Remote Rejects Push With Commit Must Have Valid Signature

Question

I am getting this error when doing a push

git push
Enumerating objects: 13, done.
Counting objects: 100% (13/13), done.
Delta compression using up to 8 threads
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 586 bytes | 195.00 KiB/s, done.
Total 7 (delta 6), reused 0 (delta 0)
remote: Resolving deltas: 100% (6/6), completed with 6 local objects.
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: Commits must have valid signatures.
To https://github.com/xxx-xxx-xxx
 ! [remote rejected]   master -> master (protected branch hook declined)
error: failed to push some refs to 'https://github.com/xxx-xxx-xxx'

How do I fix this?

Answer 1

GitHub has a branch protection setting when enabled would allow only commits signed with verified signatures to be pushed to a branch. This setting is under Settings -> Branches -> Branch protection rules for every repository on GitHub.

If you don't have control over the repo settings, you would have to sign your commits before pushing to the GitHub remote repo.

For signing your commit, if you're using a GPG key, you need to configure Git to use that with the below command (replacing keyID with your GPG key ID). If you don’t have a GPG key installed, you can generate one with gpg --gen-key.

git config --global user.signingkey keyID

You can then sign your commits by adding the -S flag as below

git commit -S -m "commitMessage"

You can then push your commits to the GitHub repo.

GitHub has a documentation regarding signing commits which you can refer to. Alternatively, you can even refer to the git documentation about signing your work. GitHub's documentation about requiring commit signing is here.