mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9600 Commits
17 Branches
Tree: v1.12.0-de
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'v1.12.0-de'
${ noResults }
gitea/modules/git/repo_gpg.go

repo_gpg.go 1.8KB
Raw Permalink Normal View History

Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
4 years ago
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 
  1. // Copyright 2015 The Gogs Authors. All rights reserved.

  2. // Copyright 2017 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package git

  7. 

  8. import (

  9. 	"fmt"

  10. 	"strings"

  11. 

  12. 	"code.gitea.io/gitea/modules/process"

  13. )

  14. 

  15. // LoadPublicKeyContent will load the key from gpg

  16. func (gpgSettings *GPGSettings) LoadPublicKeyContent() error {

  17. 	content, stderr, err := process.GetManager().Exec(

  18. 		"gpg -a --export",

  19. 		"gpg", "-a", "--export", gpgSettings.KeyID)

  20. 	if err != nil {

  21. 		return fmt.Errorf("Unable to get default signing key: %s, %s, %v", gpgSettings.KeyID, stderr, err)

  22. 	}

  23. 	gpgSettings.PublicKeyContent = content

  24. 	return nil

  25. }

  26. 

  27. // GetDefaultPublicGPGKey will return and cache the default public GPG settings for this repository

  28. func (repo *Repository) GetDefaultPublicGPGKey(forceUpdate bool) (*GPGSettings, error) {

  29. 	if repo.gpgSettings != nil && !forceUpdate {

  30. 		return repo.gpgSettings, nil

  31. 	}

  32. 

  33. 	gpgSettings := &GPGSettings{

  34. 		Sign: true,

  35. 	}

  36. 

  37. 	value, _ := NewCommand("config", "--get", "commit.gpgsign").RunInDir(repo.Path)

  38. 	sign, valid := ParseBool(strings.TrimSpace(value))

  39. 	if !sign || !valid {

  40. 		gpgSettings.Sign = false

  41. 		repo.gpgSettings = gpgSettings

  42. 		return gpgSettings, nil

  43. 	}

  44. 

  45. 	signingKey, _ := NewCommand("config", "--get", "user.signingkey").RunInDir(repo.Path)

  46. 	gpgSettings.KeyID = strings.TrimSpace(signingKey)

  47. 

  48. 	defaultEmail, _ := NewCommand("config", "--get", "user.email").RunInDir(repo.Path)

  49. 	gpgSettings.Email = strings.TrimSpace(defaultEmail)

  50. 

  51. 	defaultName, _ := NewCommand("config", "--get", "user.name").RunInDir(repo.Path)

  52. 	gpgSettings.Name = strings.TrimSpace(defaultName)

  53. 

  54. 	if err := gpgSettings.LoadPublicKeyContent(); err != nil {

  55. 		return nil, err

  56. 	}

  57. 	repo.gpgSettings = gpgSettings

  58. 	return repo.gpgSettings, nil

  59. }