git-verify-tag - Linux
Overview
git-verify-tag verifies and cryptographically checks the signature of an annotated tag. It ensures the integrity and authenticity of the tag, safeguarding against unauthorized or malicious modifications.
Syntax
git verify-tag [-v] [-s] [-c] [-u] [<object>]
Options/Flags
-v
: List the verified tag by default.-s
: Disable signature verification.-c
: Disable the check for corrupt tags.-u
: Unverify the tag; this allows the tag to be modified without overwriting the old signature.
Examples
Verifying a Tag Signature
git verify-tag v1.0.0 # Verify the tag 'v1.0.0'.
Disabling Signature Verification
git verify-tag -s v1.0.0 # Verify the tag without checking the signature.
Unverifying a Tag
git verify-tag -u v1.0.0 # Unverify the tag, allowing modifications without signature overwrite.
Common Issues
Error: Corruption detected in tag file <tag_name>
This error indicates that the tag file has been corrupted. Try recovering the tag using git tag -f <tag_name> <object>
.
Error: GPG signature verification failed for <tag_name>
Ensure you have the correct GPG key for verifying the signature. If the key is correct, the tag may have been compromised.
Integration
git-verify-tag can be integrated into automated pipelines for continuous integration or security checks. It can be used to ensure the validity of tags before deploying code or releasing software.
Related Commands
- git-tag – Creates and manages tags.
- git-tag -v – Displays the annotated tag information, including the GPG signature.
- gpg – Verifies and creates GPG signatures.