git-verify-chain

A tool to verify git commit signatures since the given tag/commit.

It is a wrapper around git and gpg tools. They are invoked directly instead of handling git/GnuPG internals with native Go code as it already done by conform.

Getting it

The best way to install this tool is:

Clone this repository.
Clone git@github.com:talos-systems/signing-keys.git.
Build the tool with make.
Verify the repository by the built tool: _out/git-verify-chain-linux-amd64 -keys-dir ../signing-keys -from f539e9f36e49d958b61d9787f455428f49b60fb8.

Using it

$ git-verify-chain -from v0.12.0
2021/09/13 14:41:58 OK

$ git-verify-chain -from v0.10.0
2021/09/13 14:42:04 failed to verify commit "faecae44fde60fc626ccb01da3b221519a9d41d7":
git verify-commit --verbose faecae44fde60fc626ccb01da3b221519a9d41d7: exit status 1

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
cmd/git-verify-chain		cmd/git-verify-chain
hack		hack
internal		internal
.codecov.yml		.codecov.yml
.conform.yaml		.conform.yaml
.dockerignore		.dockerignore
.drone.yml		.drone.yml
.gitignore		.gitignore
.golangci.yml		.golangci.yml
.kres.yaml		.kres.yaml
.markdownlint.json		.markdownlint.json
CHANGELOG.md		CHANGELOG.md
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
go.mod		go.mod
go.sum		go.sum

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

git-verify-chain

Getting it

Using it

About

Releases 2

Packages

Languages

License

siderolabs/git-verify-chain

Folders and files

Latest commit

History

Repository files navigation

git-verify-chain

Getting it

Using it

About

Resources

License

Stars

Watchers

Forks

Releases 2

Packages 0

Languages

Packages