gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

	Commit message (Collapse)	Author	Age	Files	Lines
*	Re-attempt to delete temporary upload if the file is locked by another ↵	zeripath	2020-08-11	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \|	process (#12447) Replace all calls to os.Remove/os.RemoveAll by retrying util.Remove/util.RemoveAll and remove circular dependencies from util. Fix #12339 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: silverwind <me@silverwind.io>
*	Fix the intermittent TestGPGGit failures (#9360)	zeripath	2019-12-15	1	-29/+37
\| \| \| \| \| \|	* Fix the intermittent TestGPGGit failures Reattempt to open the listener if the port is busy with a delay up to a second Switch from generating a private key each time, just use a known good key
*	Missed defer prepareTestEnv (#9285)	zeripath	2019-12-08	1	-1/+1
\| \| \| \| \| \|	* onGiteaRun should defer the cleanup from prepareTestEnv * Some more missed defers
*	Yet another attempt to fix the intermittent failure of gpg git test (#9146)	zeripath	2019-11-26	1	-5/+32
\| \| \| \| \| \| \| \| \| \|	* Yet another attempt to fix the race in gpg_git_test * add some fail nows * Need to set preparetestenv * Ensure that http messages go to the correct server
*	Fix "data race" in testlogger (#9159)	zeripath	2019-11-26	1	-12/+12
\| \| \| \| \| \|	* Fix data race in testlogger * Update git_helper_for_declarative_test.go
*	Fix intermittent GPG Git test failure (#8968)	zeripath	2019-11-13	1	-124/+205
\|
*	Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631)	zeripath	2019-10-16	1	-0/+252
	This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.