git-verify-commit - Linux
Overview
git-verify-commit
verifies the specified commit and its signature, warning if the signature is missing or incomplete. This command is useful for ensuring the authenticity and integrity of a commit before merging or pushing it.
Syntax
git verify-commit [--check-signature|--raw-commit|--cleanup] [<commit>]
Options/Flags
- –check-signature: Verify the GPG signature of the commit if one exists.
- –raw-commit: Do not strip the commit message or author/committer information.
- –cleanup: Strip the trailing whitespace from the commit message.
Examples
Verify the signature of a commit:
git verify-commit --check-signature HEAD
Show the raw commit without cleanup:
git verify-commit --raw-commit HEAD
Verify and strip whitespace from commit message:
git verify-commit --cleanup HEAD
Common Issues
Error: Signature does not match the commit
This error indicates that the signature is incorrect or has been tampered with. Check that the commit message is correct and has not been modified after signing.
Error: No signature found
The commit has not been signed. Use git commit -S
to sign a commit.
Integration
git-verify-commit
can be used in conjunction with other Git commands to ensure the integrity of commits in various scenarios:
- Before merging: Verify commits before merging branches to prevent malicious or invalid commits from entering the main branch.
- Before pushing: Verify commits before pushing them to a remote repository to ensure they have not been compromised.
- During code review: Use
git-verify-commit --raw-commit
to display the commit without cleanup, making it easier to review the commit message and changes.