I'm looking for a way to replicate what git commit -S
does but on a specific commit, by giving its SHA for instance.
Is it possible?
Use the git config user.signingkey option to specify the Key ID you just generated above for git to use. You can also require Git to sign all commits with the commit.gpgsign option. git config --global commit.gpgsign true git config --global user.signingkey "$ {MY_GPG_KEY}"
However, this can be avoided by simply GPG-signing your commits, one can prove that certain commits were originally done by you (and things that aren't signed shouldn't have made it into the production build). That's the key to it all, by signing commits you've added a stamp of approval - confirming that this is your work.
Removing a key does not unverify already signed commits. Commits that were verified by using this key stay verified. Only unpushed commits stay unverified after you remove this key. To unverify already signed commits, you need to revoke the associated GPG key from your account.
Within a project or merge request, navigate to the Commits tab. Signed commits show a badge containing either Verified or Unverified, depending on the verification status of the GPG signature. By clicking on the GPG badge, details of the signature are displayed. Revoking a key unverifies already signed commits.
Signing a commit will change the commit metadata, and thus change the underlying SHA1 commit ID. As you probably know, for Git, this has the same consequence of trying to change the contents of your history.
If you want to just re-sign your last commit you could run:
git commit -S --amend
If you want to re-sign a commit in the middle of your history you could do a couple of things, all of them being a bit nasty if you ask me:
reset --soft
to the commit you want to sign. Run git commit -S --amend
and then commit all the staged changes. This would merge all your history after that commit into a single commitreset --hard
to the commit you want to sign. Sign it, and if you want to perserve commit history you could now git cherry-pick NEXTCOMMIT -S
to re-build the whole signed history.If you want to sign all the existing commits on the branch without do any changes to them:
git rebase --exec 'git commit --amend --no-edit -n -S' -i origin/HEAD
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With