Is there a way to gpg sign all previous commits?

Question

As the title says, I'm looking for a way to gpg sign all my previous commits in a repository (preferably without typing in my passcode for every commit).

Thanks!

Answer 1

You can, but it will have to rewrite your entire history to do so.

Signing a commit changes the commit which changes its commit ID. Since the commit ID depends on the previous commit ID, all commits after that have to be changed. And you're signing them all anyway.

If it's a personal repository that nobody else is working on, then it's not a problem. If it's a repository with other collaborators, treat it like doing a major rebase.

You'd do it with git filter-branch to redo every commit with the -S option.

git filter-branch --commit-filter 'git commit-tree -S "$@";' -- --all 

As for not having to type in your passcode for every commit, you need to configure gpg to use a gpg-agent. If you're familiar with ssh-agent it's a similar idea, it's a little process that you give the password to once and keeps it stored in memory for you. How you do that depends on your operating system and setup. On OS X I let GPG Tools take care of it.

Answer 2

My approach is

git rebase --exec 'git commit --amend --no-edit -n -S' -i 8fd7b22 

All commits started from the next after 8fd7b22 will be rebased with no changes except signing. To change all commits started from the very first one you may use --root (since Git v1.7.12):

 git rebase --exec 'git commit --amend --no-edit -n -S' -i --root 

To spread changes to the remote I use

git push --force 

Note, this will update "gpg made" date-time and, for example, GitHub will treat it as commit date. Git itself persists both original and new dates, git log --show-signature gives clear picture of when the original commit was made and when it was signed for the last time.