closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8598 Commits
2 Branches
178 MiB
Tree: f8a6eb8f32
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f8a6eb8f32'
${ noResults }
gitea/routers/api/v1/misc/signing.go

62 lines
1.4 KiB
Raw Normal View History

Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
5 years ago
 
  1. package misc
  2. 

  3. import (
  4. 	"fmt"
  5. 	"net/http"
  6. 

  7. 	"code.gitea.io/gitea/models"
  8. 	"code.gitea.io/gitea/modules/context"
  9. 	"code.gitea.io/gitea/modules/log"
  10. )
  11. 

  12. // SigningKey returns the public key of the default signing key if it exists

  13. func SigningKey(ctx *context.Context) {
  14. 	// swagger:operation GET /signing-key.gpg miscellaneous getSigningKey

  15. 	// ---

  16. 	// summary: Get default signing-key.gpg

  17. 	// produces:

  18. 	//     - text/plain

  19. 	// responses:

  20. 	//   "200":

  21. 	//     description: "GPG armored public key"

  22. 	//     schema:

  23. 	//       type: string

  24. 

  25. 	// swagger:operation GET /repos/{owner}/{repo}/signing-key.gpg repository repoSigningKey

  26. 	// ---

  27. 	// summary: Get signing-key.gpg for given repository

  28. 	// produces:

  29. 	//     - text/plain

  30. 	// parameters:

  31. 	// - name: owner

  32. 	//   in: path

  33. 	//   description: owner of the repo

  34. 	//   type: string

  35. 	//   required: true

  36. 	// - name: repo

  37. 	//   in: path

  38. 	//   description: name of the repo

  39. 	//   type: string

  40. 	//   required: true

  41. 	// responses:

  42. 	//   "200":

  43. 	//     description: "GPG armored public key"

  44. 	//     schema:

  45. 	//       type: string

  46. 

  47. 	path := ""
  48. 	if ctx.Repo != nil && ctx.Repo.Repository != nil {
  49. 		path = ctx.Repo.Repository.RepoPath()
  50. 	}
  51. 

  52. 	content, err := models.PublicSigningKey(path)
  53. 	if err != nil {
  54. 		ctx.ServerError("gpg export", err)
  55. 		return
  56. 	}
  57. 	_, err = ctx.Write([]byte(content))
  58. 	if err != nil {
  59. 		log.Error("Error writing key content %v", err)
  60. 		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("%v", err))
  61. 	}
  62. }