Sign in Subscribe
git

Signing existing git commits to allow a pull request to be merged

Neil Taylor

2 min read

This is a short note with some references to an issue that I needed to solve. I had forked a project, created a feature branch, made commits and then made a pull request for those commits on GitHub. The problem was that the source repository requires verified commits. Without verification, the pull request could not be merged.

Key steps were:

  • Setup SSH key signing for GitHub
  • Sort out commit authors to tidy up repository
  • Apply signing to existing commits
  • Push those commits to GitHub, so that they are part of the pull request

Situation

There were three commits in the pull request. There was one from my changes, made on my local machine. I had then pushed those to GitHub. I then saw that there were changes in the source repository, so I used the Sync operation in the GitHub interface to bring those together. That meant that there were two commits to sign.

SSH key signing setup

Setup SSH key, following GitHub's helpful instructions.

Commit authors

I used git log to check the status of items in the history of commits. I noticed that the commit of changes on my local machine used one email address. However, the commit of the sync on GitHub used a different email address. I wasn't sure if that was significant, so I decided to change the author for the commit I had made on my local machine.

I used git rebase to change email on one of the commits, following notes in Git Tower article.

Signing the commits

Then, used git filter-branch to apply signing to existing commits, following example in Stack Exchange's superuser pages, running the command:

git filter-branch --commit-filter 'git commit-tree -S "$@";' <COMMIT>..HEAD

I made a mistake with the filter command with the starting <COMMIT> id. I originally entered the identifer for the commit that I wanted to change. It needs to be the one before that - so the last 'good' one that it works forward from.

When going through the steps again to fix that, I hit the problem that the filter-branch could not be completed because there was a previous backup. The outcome was the --force option needed to be used for filter-branch.

Push commits

Then, I used git push --force-with-lease, as mentioned at the end of the WebDev tutorial Retroactively Sign Git Commits, by . The linked article from that page to Never use git push force, by , was a helpful read.

Checking on GitHub

All went to GitHub successfully and the existing pull request showed that the signing had been applied to the commits. The request was then ready for merging.

Sign up for more like this.

Enter your email
Subscribe