/assets/0.026689a9.css 54.21 kB โ gzip: 20.39 kB
.svelte-kit/output/client/_app/immutable/chunks/config.66e1fb97.js 0.12 kB โ gzip: 0.13 kB
.svelte-kit/output/client/_app/immutable/chunks/control.f5b05b5f.js 0.25 kB โ gzip: 0.18 kB
.svelte-kit/output/client/_app/immutable/chunks/index.3b5b6fbf.js 0.45 kB โ gzip: 0.32 kB
.svelte-kit/output/client/_app/immutable/chunks/preload-helper.a4192956.js 0.89 kB โ gzip: 0.55 kB
.svelte-kit/output/client/_app/immutable/nodes/1.96bbff8e.js 1.02 kB โ gzip: 0.59 kB
.svelte-kit/output/client/_app/immutable/chunks/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.c64cf6ad.js 1.60 kB โ gzip: 0.83 kB
.svelte-kit/output/client/_app/immutable/chunks/singletons.ce16bbae.js 2.45 kB โ gzip: 1.26 kB
.svelte-kit/output/client/_app/immutable/chunks/scheduler.35d2bb6c.js 2.51 kB โ gzip: 1.18 kB
.svelte-kit/output/client/_app/immutable/chunks/006_GPG-Other-Uses.6bf3ae91.js 2.83 kB โ gzip: 1.20 kB
.svelte-kit/output/client/_app/immutable/entry/app.ab64e351.js 5.44 kB โ gzip: 1.96 kB
.svelte-kit/output/client/_app/immutable/chunks/002_GPG-Why-we-use-GPG.2b4a08b1.js 6.38 kB โ gzip: 2.67 kB
.svelte-kit/output/client/_app/immutable/nodes/3.1fd2ce10.js 7.10 kB โ gzip: 2.13 kB
.svelte-kit/output/client/_app/immutable/chunks/001_GPG-What-is-GPG.b73f3e07.js 7.84 kB โ gzip: 3.16 kB
.svelte-kit/output/client/_app/immutable/nodes/2.5ac7dd13.js 8.04 kB โ gzip: 3.06 kB
.svelte-kit/output/client/_app/immutable/chunks/011_How-to-import-the-dependabot-gpg-public-key.4cf9ca87.js 9.48 kB โ gzip: 3.50 kB
.svelte-kit/output/client/_app/immutable/chunks/index.a1f10f96.js 9.56 kB โ gzip: 4.10 kB
.svelte-kit/output/client/_app/immutable/chunks/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.1024fa8e.js 10.20 kB โ gzip: 3.75 kB
.svelte-kit/output/client/_app/immutable/nodes/0.7ee4ed9d.js 10.82 kB โ gzip: 3.99 kB
.svelte-kit/output/client/_app/immutable/chunks/curated-resources.ba5e76ff.js 13.86 kB โ gzip: 4.07 kB
.svelte-kit/output/client/_app/immutable/chunks/007_GPG-How-to-create-a-subkey-for-signing.93897dcb.js 16.02 kB โ gzip: 5.02 kB
.svelte-kit/output/client/_app/immutable/chunks/010_How-to-remove-commits-by-commit-message.1fcede70.js 17.64 kB โ gzip: 6.61 kB
.svelte-kit/output/client/_app/immutable/chunks/005_GPG-Best-Practices.3daf0b72.js 19.96 kB โ gzip: 6.92 kB
.svelte-kit/output/client/_app/immutable/chunks/003-GPG-101-How-to-get-your-first-GPG-Keys.7fe10896.js 22.41 kB โ gzip: 6.60 kB
.svelte-kit/output/client/_app/immutable/entry/start.232db3e7.js 24.78 kB โ gzip: 9.80 kB
.svelte-kit/output/client/_app/immutable/chunks/012_How-github-actions-can-get-access-to-secrets.6b1cf388.js 28.81 kB โ gzip: 9.30 kB
.svelte-kit/output/client/_app/immutable/chunks/013_Sharing-GitHub-secrets-with-third-party-actions.b98e70aa.js 29.99 kB โ gzip: 9.51 kB
.svelte-kit/output/client/_app/immutable/chunks/014_How-to-use-Git-as-a-database.827351da.js 39.55 kB โ gzip: 12.68 kB
.svelte-kit/output/client/_app/immutable/chunks/009_GPG-Git-commits-partially-verified.796c804b.js 40.93 kB โ gzip: 12.10 kB
โ built in 6.34s
404 /index.md (linked from /curated-resources)
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-greek-400-normal.4e44607d.woff2 4.22 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-cyrillic-400-normal.9f48e746.woff2 5.29 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-vietnamese-400-normal.42e6680f.woff 5.34 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-greek-400-normal.f95fabcf.woff 5.64 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-cyrillic-400-normal.9fbeb3ad.woff 6.94 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-latin-ext-400-normal.a6e389bf.woff2 7.08 kB
.svelte-kit/output/server/_app/immutable/assets/manrope-vietnamese-wght-normal.41fac913.woff2 8.31 kB
.svelte-kit/output/server/_app/immutable/assets/manrope-greek-wght-normal.bdfac7ad.woff2 9.19 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-latin-ext-400-normal.3087ce38.woff 9.83 kB
.svelte-kit/output/server/.vite/manifest.json 12.24 kB
.svelte-kit/output/server/_app/immutable/assets/manrope-cyrillic-wght-normal.26287892.woff2 14.20 kB
.svelte-kit/output/server/_app/immutable/assets/manrope-latin-ext-wght-normal.c184517a.woff2 14.80 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-latin-400-normal.7c53386f.woff2 21.09 kB
.svelte-kit/output/server/_app/immutable/assets/manrope-latin-wght-normal.14be4114.woff2 24.38 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-latin-400-normal.f1ba9869.woff 27.90 kB
.svelte-kit/output/server/_app/immutable/assets/_page.b794562a.css 0.24 kB
.svelte-kit/output/server/_app/immutable/assets/_page.2ae3df69.css 4.59 kB
.svelte-kit/output/server/_app/immutable/assets/_layout.c62e22e9.css 54.28 kB
.svelte-kit/output/server/entries/pages/_layout.ts.js 0.05 kB
.svelte-kit/output/server/chunks/config.js 0.06 kB
.svelte-kit/output/server/entries/pages/_page.ts.js 0.16 kB
.svelte-kit/output/server/internal.js 0.19 kB
.svelte-kit/output/server/entries/fallbacks/error.svelte.js 0.89 kB
.svelte-kit/output/server/chunks/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.js 1.38 kB
.svelte-kit/output/server/chunks/index.js 1.40 kB
.svelte-kit/output/server/entries/pages/_slug_/_page.svelte.js 1.53 kB
.svelte-kit/output/server/chunks/index2.js 1.99 kB
.svelte-kit/output/server/chunks/006_GPG-Other-Uses.js 2.06 kB
.svelte-kit/output/server/entries/pages/_slug_/_page.ts.js 2.95 kB
.svelte-kit/output/server/entries/endpoints/api/posts/_server.ts.js 3.29 kB
.svelte-kit/output/server/chunks/002_GPG-Why-we-use-GPG.js 4.23 kB
.svelte-kit/output/server/chunks/001_GPG-What-is-GPG.js 5.26 kB
.svelte-kit/output/server/chunks/internal.js 5.72 kB
.svelte-kit/output/server/chunks/011_How-to-import-the-dependabot-gpg-public-key.js 7.30 kB
.svelte-kit/output/server/chunks/ssr.js 7.40 kB
.svelte-kit/output/server/entries/pages/_layout.svelte.js 7.46 kB
.svelte-kit/output/server/chunks/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.js 7.66 kB
.svelte-kit/output/server/chunks/curated-resources.js 8.88 kB
.svelte-kit/output/server/chunks/003-GPG-101-How-to-get-your-first-GPG-Keys.js 10.34 kB
.svelte-kit/output/server/entries/pages/_page.svelte.js 10.91 kB
.svelte-kit/output/server/chunks/005_GPG-Best-Practices.js 11.54 kB
.svelte-kit/output/server/chunks/010_How-to-remove-commits-by-commit-message.js 13.02 kB
.svelte-kit/output/server/chunks/007_GPG-How-to-create-a-subkey-for-signing.js 13.22 kB
.svelte-kit/output/server/chunks/012_How-github-actions-can-get-access-to-secrets.js 21.78 kB
.svelte-kit/output/server/chunks/013_Sharing-GitHub-secrets-with-third-party-actions.js 22.17 kB
.svelte-kit/output/server/chunks/014_How-to-use-Git-as-a-database.js 24.71 kB
.svelte-kit/output/server/chunks/009_GPG-Git-commits-partially-verified.js 29.38 kB
.svelte-kit/output/server/index.js 87.13 kB
Run npm run preview to preview your production build locally.
> Using @sveltejs/adapter-static
Wrote site to "build"
โ done
โ built in 9.93s
> secure-git-guide-branch@0.0.1 postbuild
> npm run optimize-images && svelte-sitemap --domain https://secure-git.guide/
> secure-git-guide-branch@0.0.1 optimize-images
> image-transmutation --run --sourceFolder './build/images' --targetFolder './build/images' --inputFormats 'jpg' --inputFormats 'jpeg' --inputFormats 'png' --outputFormats 'png' --outputFormats 'webp' --outputFormats 'avif'
> Using svelte-sitemap
โ done. Check your new sitemap here: ./build/sitemap.xml
In the fifth article 005_GPG-Best-Practices, there is a ":exclamation" after the text in the last four headers as shown below.
The text should be either deleted or replaced by an emoji, to help letting the reader know is something important to keep in mind.
Screenshot of the issue:
GitHub dependabot uses this GPG public key to sign commits:
gpg: Signature made jue 03 feb 2022 13:40:17 WET
gpg: using RSA key 4AEE18F83AFDEB23
gpg: Can't check signature: No public key
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Thu Feb 3 13:40:17 2022 +0000
Commit: GitHub <[email protected]>
CommitDate: Thu Feb 3 13:40:17 2022 +0000
If you do not import the public key in your local keyring you will see the message:
gpg: Signature made jue 03 feb 2022 13:40:17 WET
gpg: using RSA key 4AEE18F83AFDEB23
gpg: Can't check signature: No public key
You can import it with:
curl https://github.com/web-flow.gpg | gpg --import
gpg -k 4AEE18F83AFDEB23
And you will see:
commit 8d3203a9c270ed8939de92c721973c7d2c29cdfc
gpg: Signature made jue 03 feb 2022 13:40:17 WET
gpg: using RSA key 4AEE18F83AFDEB23
gpg: Good signature from "GitHub (web-flow commit signing) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5DE3 E050 9C47 EA3C F04A 42D3 4AEE 18F8 3AFD EB23
Since we are using numbers for the articles I would suggest putting the article media files inside a subfolder like this:
โโโ media
โย ย โโโ 010
โย ย โย ย โโโ commit-with-partially-verified-signature-on-github.png
โย ย โย ย โโโ commit-with-verified-signature-on-github.png
What do you think @cgbosse?
I think that way would be easier to know which article the media file belongs to and all the media articles belonging to an article. If we have some of them shared between articles we can create a "shared" folder.
I did it that way in my latest PR.
MegaLinter workflow failed the last time it was run:
https://github.com/Nautilus-Cyberneering/secure-git-guide/actions/runs/2548987144
It seems to be a false positive. A dead link that is working now.
I'm going to add a manual trigger for the workflow so that we can re-run it to update the status badge in the README:
Original idea: nautilus-cyberneering/git-queue#208 (comment)
I want to convert that comment into an article for this repo.
Should we convert the markdown file "Git & GitHub How To" int an article.
I'm moving this article to this repo.
We are going to split the article into at least two smaller ones.
This is the second one. The first one has already been included.
Recently I had to remove a lot of commits from a repo having a concrete prefix.
This is the original issue.
The first solution I found was using git filter-branch
. It could work but you have to write code to remove the commits in the rebase file.
@da2ce7 proposed to use reposurgeon. And It worked fine.
You have to install the program and it has its own scripting language. I wrote this script:
# Load the project into main memory
# Warning: this command is slow because Subversion is slow.
read ./YOUR-REPO
# Check for and report glitches such as timestamp collisions,
# ill-formed committer/author IDs, multiple roots, etc.
lint
# Commit deletion
/YOUR-COMMIT-PREFIX/c delete
# We want to write a Git repository
prefer git
# Do it
rebuild YOUR-REPO-NEW_FOLDER
And then you can execute it with:
reposurgeon "script remove-commits-with-prefix.rs"
I'm going to add an article explaining the different lines and basic stuff about reposurgeon.
How to reproduce:
You will be redirected to: https://github.com/Nautilus-Cyberneering/secure-git-guide/edit/master/docs/index.md instead of https://github.com/Nautilus-Cyberneering/secure-git-guide/edit/main/docs/index.md
I've been trying to find out whether the config is wrong or if there is a bug in the cinder theme.
I do not find the "master" branch in the HTML template so there must be something added when building the site. I've tried to search for it in the cinder code but I have not found the problem, so I decided to open an issue:
See https://secure-git.guide/#articles
static/
โโโ docs
โย ย โโโ 001_GPG-What-is-GPG.md
โย ย โโโ 002_GPG-Why-we-use-GPG.md
โย ย โโโ 003-GPG-101-How-to-get-your-first-GPG-Keys.md
โย ย โโโ 004_GPG-How-to-use-GPG-with-GIT-and-GitHub.md
โย ย โโโ 005_GPG-Best-Practices.md
โย ย โโโ 006_GPG-Other-Uses.md
โย ย โโโ 007_Curated-List-of-Resources.md
โย ย โโโ 008_GPG-How-to-create-a-subkey-for-signing.md
โย ย โโโ 009_GPG-How-to-use-a-signing-key-independently-from-primary-key.md
โย ย โโโ 010_GPG-Git-commits-partially-verified.md
โย ย โโโ 011_How-to-remove-commits-by-commit-message.md
โย ย โโโ 012_How-to-import-the-dependabot-gpg-public-key.md
โย ย โโโ 013_How-github-actions-can-get-access-to-secrets.md
โย ย โโโ 014_Sharing-GitHub-secrets-with-third-party-actions.md
โย ย โโโ 015_How-to-use-Git-as-a-database.md
cc @da2ce7 @grmbyrn should we remove the number prefix?
I think we should include an article slug and put meta info in the markdown file like in the Torrust website (for example https://raw.githubusercontent.com/torrust/torrust-website/develop/src/routes/(blog-article)/containerizing-rust-applications-best-practices/%2Bpage.md).
Use case:
The folder cinder
contains a mkdocs
theme. It also contains some Python files. MegaLinter is failing because of one of those files.
I'm going to disable the PYLINT for that folder.
We can add an example repo and article or just add this as a resource.
cc @da2ce7
Instead of being able to move from article to article once one has been read, the user must always first return to home through the Back to home button before starting the next article. This isn't intuitive for most internet users who are used to being able to progress through previous and next articles on many websites, as easily as you would with a book or newspaper. This would be especially useful here as each article seems to lead from the previous one. This could be done by adding a link in the .md file for each article with links to the Previous and Next articles.
Also, the emojis next to the heading for Articles are misleading. A lock emoji/image on the internet is widely known to indicate that access is limited to certain users, such as articles which are behind a paywall. While the lock and key emoji combination may be to suggest that these articles will unlock some knowledge, it is a much less common combination to see online and the first impression is that these articles are only for use by some. If the emojis are to express the knowledge contained in these articles, perhaps ๐ค or ๐ง would express it better.
Sometimes you can see this label in a GitHub commit:
With this popup message:
In that case, the message means:
I think the message is a little bit misleading because the original commit was created by the author and it was merged into the target base branch using "rebase". And there is no way to keep the original author commit's signature.
Signatures from the author commit have to be verified before merging. I found this process confusing and I have not found a good simple explanation. I would like to add at least the collection of links I have after researching for a better explanation of what's happening behind that message.
File name: 010_GPG-Git-commits-partially-verified.md
From GitHub docs: Statuses with vigilant mode enabled
Originally posted by josecelano June 13, 2022
In the Git Pro book they mention that you can use Git Objects to distribute your public GPG keys:
Chapter: https://git-scm.com/book/en/v2/Distributed-Git-Maintaining-a-Project
Section: Tagging Your Releases
If you do sign your tags, you may have the problem of distributing the public PGP key used to sign your tags. The maintainer of the Git project has solved this issue by including their public key as a blob in the repository and then adding a tag that points directly to that content. To do this, you can figure out which key you want by running gpg --list-keys:
$ gpg --list-keys
/Users/schacon/.gnupg/pubring.gpg
---------------------------------
pub 1024D/F721C45A 2009-02-09 [expires: 2010-02-09]
uid Scott Chacon <[email protected]>
sub 2048g/45D02282 2009-02-09 [expires: 2010-02-09]
Then, you can directly import the key into the Git database by exporting it and piping that through git hash-object, which writes a new blob with those contents into Git and gives you back the SHA-1 of the blob:
$ gpg -a --export F721C45A | git hash-object -w --stdin
659ef797d181633c87ec71ac3f9ba29fe5775b92
```s
_Now that you have the contents of your key in Git, you can create a tag that points directly to it by specifying the new SHA-1 value that the hash-object command gave you:_
```s
$ git tag -a maintainer-pgp-pub 659ef797d181633c87ec71ac3f9ba29fe5775b92
If you run git push --tags, the maintainer-pgp-pub tag will be shared with everyone. If anyone wants to verify a tag, they can directly import your PGP key by pulling the blob directly out of the database and importing it into GPG:
$ git show maintainer-pgp-pub | gpg --import
They can use that key to verify all your signed tags. Also, if you include instructions in the tag message, running git show will let you give the end user more specific instructions about tag verification.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.