git-verify-commit - Linux

Overview

git-verify-commit verifies the specified commit and its signature, warning if the signature is missing or incomplete. This command is useful for ensuring the authenticity and integrity of a commit before merging or pushing it.

Syntax

git verify-commit [--check-signature|--raw-commit|--cleanup] [<commit>]

Options/Flags

–check-signature: Verify the GPG signature of the commit if one exists.
–raw-commit: Do not strip the commit message or author/committer information.
–cleanup: Strip the trailing whitespace from the commit message.

Examples

Verify the signature of a commit:

git verify-commit --check-signature HEAD

Show the raw commit without cleanup:

git verify-commit --raw-commit HEAD

Verify and strip whitespace from commit message:

git verify-commit --cleanup HEAD

Common Issues

Error: Signature does not match the commit
This error indicates that the signature is incorrect or has been tampered with. Check that the commit message is correct and has not been modified after signing.

Error: No signature found
The commit has not been signed. Use git commit -S to sign a commit.

Integration

git-verify-commit can be used in conjunction with other Git commands to ensure the integrity of commits in various scenarios:

Before merging: Verify commits before merging branches to prevent malicious or invalid commits from entering the main branch.
Before pushing: Verify commits before pushing them to a remote repository to ensure they have not been compromised.
During code review: Use git-verify-commit --raw-commit to display the commit without cleanup, making it easier to review the commit message and changes.