This is an old revision of the document!
Overview
How to write an arbitrary blob to a repository to add “supplemental” information, such as contact information or your public GPG key, but without making that blob part of the standard history.
The recipe
Feed arbitrary text into git hash-object, and write the corresponding blob to the object store:
echo "Robert P. J. Day" | git hash-object -w --stdin 8a1385ff5d6ab8c195f99931042b7afaf418e6b0 $
$ git show 8a1385ff5d6ab8c195f99931042b7afaf418e6b0 Robert P. J. Day $
In order for that blob not to be garbage-collected, tag it:
$ git tag fullname 8a1385ff5d6ab8c195f99931042b7afaf418e6b0
Show it:
$ git show fullname Robert P. J. Day $
In fact, this technique is used by Git maintainer Junio Hamano to disseminate his public GPG key with the Git source code:
$ git show junio-gpg-pub
tag junio-gpg-pub
Tagger: Junio C Hamano <gitster@pobox.com>
Date: Thu Nov 20 15:12:15 2014 -0800
GPG key to sign git.git archive
This blob contains the GPG public key I use to sign git.git archive.
To use it to verify tags I signed, do:
$ git-cat-file blob junio-gpg-pub | gpg --import
to import it into your keyring, and then
$ git-tag -v $tag_to_be_verified
The fingerprint information for the key is as follows:
$ gpg --fingerprint -k 96AFE6CB\!
pub 4096R/713660A7 2011-10-01
Key fingerprint = 96E0 7AF2 5771 9559 80DA D100 20D0 4E5A
7136 60A7
uid Junio C Hamano <gitster@pobox.com>
uid Junio C Hamano <junio@pobox.com>
uid Junio C Hamano <jch@google.com>
sub 4096R/833262C4 2011-10-01
sub 4096R/96AFE6CB 2011-10-03 [expires: 2015-09-21]
sub 4096R/B3F7CAC9 2014-09-20 [expires: 2017-09-19]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJUbnV7AAoJELC16IaWr+bLvjYP+wSOG8rp1y77ExHDJQj7HBLm
9PVQIb70tkiBxAGUpVNNbaoJQBuMAgFdT4Baj8CIo2jdzDeeqbjtcdy/XsHZ3IMl
... etc etc ...