0

I'm looking for potential solutions or ways to investigate what I think is a breakdown between git and GitLab.

My company requires commits to be signed and I've been able to successfully set up GPG and sign in the terminal. I generated the GPG key, added it to git and made sure it's added to my GitLab profile.

I used git log -1 --show-signature to verify that my signature was "good" in the terminal, but it seems like GitLab isn't recognizing the signature for some reason. I'm not getting any error message in the terminal or anywhere else to aid in troubleshooting unfortunately.

I'm relatively new to git, so I'm hoping there are some more experienced devs who may have run into this issue in the past. Any help would be appreciated!

This is the message I get when I try to git push origin --> remote:

GitLab: Commit must be signed with a GPG key To
gitlab.xxxxx.net:revenue-operations/xxxxxxx.git ! [remote rejected]
2022-02-07-hotfix -> 2022-02-07-hotfix (pre-receive hook declined)
error: failed to push some refs to
'gitlab.xxxxx.net:revenue-operations/xxxxxxxx.git'
larsks
  • 277,717
  • 41
  • 399
  • 399
Travis Lee
  • 1
  • "but it seems like GitLab isn't recognizing the signature for some reason" What are the symptoms of that behavior? Are you getting errors from GitLab? Is something not behaving as expected? – larsks Feb 06 '22 at 20:40
  • this is the message i get when I try to git push origin --> remote: GitLab: Commit must be signed with a GPG key To gitlab.xxxxx.net:revenue-operations/xxxxxxx.git ! [remote rejected] 2022-02-07-hotfix -> 2022-02-07-hotfix (pre-receive hook declined) error: failed to push some refs to 'gitlab.xxxxx.net:revenue-operations/xxxxxxxx.git' – Travis Lee Feb 07 '22 at 16:04
  • Check the GPG public key has been added to your GitLab account. You can do that at `https://gitlab.example.com/-/profile/gpg_keys` – sytech Feb 08 '22 at 20:22
  • Yup, the GPG public key has been added and verified on my GitLab account – Travis Lee Feb 09 '22 at 21:46
  • I'm sorry, I'm not sure what this means but it seems to me that some commits are not signed, and because of that it rejects the whole thing. Maybe. – Elias Nicolas Mar 16 '22 at 17:16

1 Answers1

0

Your key must be added to your GitLab account. You can do that at https://gitlab.example.com/-/profile/gpg_keys in modern versions of GitLab.

The email on the GPG key should match the committer email and be a verified email on your GitLab account.

sytech
  • 29,298
  • 3
  • 45
  • 86
  • The email on my GPG key matches my committer email, but what steps go into establishing a "verified" email on my GitLab account? – Travis Lee Feb 09 '22 at 21:47
  • @TravisLee you must add the email to your list of emails in your account, then verify it by using the link sent to the email address. – sytech Feb 09 '22 at 21:58
  • Thanks for the guidance! Confirmed that the email I'm using is the primary email on my gitlab account (and the only one) – Travis Lee Feb 11 '22 at 18:45