gitgnupg

Is there a way to gpg sign all previous commits?


As the title says, I'm looking for a way to gpg sign all my previous commits in a repository (preferably without typing in my passcode for every commit).


Solution

  • You can, but it will have to rewrite your entire history to do so.

    Signing a commit changes the commit which changes its commit ID. Since the commit ID depends on the previous commit ID, all commits after that have to be changed. And you're signing them all anyway.

    If it's a personal repository that nobody else is working on, then it's not a problem. If it's a repository with other collaborators, treat it like doing a major rebase.

    You'd do it with git filter-branch to redo every commit with the -S option.

    git filter-branch --commit-filter 'git commit-tree -S "$@";' -- --all
    

    As for not having to type in your passcode for every commit, you need to configure gpg to use a gpg-agent. If you're familiar with ssh-agent it's a similar idea, it's a little process that you give the password to once and keeps it stored in memory for you. How you do that depends on your operating system and setup. On OS X I let GPG Tools take care of it.