Gitsign Installation

Installing Gitsign

You can install Gitsign on your system with the Go installer, via Homebrew, or with one of the available downloadable packages. Releases are published in the Gitsign repository under the Releases page.

Installing Gitsign with Go 1.17+

If you have Go 1.17+, you can install Gitsign with:

go install github.com/sigstore/gitsign@latest

The resulting binary will be placed at $GOPATH/bin/gitsign.

Installing Gitsign with Homebrew

If you are using Homebrew as a package manager for macOS or Linux, you can use it to install Gitsign. Use brew tap to add Sigstore's repository to your system, then run brew install to get it installed:

brew tap sigstore/tap
brew install gitsign

Installing Gitsign with the .deb Package (Debian / Ubuntu Linux)

Check the releases page for the latest release, and download the appropriate .deb file.

wget https://github.com/sigstore/gitsign/releases/download/v0.3.0/gitsign_0.3.0_linux_amd64.deb
sudo dpkg -i gitsign_0.3.0_linux_amd64.deb

Installing Gitsign with the .rpm Package (Fedora Linux)

Check the releases page for the latest release, and download the appropriate .rpm file.

wget https://github.com/sigstore/gitsign/releases/download/v0.3.0/gitsign_0.3.0_linux_amd64.rpm
rpm -ivh gitsign_0.3.0_linux_amd64.rpm

Checking your Installation

Once you finish installing Gitsign, you can test that it is functional and ensure that it can be found on your $PATH by running a gitsign command.

$ gitsign --version
gitsign version v0.3.0

Troubleshooting

If you get an error such as command not found, it may be the case that your $PATH does not include the relevant bin directories where Gitsign should be installed.

If you installed Gitsign with Go, make sure you have your Go bin directory added to your $PATH.

Configuring Git to use Gitsign

After installing Gitsign on your system and making sure it is functional, you’ll need to tell Git that you want to use Gitsign to sign your commits from now on, whether locally on a project-based configuration or globally, which will be valid for commits made from your current system to any project.

Single Repository (Local Config):

cd /path/to/my/repository
git config --local commit.gpgsign true  # Sign all commits
git config --local tag.gpgsign true  # Sign all tags
git config --local gpg.x509.program gitsign  # Use Gitsign for signing
git config --local gpg.format x509  # Gitsign expects x509 args

All Repositories (Global Config):

git config --global commit.gpgsign true  # Sign all commits
git config --global tag.gpgsign true  # Sign all tags
git config --global gpg.x509.program gitsign  # Use Gitsign for signing
git config --global gpg.format x509  # Gitsign expects x509 args
Edit this page on GitHub Updated at Tue, Mar 21, 2023
Gitsign Overview Detailed Gitsign Usage