docs(git): add SSH commit signing recipe

recipes/git/01_configure-user.md

@@ -0,0 +1,59 @@
+# Configure Git User
+
+This recipe configures the Git author identity used when creating commits.
+
+## Verify Current Configuration
+
+```bash
+git config --global --get user.name
+git config --global --get user.email
+```
+
+## Configure Global Identity
+
+Replace the values below with your own information.
+
+```bash
+git config --global user.name "Jota Odiceu"
+git config --global user.email "jotaodiceu@odinetwork.com.br"
+```
+
+## Verify Configuration
+
+```bash
+git config --global --list | grep user
+```
+
+Expected output:
+
+```text
+user.name=Jota Odiceu
+user.email=jotaodiceu@odinetwork.com.br
+```
+
+## Repository Specific Configuration
+
+Override the global identity for a single repository.
+
+```bash
+git config user.name "Another Name"
+git config user.email "another@email.com"
+```
+
+## Troubleshooting
+
+### Git still uses another email
+
+Check where the value comes from.
+
+```bash
+git config --show-origin --get user.email
+```
+
+If the repository has a local configuration, it overrides the global one.
+
+### Verify all configuration
+
+```bash
+git config --list --show-origin
+```

recipes/git/02_configure-signing.md

@@ -0,0 +1,151 @@
+# Configure SSH Commit Signing
+
+This recipe configures Git to sign every commit using an SSH key.
+
+## Requirements
+
+* Git 2.34+
+* OpenSSH
+* Existing ED25519 SSH key
+
+
+## Configure Git
+
+```bash
+git config --global gpg.format ssh
+git config --global commit.gpgsign true
+git config --global user.signingkey ~/.ssh/id_ed25519.pub
+```
+
+Replace `id_ed25519.pub` with your public signing key if necessary.
+
+## Configure Allowed Signers
+
+Create the directory.
+
+```bash
+mkdir -p ~/.config/git
+```
+
+Create the file.
+
+```text
+~/.config/git/allowed_signers
+```
+
+Example:
+
+```text
+jotaodiceu@odinetwork.com.br ssh-ed25519 ABCDEfghijk012345...
+```
+
+Configure Git.
+
+```bash
+git config --global gpg.ssh.allowedSignersFile ~/.config/git/allowed_signers
+```
+
+## Verify Configuration
+
+```bash
+git config --global --list | grep signing
+git config --global --list | grep gpg
+```
+
+## Test
+
+Create an empty commit.
+
+```bash
+git commit --allow-empty -m "Test signed commit"
+```
+
+Verify the signature.
+
+```bash
+git log --show-signature -1
+```
+
+Expected output:
+
+```text
+Good "git" signature for ...
+```
+
+# Known Issues
+
+## error: No private key found
+
+Example:
+
+```text
+No private key found for ...
+```
+
+Possible causes:
+
+* wrong `user.signingkey`
+* missing private key
+* unsupported private key format
+
+Verify:
+
+```bash
+ssh-keygen -y -f ~/.ssh/id_ed25519
+```
+
+## error in libcrypto: unsupported
+
+Example:
+
+```text
+Load key "...": error in libcrypto: unsupported
+```
+
+Cause:
+
+The private key was saved with CRLF line endings.
+
+Verify:
+
+```bash
+cat -A ~/.ssh/id_ed25519 | head
+```
+
+If lines end with `^M`, convert the file.
+
+```bash
+dos2unix ~/.ssh/id_ed25519
+```
+
+## Repository rejects unsigned commits
+
+Check whether commit signing is enabled.
+
+```bash
+git config --global commit.gpgsign
+```
+
+Expected:
+
+```text
+true
+```
+
+## Gitea does not show "Verified"
+
+Verify that:
+
+* the public key was added as a Signing Key;
+* the commit email matches the Gitea account;
+* the commit was created after signing was configured.
+
+## Verify Everything
+
+```bash
+git config --list --show-origin
+
+git log --show-signature -1
+
+ssh-keygen -y -f ~/.ssh/id_ed25519
+```