Git sign off previous commits?

I was wondering how to sign(-s) off previous commits that I have made in the past in git?

CLARIFICATION: Git has confusingly similarly named concepts git commit -s, --signoff (lower case -s) and git commit -S, --gpg-sign (upper case -S).
This question is about signoff(lower case -s).
However some answers here are about gpg-sign(upper case -S), that better discussed in dedicated questions on superUser Can you GPG sign old commits? and stackoverflow Is there a way to gpg sign all previous commits?

4

10 Answers

To signoff the previous commit, use amend option:

git commit --amend --signoff 

Edit: the amend does signoff only the latest commit. To signoff multiple commits, filter-branch and interpret-trailers as suggested by vonc et. al. should be used. Here is what worked for me.

First, configure git to replace the token sign by Signed-off-by. This has to be done only once and is needed in the next step.

git config trailer.sign.key "Signed-off-by" 

The command git filter-branch with the switch --msg-filter will eval the filter once for each commit. The filter can be any shell command that receives the commit message on stdin and outputs on stdout. You can write your own filter, or use git interpret-trailers, which is indepotent. Here is an example that will signoff the latest two commits of the current branch using the current user and email:

export SIGNOFF="sign: $(git config --get user.name) <$(git config --get user.email)>" git filter-branch -f --msg-filter \ "git interpret-trailers --trailer \"$SIGNOFF\"" \ HEAD~2..HEAD 

Note 1) Modifying commit messages change the commit id, which means pushing over already published branches will have to be forced either with --force or better --force-with-lease.

Note 2) if you intend to write your custom script, beware that git filter-branch changes the current directory to <repo>/.git-rewrite/t. Using a relative path to the script won't usually work. Instead, the script should be in your $PATH or provided as an absolute path.

3

These days (starting with Git 2.13) you can generally do something like

git rebase --signoff HEAD~2 

to add Signed-off-by footers to the last 2 commits (in this example).

If your range includes the root commit, add the --root option to rebase.

3

NOTE: the answer is about gpg-sign(upper case -S), that better discussed in dedicated questions on superUser Can you GPG sign old commits? and stackoverflow Is there a way to gpg sign all previous commits?

Try this one to redo old commits with a -S:

git filter-branch -f --commit-filter 'git commit-tree -S "$@"' HEAD 

After that, you have to git push -f. But be careful, the commit ids will change and other people will become out of sync.

4

If anyone still looking for a better-automated way of signing off commits.

Try this:

git rebase --exec 'git commit --amend --no-edit -n -S' -i commit-hash 

This will rebase everything till the commit-hash (X commits)

Then git push -f is required to push back the change in history back to remote

5

For me just ammending signof, didn't actually verify my commits on github.

The solution that is worked for me is going back, and then sign each commit with -S

git commit --amend -S 

Also if you check if your commit is actually signed, and your email/name is simply not appended, use this command

git show HEAD --show-signature 

Extra tip: If you are already amending your commits, you may want your real name in them (see using git log). You may be using your github handle name, which is not needed. Only correct email is needed and in field of username you should use your full name and github will track it correctly with your github handle name. So to correct your user name and sign last commit use:

git commit --amend --author="FULL NAME <email>" -S 

and also set full name for user name in future by

git config --global user.name "FULL NAME" 
1

Considering sign-offs modify the commit message , uses git filter-branch to achieve that.

git filter-branch --msg-filter \ "cat - && echo && echo 'Signed-off-by: Dan McGee <>'" \ HEAD 

(example from "git filter-branch magic")

Or, following Curt J. Sampson's suggestion, using git interpret-trailers:

git config trailer.sign.key "Signed-off-by" git filter-branch --msg-filter \ "cat - && echo && git interpret-trailers --trailer 'sign: 'Signed-off-by: Dan McGee <>'" \ HEAD 

caveat: this will change the SHA1 of your existing commits, and you might have to force push the result, which can be problematic if your commits are already shared by others.

vorburger adds in the comment an example:

Using git version 2.20.1, I had to omit "Signed-off-by" in --trailer 'sign:, and do it like this:

git filter-branch --msg-filter \ "cat - && echo && git interpret-trailers --trailer 'sign: Michael Vorburger <>'" \ HEAD 
8

An interactive rebase with the -S flag will do the job.

Let's say you need to sign off the last n commits (make sure to checkout the latest of those n commits).

Run:

$ git rebase -S -i HEAD~n # The `-S` flag is important. # It tells Git to sign the following commits. 

This gives a list of the last n commits.

Now, change pick to edit prefix for all the commits you want to sign.

Once done, close the editor. A new editor will open with everything about the commit.

Since nothing needs to be changed in the commit, save the file and exit the editor. You can also change the commit message while at it.

Repeat this for other commits.

To push the latest history, git push remote branch -f.

Warning

There's one gotcha - it can rewrite your commits.

If you sign a 4-month old commit, it might overwrite its date and make it look like it was created today. So, not recommended when you want to preserve your commit history.

1

I had a similar issue. Here, thanks to Robin Johnson from Gentoo Linux is a trick to add the signature to all my previous unpushed commits:

$ git pull && git rebase --gpg-sign --force-rebase origin/master && git push --signed Already up-to-date. Current branch master is up to date, rebase forced. First, rewinding head to replay your work on top of it... Applying: sci-biology/KING: new package Applying: dev-lang/yaggo: version bump, fix install procedure Applying: sci-libs/htslib: version bump Applying: sci-biology/bcftools: version bump Applying: sci-biology/samtools: version bump Applying: sci-biology/libBigWig: new release with io.h renamed to bigWigIO.h Applying: sci-biology/MaSuRCA: add more URLs to HOMEPAGE Applying: sci-biology/SPAdes: update comments on bundled dev-libs/boost Applying: sci-biology/khmer: added a comment how to proceed with src_compile() Applying: sci-biology/picard: version bump Applying: sci-biology/ruffus: pint EGIT_REPO_URI to the archive URL of code.google.com Applying: sci-biology/vcftools: the 0.1.15_pre release was just renamed to 0.1.15 by upstream Applying: sci-biology/nanopolish: new package Applying: sci-biology/libBigWig: version bump Counting objects: 75, done. Delta compression using up to 2 threads. Compressing objects: 100% (75/75), done. Writing objects: 100% (75/75), 14.51 KiB | 0 bytes/s, done. Total 75 (delta 55), reused 0 (delta 0) remote: To github.com:gentoo/sci.git remote: 29c5e3f5d..b37457700 master -> master To git+ssh:// 29c5e3f5d..b37457700 master -> master $ 

A workaround that does not rewrite history:

  1. create a new branch
  2. merge from the old one with flags --no-commit --no-ff
  3. git reset to remove all the commits (signed or unsigned)
  4. git commit -S -am "commit message"
  5. push the new branch with just one SIGNED commit
git status ... On branch feature/branch_unsigned_commits ... git checkout -b feature/branch_unsigned_commits_take2 git merge --no-commit --no-ff feature/branch_unsigned_commits git reset git commit -S -am "commit message" git push 
2

A quick solution to signoff last X number of commits.

git rebase --signoff @~X 

For example, signoff last 10 commits

git rebase --signoff @~10 

I found this an easy solution for my case. Source:

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like