From d71d66bb5a97b82e7f1af0b582324ea7eb74a321 Mon Sep 17 00:00:00 2001
From: Guido Marx <59611522+guido-marx@users.noreply.github.com>
Date: Tue, 29 Oct 2024 18:58:40 +0100
Subject: [PATCH 1/4] Add Doc for GPG signing and DCO signature

Signed-off-by: Guido Marx <59611522+guido-marx@users.noreply.github.com>
---
 howto-sign-commits.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 howto-sign-commits.md

diff --git a/howto-sign-commits.md b/howto-sign-commits.md
new file mode 100644
index 0000000..e3a8a71
--- /dev/null
+++ b/howto-sign-commits.md
@@ -0,0 +1,11 @@
+# How to sign a commit to Hiero
+
+## Generate a new GPG key pair
+
+## Associate your GPG key with your GitHub Account
+
+## Work with your local git
+
+## Automate the required tasks
+
+## Use everything in IntelliJ IDEA

From 95fc31cbb05031fc1e218487e83877d32b135989 Mon Sep 17 00:00:00 2001
From: Guido Marx <59611522+guido-marx@users.noreply.github.com>
Date: Tue, 29 Oct 2024 22:06:31 +0100
Subject: [PATCH 2/4] Update howto-sign-commits.md

Signed-off-by: Guido Marx <59611522+guido-marx@users.noreply.github.com>
---
 howto-sign-commits.md | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/howto-sign-commits.md b/howto-sign-commits.md
index e3a8a71..a4b10f9 100644
--- a/howto-sign-commits.md
+++ b/howto-sign-commits.md
@@ -1,11 +1,41 @@
 # How to sign a commit to Hiero
 
+## Prepare email address
+
+For this task you need an email address verified by GitHub.
+It's configured in your GitHub Account, connected to your GPG key and used in your git client.
+If you marked the Checkbox "Keep my email addresses private"
+in "Settings" -> "Emails" in your GitHub Account,
+use the `noreply` email given by GitHub. 
+
+* [GitHub Docs: Setting your commit email address](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/setting-your-commit-email-address)
+* [GitHub Docs: Verifying your email address](https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address)
+
 ## Generate a new GPG key pair
 
-## Associate your GPG key with your GitHub Account
+To generate the required GPG key pair, you need the gpg command line tool
+and the email address from the former step.
+
+[GitHub Docs: Generating a new GPG key](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key)
+
+## Associate your GPG key with your GitHub account
+
+Add your GPG public key into your GitHub account.
+
+[Adding a GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account)
 
 ## Work with your local git
 
+
+
+
+
 ## Automate the required tasks
 
+
+
+
 ## Use everything in IntelliJ IDEA
+
+
+

From ea165c24d71d53d136ec99b900e1235fa5c68858 Mon Sep 17 00:00:00 2001
From: Guido Marx <59611522+guido-marx@users.noreply.github.com>
Date: Wed, 30 Oct 2024 00:35:39 +0100
Subject: [PATCH 3/4] Update howto-sign-commits.md

Signed-off-by: Guido Marx <59611522+guido-marx@users.noreply.github.com>
---
 howto-sign-commits.md | 85 +++++++++++++++++++++++++++++++++++++------
 1 file changed, 74 insertions(+), 11 deletions(-)

diff --git a/howto-sign-commits.md b/howto-sign-commits.md
index a4b10f9..f448ea6 100644
--- a/howto-sign-commits.md
+++ b/howto-sign-commits.md
@@ -3,7 +3,8 @@
 ## Prepare email address
 
 For this task you need an email address verified by GitHub.
-It's configured in your GitHub Account, connected to your GPG key and used in your git client.
+It's configured in your GitHub Account, connected
+to your GPG key and used in your git client.
 If you marked the Checkbox "Keep my email addresses private"
 in "Settings" -> "Emails" in your GitHub Account,
 use the `noreply` email given by GitHub. 
@@ -16,26 +17,88 @@ use the `noreply` email given by GitHub.
 To generate the required GPG key pair, you need the gpg command line tool
 and the email address from the former step.
 
-[GitHub Docs: Generating a new GPG key](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key)
+* [GitHub Docs: Generating a new GPG key](https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key)
 
 ## Associate your GPG key with your GitHub account
 
 Add your GPG public key into your GitHub account.
+With this step GitHub is ready to verify your PGP signed commits.
 
-[Adding a GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account)
+* [Adding a GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account)
 
 ## Work with your local git
 
-
-
-
-
-## Automate the required tasks
-
-
-
+Clone the repository you want to work on. Use git or the IDE of your choice.
+Configure name and email needed (from the beginning) for this git repository.
+Using the --global option configures them for all repositories.
+
+```
+git config set [--global] user.name "<your name>"
+git config set [--global] user.email <your prepared email address from the beginning>
+```
+
+Now you can commit your changes on the command line.
+You will be asked for the password of the private key.
+
+```
+# show the key id you need
+gpg -k
+# commit request
+git commit -s -S<your key id> -m "<your comment>" .
+# -s option: add a sign-off-by trailer by the committer
+# -S<your key id> (no space after -S): GPG-sign commit
+```
+
+## Automate the required tasks in git
+
+After applying the following two configuration steps,
+the additional commit parameters aren't needed any more.
+```
+# commit request without additional parameters:
+git commit -m "<your comment>" .
+```
+
+### GPG signing
+
+```
+# sign commits in this local repository by default
+git config set commit.gpgsign true
+# use this GPG key by default
+git config set user.signingkey <your key id>
+```
+
+### DCO signature
+
+> [!CAUTION]
+> The following parameter is restricted to patch generation and not effective here.
+> 
+> git config set format.signOff true
+
+No configuration parameter exists in git for this task.
+The solution is using a hook, a script that is
+automatically executed during each commit.
+The script fortunately is already part of git.
+It's located in the repository in the directory `.git/hooks/`.
+Copy the file `prepare-commit-msg.sample` to `prepare-commit-msg`.
+Uncomment the following lines at the end.
+
+```
+ SOB=$(git var GIT_COMMITTER_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
+ git interpret-trailers --in-place --trailer "$SOB" "$COMMIT_MSG_FILE"
+ if test -z "$COMMIT_SOURCE"
+ then
+   /usr/bin/perl -i.bak -pe 'print "\n" if !$first_line++' "$COMMIT_MSG_FILE"
+ fi
+```
 
 ## Use everything in IntelliJ IDEA
 
+IntelliJ uses git you have already configured in the former step.
+You don't need to do anything.
 
+The GPG signing can be configured here:
+```
+"Settings" -> "Version Control" -> "git" -> "Configure GPG Key"
+```
 
+The DCO signature can not be configured in IntelliJ, you need to do this in git.

From 2aa239d930c498895ee1e4d40ff3b51905d7a33f Mon Sep 17 00:00:00 2001
From: Guido Marx <59611522+guido-marx@users.noreply.github.com>
Date: Wed, 30 Oct 2024 14:03:08 +0100
Subject: [PATCH 4/4] Update howto-sign-commits.md

Signed-off-by: Guido Marx <59611522+guido-marx@users.noreply.github.com>
---
 howto-sign-commits.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/howto-sign-commits.md b/howto-sign-commits.md
index f448ea6..0f22276 100644
--- a/howto-sign-commits.md
+++ b/howto-sign-commits.md
@@ -24,7 +24,7 @@ and the email address from the former step.
 Add your GPG public key into your GitHub account.
 With this step GitHub is ready to verify your PGP signed commits.
 
-* [Adding a GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account)
+* [GitHub Docs: Adding a GPG key to your GitHub account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-gpg-key-to-your-github-account)
 
 ## Work with your local git
 
@@ -67,6 +67,8 @@ git config set commit.gpgsign true
 git config set user.signingkey <your key id>
 ```
 
+* [GitHub Docs: Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key)
+
 ### DCO signature
 
 > [!CAUTION]