Git: Fixing Unsigned GPG Commits

za-h-ra

Zahra Khan

Posted on July 6, 2021

Git: Fixing Unsigned GPG Commits

Before I started my job, all I knew how to do with Git was

git add .
git commit -m "commit message"
git push origin <branch-name>
Enter fullscreen mode Exit fullscreen mode

On my first day, I learned that I needed to set up a GPG key so that I could sign my commit messages.

What's the purpose of signing your commits?

GnuPG allows you to encrypt and sign your data and communications. GPG, or GNU Privacy Guard is a public key cryptography implementation. This allows for the secure transmission of information between parties and can be used to verify that the origin of a message is genuine.

Signing your commits allows you to have ownership over your work and your communication.

However, sometimes, I forget to sign my commits and have to go back and fix it 😅
Whoops GIPHY

It felt daunting at first because I was afraid I'd mess up my commits and therefore, my entire branch and get into a git mess. But as I've been religiously practicing Git, I'm getting more comfortable fixing my mistakes and figuring out solutions to conflicts.

The Solution

1 - Interactive Rebase. You want to begin the rebase at the commit just before the commit that needs to be modified. In my case, it turned out that NONE of my commits were signed after finishing up an entire project/task. So I had to go back and sign them all. I started at the very top of the commits:

git rebase -i 3a08ed4
Enter fullscreen mode Exit fullscreen mode

This will open a text editor that'll show all the commits you have in your branch. They'll all say pick next to each commit ID and the message.

Example:

pick 3a08ed4 added Summer playlist to Spotify
pick 5a68cc9 updated README for Summer Plans
pick 6ff7e5a removed spring header

# Rebase c6e777e..39574f2 onto c992o90 (3 commands)
#
# Commands: 
Enter fullscreen mode Exit fullscreen mode

(Or something like that)

2 - Replace pick with edit within the editor and save your changes with ESC and then :wq

So it would look like:

edit 3a08ed4 added Summer playlist to Spotify
edit 5a68cc9 updated README for Summer Plans
edit 6ff7e5a removed spring header

# Rebase c6e777e..39574f2 onto c992o90 (3 commands)
#
# Commands: 
Enter fullscreen mode Exit fullscreen mode

REMEMBER: I messed up and didn't have ANY of my commits signed. If you missed one, you'd only edit the one you didn't sign.

3 - Once you save your changes, git will bring you back to the command line. Here, you'll do:

git commit ---amend --no-edit -S 
Enter fullscreen mode Exit fullscreen mode

--amend : fix/change the previous commit message
--no-edit : use the existing commit message, no need to edit this.
-S : GPG-sign the commit.

4 - After you've fixed the commit, you'll run:

git rebase --continue
Enter fullscreen mode Exit fullscreen mode

5 - Lastly, to check that my commit has been signed, I'll run:

git log --show-signature
Enter fullscreen mode Exit fullscreen mode

Resources:
How To Use GPG to Encrypt and Sign Messages
GnuPG Documentation
Github Documentation

💖 💪 🙅 🚩
za-h-ra
Zahra Khan

Posted on July 6, 2021

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Git: Fixing Unsigned GPG Commits
beginners Git: Fixing Unsigned GPG Commits

July 6, 2021

5 Simple-To-Use APIs for Beginners
beginners 5 Simple-To-Use APIs for Beginners

February 10, 2020