Is there a way to gpg sign all previous commits?
My approach is
git rebase --exec 'git commit --amend --no-edit -n -S' -i 8fd7b22
All commits started from the next after 8fd7b22
will be rebased with no changes except signing. To change all commits started from the very first one you may use --root
(since Git v1.7.12):
git rebase --exec 'git commit --amend --no-edit -n -S' -i --root
To spread changes to the remote I use
git push --force
Note, this will update "gpg made" date-time and, for example, GitHub will treat it as commit date. Git itself persists both original and new dates, git log --show-signature
gives clear picture of when the original commit was made and when it was signed for the last time.
You can, but it will have to rewrite your entire history to do so.
Signing a commit changes the commit which changes its commit ID. Since the commit ID depends on the previous commit ID, all commits after that have to be changed. And you're signing them all anyway.
If it's a personal repository that nobody else is working on, then it's not a problem. If it's a repository with other collaborators, treat it like doing a major rebase.
You'd do it with git filter-branch
to redo every commit with the -S
option.
git filter-branch --commit-filter 'git commit-tree -S "$@";' -- --all
As for not having to type in your passcode for every commit, you need to configure gpg
to use a gpg-agent. If you're familiar with ssh-agent
it's a similar idea, it's a little process that you give the password to once and keeps it stored in memory for you. How you do that depends on your operating system and setup. On OS X I let GPG Tools take care of it.
If you want to filter only specific commits and sign only them you can use filter-branch
:
git filter-branch --commit-filter 'if [ "$GIT_COMMITTER_EMAIL" = "[email protected]" ];
then git commit-tree -S "$@";
else git commit-tree "$@";
fi' HEAD
This is useful if, for some reason, you want to sign only your own commits.