Note: if you don't want to add -Sall the time to make sure your commits are signed, there is a proposal (branch 'pu' for now, December 2013, so no guarantee it will make it to a git release) to add a config which will take care of that option for you.
Update May 2014: it is in Git 2.0 (after being resend in this patch series)

注意：如果你不想一直添加-S以确保你的提交被签名，有一个建议（pu现在分支 ' '，2013 年 12 月，所以不能保证它会成为一个 git 版本）来添加一个config 将为您处理该选项。
2014 年 5 月更新：它在 Git 2.0 中（在本补丁系列中重新发送后）

See commit 2af2ef3by Nicolas Vigier (boklm):

见提交2af2ef3由尼古拉斯·Vigier（boklm） ：

Add the commit.gpgsignoption to sign all commits

添加对commit.gpgsign所有提交进行签名的选项

If you want to GPG sign all your commits, you have to add the -Soption all the time.
The commit.gpgsignconfig option allows to sign all commits automatically.

如果您希望 GPG 签署您的所有提交，则必须-S始终添加该选项。
该commit.gpgsign配置选项允许自动登录所有的提交。

commit.gpgsign

A boolean to specify whether all commits should be GPG signed.
Use of this option when doing operations such as rebase can result in a large number of commits being signed. It may be convenient to use an agent to avoid typing your GPG passphrase several times.

一个布尔值，用于指定是否所有提交都应该是 GPG 签名的。
在执行诸如 rebase 之类的操作时使用此选项可能会导致大量提交被签名。使用代理来避免多次输入 GPG 密码可能会很方便。

That config is usually set per repo (you don't need to sign your private experimental local repos):

该配置通常是为每个 repo 设置的（您不需要签署您的私人实验性本地 repos）：

cd /path/to/repo/needing/gpg/signature
git config commit.gpgsign true

You would combine that with user.signingKeyused as a global setting (unique key used for all repo where you want to sign commit)

您可以将其与user.signingKey用作全局设置（用于您要签署提交的所有存储库的唯一密钥）结合使用

git config --global user.signingkey F2C7AB29

user.signingKeywas introduced in git 1.5.0 (Jan. 2007) with commit d67778e:

user.signingKey在 git 1.5.0（2007 年 1 月）中引入，提交 d67778e：

There shouldn't be a requirement that I use the same form of my name in my git repository and my gpg key.
Further I might have multiple keys in my keyring, and might want to use one that doesn't match up with the address I use in commit messages.

This patch adds a configuration entry "user.signingKey" which, if present, will be passed to the "-u" switch for gpg, allowing the tag signing key to be overridden.

不应该要求我在我的 git 存储库和我的 gpg 密钥中使用相同形式的我的名字。
此外，我的密钥环中可能有多个密钥，并且可能想要使用与我在提交消息中使用的地址不匹配的密钥。

此补丁添加了一个配置条目“ user.signingKey”，如果存在，它将传递给 gpg 的“-u”开关，从而允许覆盖标记签名密钥。

This is enforced with commit aba9119(git 1.5.3.2) in order to catch the case where If the user has misconfigured user.signingKeyin their .git/configor just doesn't have any secret keys on their keyring.

这是通过commit aba9119(git 1.5.3.2)强制执行的，以捕获用户是否user.signingKey在他们的.git/config密钥环上配置错误或没有任何密钥的情况。

Notes:

笔记：

• By convention, since git 2.4.0 March 2015, it is signingKey, not signingkey, even though the git configkeys are case insensitive. That would matter only if you do git config --get-regexp, which iscase sensitive, otherwise, it is only a readability convention;
• If you want the git server to check the signature for each push, you will need git 2.2+ (Oct. 2014) at least (commit b945901), as git push --signedfailed to consider the user.signingKeyconfig value;
• git 2.9 (June 2016) will use user.signingKeyto force signing annotated tagsas well as commits: commit 61c2fe0.

• 按照惯例，从 git 2.4.0 March 2015 开始，它是signingKey，不是signingkey，即使git config键不区分大小写。这将关系只有当你这样做git config --get-regexp，这是区分大小写的，否则，它只是一个可读性约定;
• 如果您希望git 服务器检查每个 push 的签名，则至少需要 git 2.2+（2014 年 10 月）（提交 b945901），因为git push --signed没有考虑user.signingKey配置值；
• git 2.9（2016 年 6 月）将用于user.signingKey强制签署带注释的标签以及提交：commit 61c2fe0。

git config --global user.signingKey 9E08524833CB3038FDE385C54C0AFCCFED5CDE14
git config --global commit.gpgSign true

Replace 9E08524833CB3038FDE385C54C0AFCCFED5CDE14 by your key ID. Remember: It's never a good idea to use the short ID.

将 9E08524833CB3038FDE385C54C0AFCCFED5CDE14 替换为您的密钥 ID。请记住：使用短 ID 从来都不是一个好主意。

UPDATE:Per a new git edict, all config keys should be in camelCase.

更新：根据新的 git edict，所有配置键都应该是驼峰式的。

Edit: As of Git version 1.7.9, it ispossibleto sign Git commits (git commit -S). Updating the answer slightly to reflect this.

编辑：作为Git版本1.7.9，它是可能签署的Git提交（git commit -S）。稍微更新答案以反映这一点。

The question title is:

问题标题是：

Is there a way to “autosign” commits in Git with a GPG key?

有没有办法使用 GPG 密钥在 Git 中“自动签名”提交？

Short answer: yes, but don't do it.

简短的回答：是的，但不要这样做。

Addressing the typo in the question: git commit -sdoes not sign the commit. Rather, from the man git-commitpage:

解决问题中的错字：git commit -s不签署提交。相反，从man git-commit页面：

-s, --signoff
Add Signed-off-by line by the committer at the end of the commit log message.

-s, --signoff
在提交日志消息的末尾添加提交者签名的行。

This gives a log output similar to the following:

这会提供类似于以下内容的日志输出：

± $ git log                                                                                 [0:43:31]
commit 155deeaef1896c63519320c7cbaf4691355143f5
Author: User Name 
Date:   Mon Apr 16 00:43:27 2012 +0200

    Added .gitignore

    Signed-off-by: User Name 

Note the "Signed-off-by: ..." bit; that was generated by the -sflag on the git-commit.

注意“签字人：...”位；这是由 上的-s标志生成的git-commit。

Quoting the release announcement email:

引用发布公告电子邮件：

• "git commit" learned "-S" to GPG-sign the commit; this can be shown with the "--show-signature" option to "git log".

• “git commit”学习了“-S”来对提交进行GPG签名；这可以通过“git log”的“--show-signature”选项来显示。

So yes, you can sign commits. However, I personally urge caution with this option; automaticallysigning commits is next to pointless, see below:

所以是的，你可以签署提交。但是，我个人敦促谨慎选择此选项；自动签署提交几乎毫无意义，见下文：

Just a side question, maybe commits shouldn't be signed, only tags, which I never create, as I submit single commits.

只是一个附带问题，也许不应该对提交进行签名，只有在提交单个提交时我从未创建过的标签。

That's correct. Commits are not signed; tags are. The reason for this can be found in this message by Linus Torvalds, the last paragraph of which says:

没错。提交未签名；标签是。原因可以在Linus Torvalds 的这条消息中找到，其中最后一段说：

Signing each commit is totally stupid. It just means that you automate it, and you make the signature worth less. It also doesn't add any real value, since the way the git DAG-chain of SHA1's work, you only ever need onesignature to make all the commits reachable from that one be effectively covered by that one. So signing each commit is simply missing the point.

签署每个提交是完全愚蠢的。这只是意味着您将其自动化，并使签名的价值降低。它也没有增加任何实际价值，因为根据 SHA1 的 git DAG 链的工作方式，您只需要一个签名即可使该签名可访问的所有提交都被该签名有效覆盖。因此，签署每个提交只是忽略了这一点。

I'd encourage a browse of the linked message, which clarifies whysigning commits automatically is not a good idea in a far better way than I could.

我鼓励浏览链接的消息，它阐明了为什么自动签署提交并不是一个比我能做的更好的主意。

However, if you want to automatically sign a tag, you would be able to do that by wrapping the git-tag -[s|u]in an alias; if you're going to do that, you probably want to setup your key id in ~/.gitconfigor the project-specific .git/configfile. More information about that process can be seen in the git community book. Signing tags is infinitely more useful than signing each commit you make.

但是，如果您想自动签署标签，您可以通过将 包装git-tag -[s|u]在别名中来做到这一点；如果您打算这样做，您可能希望~/.gitconfig在项目特定.git/config文件中设置您的密钥 ID 。有关该过程的更多信息，请参见git 社区手册。签署标签比签署您所做的每个提交要有用得多。

To make auto signing work pre git version 2.0, you'll have to add git alias for commit.

要使自动签名在 git 2.0 版之前工作，您必须为提交添加 git 别名。

# git config --global alias.commit commit -S
[alias]
    commit = commit -S

You need to make clear that if you sign a commit or tag, that you do not mean that you approve the whole history. In case of commits you only sign the change at hand, and in case of tag, well.. you need to define what you mean with it. You might have pulled a change which claims it is from you but was not (because somebody else pushed it to your remote). Or it is a change you dont want to be in, but you just signed the tag.

您需要明确表示，如果您签署提交或标记，并不意味着您批准了整个历史记录。在提交的情况下，您只需签署手头的更改，而在标记的情况下，好吧..您需要定义它的含义。您可能已经提取了一项声称是您提供的更改，但实际上并非如此（因为其他人将其推送到了您的遥控器）。或者这是您不想参与的更改，但您只是签署了标签。

In typical OSS projects this might be less common, but in a enterprise scenario where you only touch code every now and then and you don't read the whole history it might get unnoticed.

在典型的 OSS 项目中，这可能不太常见，但在企业场景中，您只时不时地接触代码并且不阅读整个历史记录，它可能会被忽视。

Signing commits is a problem if they will get rebased or cherry-picked to other parents. But it would be good if a modified commit could point to the "original" commit which actually verifies.

如果他们将被重新定位或被其他父母挑选，那么签署提交是一个问题。但是，如果修改后的提交可以指向实际验证的“原始”提交，那就太好了。