closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9626 Commits
2 Branches
178 MiB
Tree: 4280d44a45
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4280d44a45'
${ noResults }
gitea/routers/api/v1/misc/signing.go

66 lines
1.6 KiB
Raw Normal View History

Add gitea-vet (#10948) * Add copyright Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add gitea-vet and fix non-compliance Signed-off-by: jolheiser <john.olheiser@gmail.com> * Combine tools.go into build.go and clean up Signed-off-by: jolheiser <john.olheiser@gmail.com> * Remove extra GO111MODULE=on Signed-off-by: jolheiser <john.olheiser@gmail.com>
4 years ago
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
5 years ago
 
  1. // Copyright 2020 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package misc
  6. 

  7. import (
  8. 	"fmt"
  9. 	"net/http"
  10. 

  11. 	"code.gitea.io/gitea/models"
  12. 	"code.gitea.io/gitea/modules/context"
  13. 	"code.gitea.io/gitea/modules/log"
  14. )
  15. 

  16. // SigningKey returns the public key of the default signing key if it exists

  17. func SigningKey(ctx *context.Context) {
  18. 	// swagger:operation GET /signing-key.gpg miscellaneous getSigningKey

  19. 	// ---

  20. 	// summary: Get default signing-key.gpg

  21. 	// produces:

  22. 	//     - text/plain

  23. 	// responses:

  24. 	//   "200":

  25. 	//     description: "GPG armored public key"

  26. 	//     schema:

  27. 	//       type: string

  28. 

  29. 	// swagger:operation GET /repos/{owner}/{repo}/signing-key.gpg repository repoSigningKey

  30. 	// ---

  31. 	// summary: Get signing-key.gpg for given repository

  32. 	// produces:

  33. 	//     - text/plain

  34. 	// parameters:

  35. 	// - name: owner

  36. 	//   in: path

  37. 	//   description: owner of the repo

  38. 	//   type: string

  39. 	//   required: true

  40. 	// - name: repo

  41. 	//   in: path

  42. 	//   description: name of the repo

  43. 	//   type: string

  44. 	//   required: true

  45. 	// responses:

  46. 	//   "200":

  47. 	//     description: "GPG armored public key"

  48. 	//     schema:

  49. 	//       type: string

  50. 

  51. 	path := ""
  52. 	if ctx.Repo != nil && ctx.Repo.Repository != nil {
  53. 		path = ctx.Repo.Repository.RepoPath()
  54. 	}
  55. 

  56. 	content, err := models.PublicSigningKey(path)
  57. 	if err != nil {
  58. 		ctx.ServerError("gpg export", err)
  59. 		return
  60. 	}
  61. 	_, err = ctx.Write([]byte(content))
  62. 	if err != nil {
  63. 		log.Error("Error writing key content %v", err)
  64. 		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("%v", err))
  65. 	}
  66. }