Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Signing an existing commit with GPG

Tags:

git

github

I'm looking for a way to replicate what git commit -S does but on a specific commit, by giving its SHA for instance.

Is it possible?

like image 822
chalasr Avatar asked Jun 09 '16 22:06

chalasr

People also ask

How do I get Git to sign all commits with gpg?

Use the git config user.signingkey option to specify the Key ID you just generated above for git to use. You can also require Git to sign all commits with the commit.gpgsign option. git config --global commit.gpgsign true git config --global user.signingkey "$ {MY_GPG_KEY}"

Why should I GPG sign my commits?

However, this can be avoided by simply GPG-signing your commits, one can prove that certain commits were originally done by you (and things that aren't signed shouldn't have made it into the production build). That's the key to it all, by signing commits you've added a stamp of approval - confirming that this is your work.

Does removing a GPG key unverify already signed commits?

Removing a key does not unverify already signed commits. Commits that were verified by using this key stay verified. Only unpushed commits stay unverified after you remove this key. To unverify already signed commits, you need to revoke the associated GPG key from your account.

How do I verify a GPG signature?

Within a project or merge request, navigate to the Commits tab. Signed commits show a badge containing either Verified or Unverified, depending on the verification status of the GPG signature. By clicking on the GPG badge, details of the signature are displayed. Revoking a key unverifies already signed commits.

2 Answers

Signing a commit will change the commit metadata, and thus change the underlying SHA1 commit ID. As you probably know, for Git, this has the same consequence of trying to change the contents of your history.

If you want to just re-sign your last commit you could run:

git commit -S --amend

If you want to re-sign a commit in the middle of your history you could do a couple of things, all of them being a bit nasty if you ask me:

  1. You could reset --soft to the commit you want to sign. Run git commit -S --amend and then commit all the staged changes. This would merge all your history after that commit into a single commit
  2. Branch out (for safety) and reset --hard to the commit you want to sign. Sign it, and if you want to perserve commit history you could now git cherry-pick NEXTCOMMIT -S to re-build the whole signed history.
like image 134
bitoiu Avatar answered Sep 26 '22 02:09

bitoiu

If you want to sign all the existing commits on the branch without do any changes to them:

git rebase --exec 'git commit --amend --no-edit -n -S' -i origin/HEAD
like image 40
Sergey Stadnik Avatar answered Sep 23 '22 02:09

Sergey Stadnik
Sign in to Comment

Related questions

How to set default editor when using Git in Cygwin?
modified content in git submodule, but git submodule says up to date
What am I doing wrong with my git rebase workflow?
Does GIT STASH persist even after a computer shutdown? [duplicate]
Renaming a remote (bare) repository with git
git - Completely remove commits from an unrelated remote that was added accidentally
'git' is not recognized as an internal or external command
git checkout master error: pathspec 'master' did not match any file(s) known to git
Forking using TFS Git
Git: HEAD vs head [duplicate]
Using Vundle behind Proxy
Cygwin git passing wrong path to my editor for commit messages
How to apply/use Perl::Tidy with an existing Perl project?
does git reset delete history?
filtering of files and paths from gitignore
git rebase -i for specific commits?
GitHub keeps throwing "Could not commit submodules" error, and I don't see why that is. Any ideas?
Does "pure git" have the concept of a pull request?
How can I list all branches that are ancestors of a commit?
How do I 'git push' from a local machine to a Google Cloud Platform instance?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!