Git: Fixing Unsigned GPG Commits
Zahra Khan
Posted on July 6, 2021
Before I started my job, all I knew how to do with Git was
git add .
git commit -m "commit message"
git push origin <branch-name>
On my first day, I learned that I needed to set up a GPG key so that I could sign my commit messages.
What's the purpose of signing your commits?
GnuPG allows you to encrypt and sign your data and communications. GPG, or GNU Privacy Guard is a public key cryptography implementation. This allows for the secure transmission of information between parties and can be used to verify that the origin of a message is genuine.
Signing your commits allows you to have ownership over your work and your communication.
However, sometimes, I forget to sign my commits and have to go back and fix it 😅
It felt daunting at first because I was afraid I'd mess up my commits and therefore, my entire branch and get into a git mess. But as I've been religiously practicing Git, I'm getting more comfortable fixing my mistakes and figuring out solutions to conflicts.
The Solution
1 - Interactive Rebase. You want to begin the rebase at the commit just before the commit that needs to be modified. In my case, it turned out that NONE of my commits were signed after finishing up an entire project/task. So I had to go back and sign them all. I started at the very top of the commits:
git rebase -i 3a08ed4
This will open a text editor that'll show all the commits you have in your branch. They'll all say pick
next to each commit ID and the message.
Example:
pick 3a08ed4 added Summer playlist to Spotify
pick 5a68cc9 updated README for Summer Plans
pick 6ff7e5a removed spring header
# Rebase c6e777e..39574f2 onto c992o90 (3 commands)
#
# Commands:
(Or something like that)
2 - Replace pick
with edit
within the editor and save your changes with ESC
and then :wq
So it would look like:
edit 3a08ed4 added Summer playlist to Spotify
edit 5a68cc9 updated README for Summer Plans
edit 6ff7e5a removed spring header
# Rebase c6e777e..39574f2 onto c992o90 (3 commands)
#
# Commands:
REMEMBER: I messed up and didn't have ANY of my commits signed. If you missed one, you'd only edit
the one you didn't sign.
3 - Once you save your changes, git will bring you back to the command line. Here, you'll do:
git commit ---amend --no-edit -S
--amend
: fix/change the previous commit message
--no-edit
: use the existing commit message, no need to edit this.
-S
: GPG-sign the commit.
4 - After you've fixed the commit, you'll run:
git rebase --continue
5 - Lastly, to check that my commit has been signed, I'll run:
git log --show-signature
Resources:
How To Use GPG to Encrypt and Sign Messages
GnuPG Documentation
Github Documentation
Posted on July 6, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.