I recently extended my GPG key on the main gitlab.com website.
Previously my commits were signed perfectly fine and showing up as verified.
Now they are listed as unverified.
The key has not changed. The same key signature is still there.
Before:
After:
The GPG key is correctly added to my Gitlab account. In my gitlog, all commits are correctly showing up as signed:
This is the commit that shows up as verified from above:
commit 907fcd9849b862a7f2f4a616ce547b9b2acbdf83
gpg: Signature made So 23 Jun 2024 21:07:48 CEST
gpg: using RSA key 3F5F9F9396AF154D3AB506CD6FD08B988674CABA
gpg: Good signature from "Jamarley MyName <EMAIL HERE>" [ultimate]
Author: Jamarley <EMAIL HERE>
Date: Thu Mar 14 20:21:25 2024 +0100
This is the commit that shows up as unverified:
commit 5bcf23d5645bfaa3456f9363c0fe18e506e906e3
gpg: Signature made So 11 Aug 2024 16:59:05 CEST
gpg: using RSA key 3F5F9F9396AF154D3AB506CD6FD08B988674CABA
gpg: Good signature from "Jamarley MyName <EMAIL HERE>" [ultimate]
Author: Jamarley <EMAIL HERE>
Date: Sun Aug 11 16:59:05 2024 +0200
So clearly git knows my signature is valid.
The emails are also correctly set up in the repo and on Gitlab.
I extended my GPG-key using gpg edit key
and then separately extended the primary and subkey by one year.
I then exported the key as well to make it publicly available for verification.
pub rsa4096/6FD08B988674CABA 2023-08-06 [SC] [expires: 2025-08-11]
3F5F9F9396AF154D3AB506CD6FD08B988674CABA
uid [ultimate] Jamarley MyName <EMAIL HERE>
sub rsa4096/8CD3F07BD6848DD7 2023-08-06 [E] [expires: 2025-08-11]
I have no idea why this is just not showing up as verified.
Maybe one of your guys knows this and can help.
Any help is appreciated!