nautilus-cyberneering / secure-git-guide Goto Github PK

View Code? Open in Web Editor NEW

7.0 4.0 5.0 28.96 MB

A collections of articles about Git, GitHub and GPG focused on security.

Home Page: https://secure-git.guide

HTML 2.75% CSS 18.51% JavaScript 8.71% TypeScript 13.57% Svelte 56.47%

git github good-practices gpg security

secure-git-guide's People

Contributors

Stargazers

Watchers

Forkers

josecelano ivanramosnet da2ce7 nvuillam grmbyrn

secure-git-guide's Issues

`https://secure-git.guide/` returns 404

Somehow, overnight, the custom url doesn't load. At least for me.

Hmm.

Listing the keys in the used in the repository.

Bitcoin has a file within their repository that lists the GPG key-fingerprints that are used by the developers and builders.

https://github.com/bitcoin/bitcoin/tree/master/contrib/builder-keys

This is a good way to authenticate a new developer for the project.

I think that the GPG-Bootcamp could explain how to upload a key to the keysever, and request for listing in the keys.txt file.

Index: Erase Stashed Changes remark

Article 007 - Add some additional cool emojis to our Curated Resource list Article

The document needs a little fun and color.
It is a little boring so we would like you to add some cool emojis!!
🤠

https://github.com/Nautilus-Cyberneering/secure-git-guide/blob/main/docs/007_Curated-List-of-Resources.md

You can use the emojis from here:
https://emojis.github.io/

Move Secure Git Guide to Svelet.Kit

Use consistent infrastructure as https://github.com/torrust/torrust-website

Add GPG section image and move the megalinter pass stamp to the top.

Correct Link in Readme to the index of articles.

With the dark theme you cannot see the article list

Readme: Include the contribution and proposal guide paragraph

Rename repository to `secure-git-guide`

@da2ce7, @cgbosse and I were discussing yesterday renaming this repo: secure-git-guide.

The reasons are:

We want to add more articles related to only git or/and GitHub best practices, security, ...
We will move this article to this repo.
We think the new name represents better the contents of the repo.

Add custom domain to mkdocs config: https://secure-git.guide/

We have a custom domain for the site: https://secure-git.guide/
We have to update mkdocs configuration.

Create a webpage

We want to offer the same content on a webpage using GitHub Pages.

We want to use MKDocs for the time being since we are also using it on other projects.

TASKS:

Setup mkdocs.
Move content to mkdocs markdown pages. I suppose the whole repo (main branch) could be the MKDocs page. We do not need a docs folder. Setup gh-pages with root.

NOTES:

I would recommend using one of these two MKDocs themes: gitbook, cinder.

Correct Spelling mistakes in article 009_GPG-How-to-use-a-signing-key-independently-from-primary-key

Uneven white spaces in the links section

Issue description

In the "links" section at the end of the article 008_GPG-How-to-create-a-subkey-for-signing, there is two white spaces that should not be rendered:

I checked for this small bug in two different browsers and OS (Firefox and Edge on Windows and Firefox on Ubuntu) and all show the same white spaces.

The .md file that contains the article seems correct, and if we visualize the file on github, the "preview" window renders the links with one space for each link.

.md file

Github preview window

Html file

However, the final .html file that gets rendered adds a "p" tag before the "a" tag that contains the link in the first two, causing them to render a white space:

New article 013: How GitHub Actions can get access to secrets

I'm moving this article to this repo.

We are going to split the article into at least two smaller ones.

Optimising search bar on all pages

The search bar present on all pages could be optimised in a number of ways. I would add pagination to limit the amount of results which appear with each search as too many might be overwhelming for the user and it doesn't look as nice when the user has to scroll so much.
As Bootstrap is being used, here are some possible options for this: https://getbootstrap.com/docs/4.0/components/pagination/

Also, filter out results which lead to the same location. I searched 'gpg' and the first two results (https://secure-git.guide/002_GPG-Why-we-use-GPG/ and https://secure-git.guide/002_GPG-Why-we-use-GPG/#gpg-why-we-use-gpg) led to the same page, as well as other results appearing more than once, which is unnecessary. A Set could be used to store unique results which can then be displayed to the user.

`npm run build` errors

When you build the app there are a lot of errors:

$ npm run build

> secure-git-guide-branch@0.0.1 build
> vite build


vite v4.4.9 building SSR bundle for production...
transforming (59) node_modules/@sveltejs/kit/src/runtime/hash.js1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/001_GPG-What-is-GPG.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-001.jpg"
8:   alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/002_GPG-Why-we-use-GPG.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-002.jpg"
8:   alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/003-GPG-101-How-to-get-your-first-GPG-Keys.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-003.jpg"
8:   alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-004.jpg"
8:   alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-005.jpg"
8:   alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:16:3 A11y: Screenreaders already announce <img> elements as an image.
14:   href="#understanding-gpg-defaults"
15: ><span>#</span></a>Understanding GPG Defaults</h2>
16: <p><img
       ^
17:   src="https://nautilus-cyberneering.de/wp-content/uploads/2022/01/gpg_gITHUB.jpg"
18:   alt="IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:57:3 A11y: Screenreaders already announce <img> elements as an image.
55: ><span>#</span></a>How to create further sub-keys</h3>
56: <hr>
57: <p><img
       ^
58:   src="https://nautilus-cyberneering.de/wp-content/uploads/2022/01/MOTHERkEY-1024x384.jpg"
59:   alt="IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/006_GPG-Other-Uses.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-006.jpg"
8:   alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/007_GPG-How-to-create-a-subkey-for-signing.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-008.jpg"
8:   alt="HEADER IMAGE"
1:50:57 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-009.jpg"
8:   alt="HEADER IMAGE"
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/009_GPG-Git-commits-partially-verified.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-010.jpg"
8:   alt="HEADER IMAGE"
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/010_How-to-remove-commits-by-commit-message.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-011.jpg"
8:   alt="HEADER IMAGE"
transforming (89) src/posts/010_How-to-remove-commits-by-commit-message.md1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/011_How-to-import-the-dependabot-gpg-public-key.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-012.jpg"
8:   alt="HEADER IMAGE"
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/013_Sharing-GitHub-secrets-with-third-party-actions.md:207:3 A11y: Screenreaders already announce <img> elements as an image.
205:   rel="nofollow"
206: >MegaLinter</a> is part of <a href="https://www.ox.security" rel="nofollow">ox.security</a>, its own sources are watched by Ox services to detect security issues, including supply chain attacks</p>
207: <p><img
        ^
208:   src="https://user-images.githubusercontent.com/17500430/198858440-3c8c7a3d-60c8-4035-a8af-b97c96e385a8.png"
209:   alt="image"
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:127:3 A11y: Screenreaders already announce <img> elements as an image.
125: >Git Garbage Collector</a> from removing the object. If the <code>blob</code> object is not referenced anywhere it could be deleted.</p>
126: <p>This diagram shows how to different processes can write objects:</p>
127: <p><img src="docs/media/015/store-only-the-latest-state.png" alt="image"></p>
        ^
128: <p>Pros:</p>
129: <ul>
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:161:3 A11y: Screenreaders already announce <img> elements as an image.
159: │   └── my-objects-object-1
160: └── tags</code>`}</pre>
161: <p><img src="docs/media/015/store-state-change-history.png" alt="image"></p>
        ^
162: <p>Pros:</p>
163: <ul>
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:189:3 A11y: Screenreaders already announce <img> elements as an image.
187: cat counter-1.txt</code>`}</pre>
188: <p>An independent processes could checkout the repository and increment the counter. After cloning the repository you have an old version of the data because other processes could have cloned and updated the counter.</p>
189: <p><img src="docs/media/015/race-conditions.png" alt="image"></p>
        ^
190: <p>Git is a decentralized data structure and the only way to reconciliate things is by using <code>pull</code> and <code>push</code> commands. Git will tell you when you are trying to merge data with conflicts.</p>
191: <h3 id='optimistic-concurrency-control'>Optimistic concurrency control</h3>
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:197:3 A11y: Screenreaders already announce <img> elements as an image.
195:   rel="nofollow"
196: >optimistic approach</a>. When you try to “push” your object version by updating the reference in the origin repo you will get an error if the reference (branch) was already changed.</p>
197: <p><img
        ^
198:   src="docs/media/015/using-git-push-conflicts-to-implement-optimistic-concurrency-control.png"
199:   alt="image"
1:50:58 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/curated-resources.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-007.jpg"
8:   alt="HEADER IMAGE"
✓ 1382 modules transformed.

vite v4.4.9 building for production...
transforming (16) src/routes/+page.ts1:51:00 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/001_GPG-What-is-GPG.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-001.jpg"
8:   alt="HEADER IMAGE"
1:51:00 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/003-GPG-101-How-to-get-your-first-GPG-Keys.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-003.jpg"
8:   alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/002_GPG-Why-we-use-GPG.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-002.jpg"
8:   alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-004.jpg"
8:   alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-005.jpg"
8:   alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:16:3 A11y: Screenreaders already announce <img> elements as an image.
14:   href="#understanding-gpg-defaults"
15: ><span>#</span></a>Understanding GPG Defaults</h2>
16: <p><img
       ^
17:   src="https://nautilus-cyberneering.de/wp-content/uploads/2022/01/gpg_gITHUB.jpg"
18:   alt="IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/005_GPG-Best-Practices.md:57:3 A11y: Screenreaders already announce <img> elements as an image.
55: ><span>#</span></a>How to create further sub-keys</h3>
56: <hr>
57: <p><img
       ^
58:   src="https://nautilus-cyberneering.de/wp-content/uploads/2022/01/MOTHERkEY-1024x384.jpg"
59:   alt="IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/006_GPG-Other-Uses.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-006.jpg"
8:   alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/007_GPG-How-to-create-a-subkey-for-signing.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-008.jpg"
8:   alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-009.jpg"
8:   alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/009_GPG-Git-commits-partially-verified.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-010.jpg"
8:   alt="HEADER IMAGE"
transforming (51) src/posts/009_GPG-Git-commits-partially-verified.md1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/010_How-to-remove-commits-by-commit-message.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-011.jpg"
8:   alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/011_How-to-import-the-dependabot-gpg-public-key.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-012.jpg"
8:   alt="HEADER IMAGE"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/013_Sharing-GitHub-secrets-with-third-party-actions.md:207:3 A11y: Screenreaders already announce <img> elements as an image.
205:   rel="nofollow"
206: >MegaLinter</a> is part of <a href="https://www.ox.security" rel="nofollow">ox.security</a>, its own sources are watched by Ox services to detect security issues, including supply chain attacks</p>
207: <p><img
        ^
208:   src="https://user-images.githubusercontent.com/17500430/198858440-3c8c7a3d-60c8-4035-a8af-b97c96e385a8.png"
209:   alt="image"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:127:3 A11y: Screenreaders already announce <img> elements as an image.
125: >Git Garbage Collector</a> from removing the object. If the <code>blob</code> object is not referenced anywhere it could be deleted.</p>
126: <p>This diagram shows how to different processes can write objects:</p>
127: <p><img src="docs/media/015/store-only-the-latest-state.png" alt="image"></p>
        ^
128: <p>Pros:</p>
129: <ul>
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:161:3 A11y: Screenreaders already announce <img> elements as an image.
159: │   └── my-objects-object-1
160: └── tags</code>`}</pre>
161: <p><img src="docs/media/015/store-state-change-history.png" alt="image"></p>
        ^
162: <p>Pros:</p>
163: <ul>
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:189:3 A11y: Screenreaders already announce <img> elements as an image.
187: cat counter-1.txt</code>`}</pre>
188: <p>An independent processes could checkout the repository and increment the counter. After cloning the repository you have an old version of the data because other processes could have cloned and updated the counter.</p>
189: <p><img src="docs/media/015/race-conditions.png" alt="image"></p>
        ^
190: <p>Git is a decentralized data structure and the only way to reconciliate things is by using <code>pull</code> and <code>push</code> commands. Git will tell you when you are trying to merge data with conflicts.</p>
191: <h3 id='optimistic-concurrency-control'>Optimistic concurrency control</h3>
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/014_How-to-use-Git-as-a-database.md:197:3 A11y: Screenreaders already announce <img> elements as an image.
195:   rel="nofollow"
196: >optimistic approach</a>. When you try to “push” your object version by updating the reference in the origin repo you will get an error if the reference (branch) was already changed.</p>
197: <p><img
        ^
198:   src="docs/media/015/using-git-push-conflicts-to-implement-optimistic-concurrency-control.png"
199:   alt="image"
1:51:01 PM [vite-plugin-svelte] /home/josecelano/Documents/git/committer/me/github/nautilus-cyberneering/secure-git-guide/src/posts/curated-resources.md:6:3 A11y: Screenreaders already announce <img> elements as an image.
4: </script>
5: 
6: <p><img
      ^
7:   src="docs/media/HEADER/GitHub-Repo-SecureGitGuide-ART-007.jpg"
8:   alt="HEADER IMAGE"
✓ 1373 modules transformed.
.svelte-kit/output/client/_app/version.json                                                                                   0.03 kB │ gzip:  0.05 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-greek-400-normal.4e44607d.woff2                                4.22 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-cyrillic-400-normal.9f48e746.woff2                             5.29 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-vietnamese-400-normal.42e6680f.woff                            5.34 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-greek-400-normal.f95fabcf.woff                                 5.64 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-cyrillic-400-normal.9fbeb3ad.woff                              6.94 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-latin-ext-400-normal.a6e389bf.woff2                            7.08 kB
.svelte-kit/output/client/_app/immutable/assets/manrope-vietnamese-wght-normal.41fac913.woff2                                 8.31 kB
.svelte-kit/output/client/_app/immutable/assets/manrope-greek-wght-normal.bdfac7ad.woff2                                      9.19 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-latin-ext-400-normal.3087ce38.woff                             9.83 kB
.svelte-kit/output/client/_app/immutable/assets/manrope-cyrillic-wght-normal.26287892.woff2                                  14.20 kB
.svelte-kit/output/client/.vite/manifest.json                                                                                14.62 kB │ gzip:  1.72 kB
.svelte-kit/output/client/_app/immutable/assets/manrope-latin-ext-wght-normal.c184517a.woff2                                 14.80 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-latin-400-normal.7c53386f.woff2                               21.09 kB
.svelte-kit/output/client/_app/immutable/assets/manrope-latin-wght-normal.14be4114.woff2                                     24.38 kB
.svelte-kit/output/client/_app/immutable/assets/jetbrains-mono-latin-400-normal.f1ba9869.woff                                27.90 kB
.svelte-kit/output/client/_app/immutable/assets/3.b794562a.css                                                                0.24 kB │ gzip:  0.14 kB
.svelte-kit/output/client/_app/immutable/assets/2.2ae3df69.css                                                                4.59 kB │ gzip:  1.02 kB
.svelte-kit/output/client/_app/immutable/assets/0.026689a9.css                                                               54.21 kB │ gzip: 20.39 kB
.svelte-kit/output/client/_app/immutable/chunks/config.66e1fb97.js                                                            0.12 kB │ gzip:  0.13 kB
.svelte-kit/output/client/_app/immutable/chunks/control.f5b05b5f.js                                                           0.25 kB │ gzip:  0.18 kB
.svelte-kit/output/client/_app/immutable/chunks/index.3b5b6fbf.js                                                             0.45 kB │ gzip:  0.32 kB
.svelte-kit/output/client/_app/immutable/chunks/preload-helper.a4192956.js                                                    0.89 kB │ gzip:  0.55 kB
.svelte-kit/output/client/_app/immutable/nodes/1.96bbff8e.js                                                                  1.02 kB │ gzip:  0.59 kB
.svelte-kit/output/client/_app/immutable/chunks/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.c64cf6ad.js                        1.60 kB │ gzip:  0.83 kB
.svelte-kit/output/client/_app/immutable/chunks/singletons.ce16bbae.js                                                        2.45 kB │ gzip:  1.26 kB
.svelte-kit/output/client/_app/immutable/chunks/scheduler.35d2bb6c.js                                                         2.51 kB │ gzip:  1.18 kB
.svelte-kit/output/client/_app/immutable/chunks/006_GPG-Other-Uses.6bf3ae91.js                                                2.83 kB │ gzip:  1.20 kB
.svelte-kit/output/client/_app/immutable/entry/app.ab64e351.js                                                                5.44 kB │ gzip:  1.96 kB
.svelte-kit/output/client/_app/immutable/chunks/002_GPG-Why-we-use-GPG.2b4a08b1.js                                            6.38 kB │ gzip:  2.67 kB
.svelte-kit/output/client/_app/immutable/nodes/3.1fd2ce10.js                                                                  7.10 kB │ gzip:  2.13 kB
.svelte-kit/output/client/_app/immutable/chunks/001_GPG-What-is-GPG.b73f3e07.js                                               7.84 kB │ gzip:  3.16 kB
.svelte-kit/output/client/_app/immutable/nodes/2.5ac7dd13.js                                                                  8.04 kB │ gzip:  3.06 kB
.svelte-kit/output/client/_app/immutable/chunks/011_How-to-import-the-dependabot-gpg-public-key.4cf9ca87.js                   9.48 kB │ gzip:  3.50 kB
.svelte-kit/output/client/_app/immutable/chunks/index.a1f10f96.js                                                             9.56 kB │ gzip:  4.10 kB
.svelte-kit/output/client/_app/immutable/chunks/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.1024fa8e.js  10.20 kB │ gzip:  3.75 kB
.svelte-kit/output/client/_app/immutable/nodes/0.7ee4ed9d.js                                                                 10.82 kB │ gzip:  3.99 kB
.svelte-kit/output/client/_app/immutable/chunks/curated-resources.ba5e76ff.js                                                13.86 kB │ gzip:  4.07 kB
.svelte-kit/output/client/_app/immutable/chunks/007_GPG-How-to-create-a-subkey-for-signing.93897dcb.js                       16.02 kB │ gzip:  5.02 kB
.svelte-kit/output/client/_app/immutable/chunks/010_How-to-remove-commits-by-commit-message.1fcede70.js                      17.64 kB │ gzip:  6.61 kB
.svelte-kit/output/client/_app/immutable/chunks/005_GPG-Best-Practices.3daf0b72.js                                           19.96 kB │ gzip:  6.92 kB
.svelte-kit/output/client/_app/immutable/chunks/003-GPG-101-How-to-get-your-first-GPG-Keys.7fe10896.js                       22.41 kB │ gzip:  6.60 kB
.svelte-kit/output/client/_app/immutable/entry/start.232db3e7.js                                                             24.78 kB │ gzip:  9.80 kB
.svelte-kit/output/client/_app/immutable/chunks/012_How-github-actions-can-get-access-to-secrets.6b1cf388.js                 28.81 kB │ gzip:  9.30 kB
.svelte-kit/output/client/_app/immutable/chunks/013_Sharing-GitHub-secrets-with-third-party-actions.b98e70aa.js              29.99 kB │ gzip:  9.51 kB
.svelte-kit/output/client/_app/immutable/chunks/014_How-to-use-Git-as-a-database.827351da.js                                 39.55 kB │ gzip: 12.68 kB
.svelte-kit/output/client/_app/immutable/chunks/009_GPG-Git-commits-partially-verified.796c804b.js                           40.93 kB │ gzip: 12.10 kB
✓ built in 6.34s
  404 /index.md (linked from /curated-resources)
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-greek-400-normal.4e44607d.woff2        4.22 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-cyrillic-400-normal.9f48e746.woff2     5.29 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-vietnamese-400-normal.42e6680f.woff    5.34 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-greek-400-normal.f95fabcf.woff         5.64 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-cyrillic-400-normal.9fbeb3ad.woff      6.94 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-latin-ext-400-normal.a6e389bf.woff2    7.08 kB
.svelte-kit/output/server/_app/immutable/assets/manrope-vietnamese-wght-normal.41fac913.woff2         8.31 kB
.svelte-kit/output/server/_app/immutable/assets/manrope-greek-wght-normal.bdfac7ad.woff2              9.19 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-latin-ext-400-normal.3087ce38.woff     9.83 kB
.svelte-kit/output/server/.vite/manifest.json                                                        12.24 kB
.svelte-kit/output/server/_app/immutable/assets/manrope-cyrillic-wght-normal.26287892.woff2          14.20 kB
.svelte-kit/output/server/_app/immutable/assets/manrope-latin-ext-wght-normal.c184517a.woff2         14.80 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-latin-400-normal.7c53386f.woff2       21.09 kB
.svelte-kit/output/server/_app/immutable/assets/manrope-latin-wght-normal.14be4114.woff2             24.38 kB
.svelte-kit/output/server/_app/immutable/assets/jetbrains-mono-latin-400-normal.f1ba9869.woff        27.90 kB
.svelte-kit/output/server/_app/immutable/assets/_page.b794562a.css                                    0.24 kB
.svelte-kit/output/server/_app/immutable/assets/_page.2ae3df69.css                                    4.59 kB
.svelte-kit/output/server/_app/immutable/assets/_layout.c62e22e9.css                                 54.28 kB
.svelte-kit/output/server/entries/pages/_layout.ts.js                                                 0.05 kB
.svelte-kit/output/server/chunks/config.js                                                            0.06 kB
.svelte-kit/output/server/entries/pages/_page.ts.js                                                   0.16 kB
.svelte-kit/output/server/internal.js                                                                 0.19 kB
.svelte-kit/output/server/entries/fallbacks/error.svelte.js                                           0.89 kB
.svelte-kit/output/server/chunks/004_GPG-How-to-use-GPG-with-GIT-and-GitHub.js                        1.38 kB
.svelte-kit/output/server/chunks/index.js                                                             1.40 kB
.svelte-kit/output/server/entries/pages/_slug_/_page.svelte.js                                        1.53 kB
.svelte-kit/output/server/chunks/index2.js                                                            1.99 kB
.svelte-kit/output/server/chunks/006_GPG-Other-Uses.js                                                2.06 kB
.svelte-kit/output/server/entries/pages/_slug_/_page.ts.js                                            2.95 kB
.svelte-kit/output/server/entries/endpoints/api/posts/_server.ts.js                                   3.29 kB
.svelte-kit/output/server/chunks/002_GPG-Why-we-use-GPG.js                                            4.23 kB
.svelte-kit/output/server/chunks/001_GPG-What-is-GPG.js                                               5.26 kB
.svelte-kit/output/server/chunks/internal.js                                                          5.72 kB
.svelte-kit/output/server/chunks/011_How-to-import-the-dependabot-gpg-public-key.js                   7.30 kB
.svelte-kit/output/server/chunks/ssr.js                                                               7.40 kB
.svelte-kit/output/server/entries/pages/_layout.svelte.js                                             7.46 kB
.svelte-kit/output/server/chunks/008_GPG-How-to-use-a-signing-key-independently-from-primary-key.js   7.66 kB
.svelte-kit/output/server/chunks/curated-resources.js                                                 8.88 kB
.svelte-kit/output/server/chunks/003-GPG-101-How-to-get-your-first-GPG-Keys.js                       10.34 kB
.svelte-kit/output/server/entries/pages/_page.svelte.js                                              10.91 kB
.svelte-kit/output/server/chunks/005_GPG-Best-Practices.js                                           11.54 kB
.svelte-kit/output/server/chunks/010_How-to-remove-commits-by-commit-message.js                      13.02 kB
.svelte-kit/output/server/chunks/007_GPG-How-to-create-a-subkey-for-signing.js                       13.22 kB
.svelte-kit/output/server/chunks/012_How-github-actions-can-get-access-to-secrets.js                 21.78 kB
.svelte-kit/output/server/chunks/013_Sharing-GitHub-secrets-with-third-party-actions.js              22.17 kB
.svelte-kit/output/server/chunks/014_How-to-use-Git-as-a-database.js                                 24.71 kB
.svelte-kit/output/server/chunks/009_GPG-Git-commits-partially-verified.js                           29.38 kB
.svelte-kit/output/server/index.js                                                                   87.13 kB

Run npm run preview to preview your production build locally.

> Using @sveltejs/adapter-static
  Wrote site to "build"
  ✔ done
✓ built in 9.93s

> secure-git-guide-branch@0.0.1 postbuild
> npm run optimize-images && svelte-sitemap --domain https://secure-git.guide/


> secure-git-guide-branch@0.0.1 optimize-images
> image-transmutation --run --sourceFolder './build/images' --targetFolder './build/images' --inputFormats 'jpg' --inputFormats 'jpeg' --inputFormats 'png' --outputFormats 'png' --outputFormats 'webp' --outputFormats 'avif'

> Using svelte-sitemap
  ✔ done. Check your new sitemap here: ./build/sitemap.xml

Possible emoji not displaying properly or wrong text

In the fifth article 005_GPG-Best-Practices, there is a ":exclamation" after the text in the last four headers as shown below.

The text should be either deleted or replaced by an emoji, to help letting the reader know is something important to keep in mind.

Screenshot of the issue:

Create a list of resources

Terminal User Interface for GnuPG

Change the index page of the Git Secure Guide

Take away the Bootcamp references and GPG image
Design a new image for the index page.

Add simple contributing & proposal guide for and to articles.

New content: import GitHub dependabot public key

GitHub dependabot uses this GPG public key to sign commits:

gpg: Signature made jue 03 feb 2022 13:40:17 WET
gpg:                using RSA key 4AEE18F83AFDEB23
gpg: Can't check signature: No public key
Author:     dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Thu Feb 3 13:40:17 2022 +0000
Commit:     GitHub <[email protected]>
CommitDate: Thu Feb 3 13:40:17 2022 +0000

If you do not import the public key in your local keyring you will see the message:

gpg: Signature made jue 03 feb 2022 13:40:17 WET
gpg:                using RSA key 4AEE18F83AFDEB23
gpg: Can't check signature: No public key

You can import it with:

curl https://github.com/web-flow.gpg | gpg --import
gpg -k 4AEE18F83AFDEB23

And you will see:

commit 8d3203a9c270ed8939de92c721973c7d2c29cdfc
gpg: Signature made jue 03 feb 2022 13:40:17 WET
gpg:                using RSA key 4AEE18F83AFDEB23
gpg: Good signature from "GitHub (web-flow commit signing) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5DE3 E050 9C47 EA3C F04A  42D3 4AEE 18F8 3AFD EB23

Proposal: reorganize media files

Since we are using numbers for the articles I would suggest putting the article media files inside a subfolder like this:

├── media
│   ├── 010
│   │   ├── commit-with-partially-verified-signature-on-github.png
│   │   └── commit-with-verified-signature-on-github.png

What do you think @cgbosse?

I think that way would be easier to know which article the media file belongs to and all the media articles belonging to an article. If we have some of them shared between articles we can create a "shared" folder.

I did it that way in my latest PR.

Allow to trigger megalinter workflow manually

MegaLinter workflow failed the last time it was run:

https://github.com/Nautilus-Cyberneering/secure-git-guide/actions/runs/2548987144

It seems to be a false positive. A dead link that is working now.

I'm going to add a manual trigger for the workflow so that we can re-run it to update the status badge in the README:

New article 015: How to use Git as a database

Original idea: nautilus-cyberneering/git-queue#208 (comment)

I want to convert that comment into an article for this repo.

Setup workflow for deployment to GitHub pages

Convert `Git_GitHub_How_To.md` file in root dir into an article

Should we convert the markdown file "Git & GitHub How To" int an article.

Install the new version of MegaLinter and fix errors

Continue using MegaLinter?

Hi @da2ce7 @grmbyrn , this PR is pending to merge because MegaLinter check is not passing.

Do you think we should continue using MegaLinter in this project?

New article 014: Sharing your GitHub Action secrets with third-party actions

I'm moving this article to this repo.

We are going to split the article into at least two smaller ones.

This is the second one. The first one has already been included.

INCLUDE SECURE GIT HEADER IMAGE FOR EACH ARTICLE

New article: how to remove commits by their commit message

Recently I had to remove a lot of commits from a repo having a concrete prefix.

This is the original issue.

The first solution I found was using git filter-branch. It could work but you have to write code to remove the commits in the rebase file.

@da2ce7 proposed to use reposurgeon. And It worked fine.

You have to install the program and it has its own scripting language. I wrote this script:

# Load the project into main memory
# Warning: this command is slow because Subversion is slow.
read ./YOUR-REPO

# Check for and report glitches such as timestamp collisions,
# ill-formed committer/author IDs, multiple roots, etc.
lint

# Commit deletion
/YOUR-COMMIT-PREFIX/c delete

# We want to write a Git repository
prefer git

# Do it
rebuild YOUR-REPO-NEW_FOLDER

And then you can execute it with:

reposurgeon "script remove-commits-with-prefix.rs"

I'm going to add an article explaining the different lines and basic stuff about reposurgeon.

Link to edit the page on GitHub is not working

How to reproduce:

Go to https://nautilus-cyberneering.github.io/secure-git-guide/
Click on the right top button.

You will be redirected to: https://github.com/Nautilus-Cyberneering/secure-git-guide/edit/master/docs/index.md instead of https://github.com/Nautilus-Cyberneering/secure-git-guide/edit/main/docs/index.md

I've been trying to find out whether the config is wrong or if there is a bug in the cinder theme.
I do not find the "master" branch in the HTML template so there must be something added when building the site. I've tried to search for it in the cinder code but I have not found the problem, so I decided to open an issue:

chrissimpkins/cinder#103

Articles sequence is the live site is wrong

See https://secure-git.guide/#articles

Articles markdown number prefixes do not match the number in the HTML list.
There are some missing articles.
The markdown file name does not match the article title.

static/
├── docs
│   ├── 001_GPG-What-is-GPG.md
│   ├── 002_GPG-Why-we-use-GPG.md
│   ├── 003-GPG-101-How-to-get-your-first-GPG-Keys.md
│   ├── 004_GPG-How-to-use-GPG-with-GIT-and-GitHub.md
│   ├── 005_GPG-Best-Practices.md
│   ├── 006_GPG-Other-Uses.md
│   ├── 007_Curated-List-of-Resources.md
│   ├── 008_GPG-How-to-create-a-subkey-for-signing.md
│   ├── 009_GPG-How-to-use-a-signing-key-independently-from-primary-key.md
│   ├── 010_GPG-Git-commits-partially-verified.md
│   ├── 011_How-to-remove-commits-by-commit-message.md
│   ├── 012_How-to-import-the-dependabot-gpg-public-key.md
│   ├── 013_How-github-actions-can-get-access-to-secrets.md
│   ├── 014_Sharing-GitHub-secrets-with-third-party-actions.md
│   ├── 015_How-to-use-Git-as-a-database.md

cc @da2ce7 @grmbyrn should we remove the number prefix?

I think we should include an article slug and put meta info in the markdown file like in the Torrust website (for example https://raw.githubusercontent.com/torrust/torrust-website/develop/src/routes/(blog-article)/containerizing-rust-applications-best-practices/%2Bpage.md).

Create new content: GPG - How to export only a private subkey

Use case:

We have a GPG key with a signing subkey.
We want to export ONLY the private key of the subkey.
We also want to use a different passphrase for the subkey.
The goal is to use the subkey as a secret on GitHub CI secrets.

Create Header Image for article: 011 and test reshare on linkedin

Exclude cinter mkdocs theme from python linter

The folder cinder contains a mkdocs theme. It also contains some Python files. MegaLinter is failing because of one of those files.

I'm going to disable the PYLINT for that folder.

New article: Gitsign

We can add an example repo and article or just add this as a resource.

cc @da2ce7

No ability to move from article to article

Instead of being able to move from article to article once one has been read, the user must always first return to home through the Back to home button before starting the next article. This isn't intuitive for most internet users who are used to being able to progress through previous and next articles on many websites, as easily as you would with a book or newspaper. This would be especially useful here as each article seems to lead from the previous one. This could be done by adding a link in the .md file for each article with links to the Previous and Next articles.

Also, the emojis next to the heading for Articles are misleading. A lock emoji/image on the internet is widely known to indicate that access is limited to certain users, such as articles which are behind a paywall. While the lock and key emoji combination may be to suggest that these articles will unlock some knowledge, it is a much less common combination to see online and the first impression is that these articles are only for use by some. If the emojis are to express the knowledge contained in these articles, perhaps 🤓 or 🧠 would express it better.

New content: GPG - Git commit partially verified

Sometimes you can see this label in a GitHub commit:

With this popup message:

In that case, the message means:

The commit was signed by the Git committer.
The commit has a different author.
There is no signature from the original author.

I think the message is a little bit misleading because the original commit was created by the author and it was merged into the target base branch using "rebase". And there is no way to keep the original author commit's signature.

Signatures from the author commit have to be verified before merging. I found this process confusing and I have not found a good simple explanation. I would like to add at least the collection of links I have after researching for a better explanation of what's happening behind that message.

File name: 010_GPG-Git-commits-partially-verified.md

From GitHub docs: Statuses with vigilant mode enabled

Change Readme document to suit the new repository name.

New article 016: Hot to use Git objects to store GPG pubic keys

Discussed in #24

^{Originally posted by josecelano June 13, 2022}
In the Git Pro book they mention that you can use Git Objects to distribute your public GPG keys:

Chapter: https://git-scm.com/book/en/v2/Distributed-Git-Maintaining-a-Project
Section: Tagging Your Releases

Content

If you do sign your tags, you may have the problem of distributing the public PGP key used to sign your tags. The maintainer of the Git project has solved this issue by including their public key as a blob in the repository and then adding a tag that points directly to that content. To do this, you can figure out which key you want by running gpg --list-keys:

$ gpg --list-keys
/Users/schacon/.gnupg/pubring.gpg
---------------------------------
pub   1024D/F721C45A 2009-02-09 [expires: 2010-02-09]
uid                  Scott Chacon <[email protected]>
sub   2048g/45D02282 2009-02-09 [expires: 2010-02-09]

Then, you can directly import the key into the Git database by exporting it and piping that through git hash-object, which writes a new blob with those contents into Git and gives you back the SHA-1 of the blob:

$ gpg -a --export F721C45A | git hash-object -w --stdin
659ef797d181633c87ec71ac3f9ba29fe5775b92
```s

_Now that you have the contents of your key in Git, you can create a tag that points directly to it by specifying the new SHA-1 value that the hash-object command gave you:_

```s
$ git tag -a maintainer-pgp-pub 659ef797d181633c87ec71ac3f9ba29fe5775b92

If you run git push --tags, the maintainer-pgp-pub tag will be shared with everyone. If anyone wants to verify a tag, they can directly import your PGP key by pulling the blob directly out of the database and importing it into GPG:

$ git show maintainer-pgp-pub | gpg --import

They can use that key to verify all your signed tags. Also, if you include instructions in the tag message, running git show will let you give the end user more specific instructions about tag verification.

Article 008 not displaying in website

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble