From fcb535c5c3b6b782d9242028fed4cd8c027c4e41 Mon Sep 17 00:00:00 2001 From: zeripath Date: Wed, 16 Oct 2019 14:42:42 +0100 Subject: Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this. --- modules/git/repo_gpg.go | 59 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 modules/git/repo_gpg.go (limited to 'modules/git/repo_gpg.go') diff --git a/modules/git/repo_gpg.go b/modules/git/repo_gpg.go new file mode 100644 index 0000000000..b4c3f3b431 --- /dev/null +++ b/modules/git/repo_gpg.go @@ -0,0 +1,59 @@ +// Copyright 2015 The Gogs Authors. All rights reserved. +// Copyright 2017 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package git + +import ( + "fmt" + "strings" + + "code.gitea.io/gitea/modules/process" +) + +// LoadPublicKeyContent will load the key from gpg +func (gpgSettings *GPGSettings) LoadPublicKeyContent() error { + content, stderr, err := process.GetManager().Exec( + "gpg -a --export", + "gpg", "-a", "--export", gpgSettings.KeyID) + if err != nil { + return fmt.Errorf("Unable to get default signing key: %s, %s, %v", gpgSettings.KeyID, stderr, err) + } + gpgSettings.PublicKeyContent = content + return nil +} + +// GetDefaultPublicGPGKey will return and cache the default public GPG settings for this repository +func (repo *Repository) GetDefaultPublicGPGKey(forceUpdate bool) (*GPGSettings, error) { + if repo.gpgSettings != nil && !forceUpdate { + return repo.gpgSettings, nil + } + + gpgSettings := &GPGSettings{ + Sign: true, + } + + value, _ := NewCommand("config", "--get", "commit.gpgsign").RunInDir(repo.Path) + sign, valid := ParseBool(strings.TrimSpace(value)) + if !sign || !valid { + gpgSettings.Sign = false + repo.gpgSettings = gpgSettings + return gpgSettings, nil + } + + signingKey, _ := NewCommand("config", "--get", "user.signingkey").RunInDir(repo.Path) + gpgSettings.KeyID = strings.TrimSpace(signingKey) + + defaultEmail, _ := NewCommand("config", "--get", "user.email").RunInDir(repo.Path) + gpgSettings.Email = strings.TrimSpace(defaultEmail) + + defaultName, _ := NewCommand("config", "--get", "user.name").RunInDir(repo.Path) + gpgSettings.Name = strings.TrimSpace(defaultName) + + if err := gpgSettings.LoadPublicKeyContent(); err != nil { + return nil, err + } + repo.gpgSettings = gpgSettings + return repo.gpgSettings, nil +} -- cgit v1.2.3