Tag Archives: development

Signing with a GPG key in a Git workflow

If you’re working on a project and you want to doubly make sure of your code integrity, it’s good idea to sign your work to make sure what you add to the code base is only from you and from no one else. This is particularly important in building a secure application, or if you’re a coder in a team setting.

If you have some authority over the development workflow, it may also be a good idea to adopt the team practice of signing commits even before you do a git init on a project. There are plenty of references on configuring your GPG keys, so that’s not covered here.

Get your GPG configured, and a personal key installed. Configure Git to use your personal key.

$ git config --global user.signingkey 0A46826A

Signing tags:

$ git tag -s v2.17 -m <span class="s1">'version 2.17 signed by MH'</span>
$ git show v2.17

With the signer’s public key in the keyring, you can verify the tag:

$ git tag -v v2.17

Signing commits

You can sign commits simply by adding -S once your environment is configured.

$ git commit -S -m <span class="s1">'push a signed commit'</span>

You can check and verify via git log:

$ git log --show-signature -1

You can configure git log to check any signatures and list them in output via %G? format.

$ git log --pretty<span class="o">=</span><span class="s2">"format:%h %G? %aN  %s"</span>

You can also reject commits that are unsigned and invalid:

$ git merge --verify-signature non-verify
$ git merge --verify-signatures signed-branch

Sign the merge commit itself:

$ git merge --verify-signatures -S signed-branch

Moving all of the databases from one server to another

Log in as an admin on MySQL Console and lock the database to allow only read operations.

mysql> flush tables with read lock;
mysql> set global read_only = on;
mysql> exit

Dump all of the databases into a file.

$ mysqldump --lock-all-tables -u root -p --all-databases > dbs.sql

Copy the dump to the new server. RSYNC is preferred over SCP, especially if the file is large.

$ rsync -tvz --progress dbs.sql mhan@newserver.com:~/files/
$ scp dbs.sql mhan@newserver.com:~/files/

The DB can be (optionally) unlocked. This may or may not be a good thing to do in your case. Do it at your own risk.

mysql> set global read_only = off;
mysql> unlock tables;
mysql> exit

On the new server, execute this command to import the new dumped SQL file.

$ mysql -u root -p < ~/files/dbs.sql