问题描述
使用较新版本的 git
,可以使用PGP密钥对单个提交(除了标记之外)进行签名:
With newer versions of git
it's possible to sign individual commits (in addition to tags) with a PGP key:
git commit -m "some message" -S
你可以用 - show-signature
选项在 git log
的输出中显示这些签名:
And you can show these signatures in the output of git log
with the --show-signature
option:
$ git log --show-signature
commit 93bd0a7529ef347f8dbca7efde43f7e99ab89515
gpg: Signature made Fri 28 Jun 2013 02:28:41 PM EDT using RSA key ID AC1964A8
gpg: Good signature from "Lars Kellogg-Stedman <lars@seas.harvard.edu>"
Author: Lars Kellogg-Stedman <lars@seas.harvard.edu>
Date: Fri Jun 28 14:28:41 2013 -0400
this is a test
但是有没有一种方法可以编程方式验证给定提交上的签名,而不是通过刷新 git log
的输出?我正在寻找等价于 git tag -v
的提交 - 这将提供一个退出代码,指示给定提交中是否存在有效签名。
But is there a way to programatically verify the signature on a given commit other than by grepping the output of git log
? I'm looking for the commit equivalent of git tag -v
-- something that will provide an exit code indicating whether or not there was a valid signature on a given commit.
推荐答案
以防万一有人通过搜索引擎来到这个页面,就像我做的一样:新工具已经在两个问题发布之后的几年:现在有用于此任务的git命令: git verify-commit
和 git verify-tag
可以分别用于验证提交和标签。
Just in case someone comes to this page through a search engine, like I did: New tools have been made available in the two years since the question was posted: There are now git commands for this task: git verify-commit
and git verify-tag
can be used to verify commits and tags, respectively.
这篇关于验证签署的git提交?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!