How to verify a git commit at which a git tag is pointing?

612 views Asked by At

I understand, one can verify signed git:

But how to verify the git commit at which some tag is pointing? Using this at the moment.

git verify-commit "$(git rev-list --max-count 1 tag-name)"

git rev-list --max-count 1 tag-name to figure out at which commit the tag is pointing and then passing that to git verify-commit.

Is there a simpler way?

Does this look sane, secure?

(What's the background of this? Related to git sha 1 and git security.)

1

There are 1 answers

2
knittl On BEST ANSWER

tag^{commit} or tag^{} resolves to the commit to which a tag points.

So the following should do what you want:

git verify-commit tag^{}