Verified GitHub Commits
If your commits were not configured to be signed, then they will as Unverified
when Vigilant Mode is turned on.
[!CAUTION]
If this occurs on a branch such as
mainwhere others collaborate, then collaborators will be forced to re-clone the repo!
-
Check out the branch with the unsigned commits.
-
Review the commits that are unsigned (or not validly signed), then copy the id of the latest commit prior to the unsigned.
git log --show-signatureLAST_GOOD_COMMIT=
[!TIP]
If there was no good commit, set
LAST_GOOD_COMMIT='--root'
-
Run the following rebase command:
git rebase --exec 'git commit --amend --no-edit -n -S' -i "$LAST_GOOD_COMMIT" -
Inspect the commits to confirm they are signed:
git log --show-signature -
Forcefully push the amended commits:
git push --force-with-lease
[!WARNING]
Skip if prompted to pull or fetch.