I have an issue where I committed something earlier without GPG signing it while for the rest of the commits, I installed gpg and signed them. I want to gpg sign this one particular commits. Is there an apt way to gpg sign a particular commit using the commit hash?
Asked
Active
Viewed 960 times
0
-
1I might be wrong, but I think the signature is stored inside the commit, so the only way to sign an existing commit would be to re-create it and all its descendants, e.g. with an interactive rebase. – IMSoP May 25 '21 at 14:29
-
https://stackoverflow.com/a/37742030/7976758 Found in https://stackoverflow.com/search?q=%5Bgit%5D+sign+existing+commit – phd May 25 '21 at 15:29
1 Answers
1
A commit is signed at the time the commit is created -- the signature is part of the commit.
Depending on your situation you have three options:
- Create a signed followup-commit. Note that you can create empty commits with
--allow-empty. - Amend the last commit and sign it. This is "history rewriting" (search term) and should be done if you understand the consequences for your peers.
- Create a signed tag pointing to you commit and communicate the tag.
A.H.
- 63,967
- 15
- 92
- 126