On Sat, Jul 25, 2015 at 1:17 PM, Adam Liter <adam.liter@xxxxxxxxx> wrote: > Hello, > > I'm trying to clean up the commit history of a git repository by removing > certain files. The repository contains signed commits, and when I try to use > git filter-branch, the PGP signature is converted to the first line of the > commit message. > It should be possible to craft a filter that removes the signatures entirely. It is not possible to craft a filter-branch which retains the signatures in any *valid* form, though you could re-create new signatures assuming you have all the private keys (ie: you're the one who signed all the commits). You can't keep the signatures alone, because then they wouldn't be valid, since the data they signed is not the same now. Normally signatures are used so that you can verify "yes, so-and-so is the person who did this thing and no one else could have faked it). > Is this the expected behavior? If so, is there something that I can do to > prevent this from happening? I'm not sure why it's putting the first line at the top of the commit. > > I'm using git v. 2.4.6. I tried reducing the behavior to a simple case. I > asked about this on Stack Overflow > (http://stackoverflow.com/q/31552774/2571049), but the question hasn't > really gotten any uptake, so I thought I would try asking here too. > > In trying to reproduce the behavior in a minimal way, I did the following: > > mkdir pgp-git-test > cd pgp-git-test > git init > touch a.txt > git add a.txt > git commit -m "Add a.txt" -S > touch b.txt > git add b.txt > git commit -m "Add b.txt" -S > git filter-branch --index-filter 'git rm --cached --ignore-unmatch a.txt' > --prune-empty HEAD > git log --oneline --decorate > b4efdf0 (HEAD -> master) iQIcBAABCgAGBQJVrvqHAAoJ [...] -----END PGP > SIGNATURE----- > 9f82e63 iQIcBAABCgAGBQJVrvp7AAoJ [...] -----END PGP SIGNATURE----- > > As can be seen after running git log --oneline --decorate, the PGP signature > has become the first line of the commit. The rest of the commit message is > still there, but it's on a line below the PGP signature. > > How can I prevent this from happening when using git filter-branch? You probably need to run all the commits through a filter first which strips out all signature info, and then re-write the commits to remove the file. You can't leave the signatures in there alone, as they would no longer be valid, and people who try to verify them would fail. > > Also, one thing that I was a bit surprised about when trying to create this > minimal example is that the first commit is still there. Does anyone know > why the commit history still contains the first commit, since the first > commit only involved the file a.txt and since I passed --prune-empty to git > filter-branch? Shouldn't this commit have been eliminated from the log? > I'm not sure about this part, sorry. > Thanks in advance for the help! I'm relatively new to git, so apologies for > bugging you all if this is a trivial error on my part. Thanks! > > Best, > Adam Liter Regards, Jake -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html