wangwei
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
9038 Commits
197 Branches
346 MB
814 Download
Tree: dc822d5291
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'dc822d5291'
${ noResults }
aiforge/docs/content/doc/advanced/signing.en-us.md

signing.en-us.md 5.1 kB
Raw Normal View History

Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
6 years ago
Re-order GPG signing docs and fix code blocks (#10349) * Move chunk and format Signed-off-by: jolheiser <john.olheiser@gmail.com> * word Signed-off-by: jolheiser <john.olheiser@gmail.com>
5 years ago
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
6 years ago
Re-order GPG signing docs and fix code blocks (#10349) * Move chunk and format Signed-off-by: jolheiser <john.olheiser@gmail.com> * word Signed-off-by: jolheiser <john.olheiser@gmail.com>
5 years ago
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
6 years ago
Sign protected branches (#8993) * Move SignMerge to PullRequest * Add approved signing mode * As per @guillep2k comment
6 years ago
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
6 years ago
Re-order GPG signing docs and fix code blocks (#10349) * Move chunk and format Signed-off-by: jolheiser <john.olheiser@gmail.com> * word Signed-off-by: jolheiser <john.olheiser@gmail.com>
5 years ago
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
6 years ago
Re-order GPG signing docs and fix code blocks (#10349) * Move chunk and format Signed-off-by: jolheiser <john.olheiser@gmail.com> * word Signed-off-by: jolheiser <john.olheiser@gmail.com>
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167 
  1. ---

  2. date: "2019-08-17T10:20:00+01:00"

  3. title: "GPG Commit Signatures"

  4. slug: "signing"

  5. weight: 20

  6. toc: false

  7. draft: false

  8. menu:

  9.   sidebar:

  10.     parent: "advanced"

  11.     name: "GPG Commit Signatures"

  12.     weight: 20

  13.     identifier: "signing"

  14. ---

  15. 

  16. # GPG Commit Signatures

  17. 

  18. Gitea will verify GPG commit signatures in the provided tree by

  19. checking if the commits are signed by a key within the gitea database,

  20. or if the commit matches the default key for git.

  21. 

  22. Keys are not checked to determine if they have expired or revoked.

  23. Keys are also not checked with keyservers.

  24. 

  25. A commit will be marked with a grey unlocked icon if no key can be

  26. found to verify it. If a commit is marked with a red unlocked icon,

  27. it is reported to be signed with a key with an id.

  28. 

  29. Please note: The signer of a commit does not have to be an author or

  30. committer of a commit.

  31. 

  32. This functionality requires git >= 1.7.9 but for full functionality

  33. this requires git >= 2.0.0.

  34. 

  35. ## Automatic Signing

  36. 

  37. There are a number of places where Gitea will generate commits itself:

  38. 

  39. * Repository Initialisation

  40. * Wiki Changes

  41. * CRUD actions using the editor or the API

  42. * Merges from Pull Requests

  43. 

  44. Depending on configuration and server trust you may want Gitea to

  45. sign these commits.

  46. 

  47. ## Installing and generating a GPG key for Gitea

  48. 

  49. It is up to a server administrator to determine how best to install

  50. a signing key. Gitea generates all its commits using the server `git`

  51. command at present - and therefore the server `gpg` will be used for

  52. signing (if configured.) Administrators should review best-practices

  53. for gpg - in particular it is probably advisable to only install a

  54. signing secret subkey without the master signing and certifying secret

  55. key.

  56. 

  57. ## General Configuration

  58. 

  59. Gitea's configuration for signing can be found with the

  60. `[repository.signing]` section of `app.ini`:

  61. 

  62. ```ini

  63. ...

  64. [repository.signing]

  65. SIGNING_KEY = default

  66. SIGNING_NAME =

  67. SIGNING_EMAIL =

  68. INITIAL_COMMIT = always

  69. CRUD_ACTIONS = pubkey, twofa, parentsigned

  70. WIKI = never

  71. MERGES = pubkey, twofa, basesigned, commitssigned

  72. 

  73. ...

  74. ```

  75. 

  76. ### `SIGNING_KEY`

  77. 

  78. The first option to discuss is the `SIGNING_KEY`. There are three main

  79. options:

  80. 

  81. * `none` - this prevents Gitea from signing any commits

  82. * `default` - Gitea will default to the key configured within

  83. `git config`

  84. * `KEYID` - Gitea will sign commits with the gpg key with the ID

  85. `KEYID`. In this case you should provide a `SIGNING_NAME` and

  86. `SIGNING_EMAIL` to be displayed for this key.

  87. 

  88. The `default` option will interrogate `git config` for

  89. `commit.gpgsign` option - if this is set, then it will use the results

  90. of the `user.signingkey`, `user.name` and `user.email` as appropriate.

  91. 

  92. Please note: by adjusting git's `config` file within Gitea's

  93. repositories, `SIGNING_KEY=default` could be used to provide different

  94. signing keys on a per-repository basis. However, this is clearly not an

  95. ideal UI and therefore subject to change.

  96. 

  97. ### `INITIAL_COMMIT`

  98. 

  99. This option determines whether Gitea should sign the initial commit

  100. when creating a repository. The possible values are:

  101. 

  102. * `never`: Never sign

  103. * `pubkey`: Only sign if the user has a public key

  104. * `twofa`: Only sign if the user logs in with two factor authentication

  105. * `always`: Always sign

  106. 

  107. Options other than `never` and `always` can be combined as a comma

  108. separated list.

  109. 

  110. ### `WIKI`

  111. 

  112. This options determines if Gitea should sign commits to the Wiki.

  113. The possible values are:

  114. 

  115. * `never`: Never sign

  116. * `pubkey`: Only sign if the user has a public key

  117. * `twofa`: Only sign if the user logs in with two factor authentication

  118. * `parentsigned`: Only sign if the parent commit is signed.

  119. * `always`: Always sign

  120. 

  121. Options other than `never` and `always` can be combined as a comma

  122. separated list.

  123. 

  124. ### `CRUD_ACTIONS`

  125. 

  126. This option determines if Gitea should sign commits from the web

  127. editor or API CRUD actions. The possible values are:

  128. 

  129. * `never`: Never sign

  130. * `pubkey`: Only sign if the user has a public key

  131. * `twofa`: Only sign if the user logs in with two factor authentication

  132. * `parentsigned`: Only sign if the parent commit is signed.

  133. * `always`: Always sign

  134. 

  135. Options other than `never` and `always` can be combined as a comma

  136. separated list.

  137. 

  138. ### `MERGES`

  139. 

  140. This option determines if Gitea should sign merge commits from PRs.

  141. The possible options are:

  142. 

  143. * `never`: Never sign

  144. * `pubkey`: Only sign if the user has a public key

  145. * `twofa`: Only sign if the user logs in with two factor authentication

  146. * `basesigned`: Only sign if the parent commit in the base repo is signed.

  147. * `headsigned`: Only sign if the head commit in the head branch is signed.

  148. * `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed.

  149. * `approved`: Only sign approved merges to a protected branch.

  150. * `always`: Always sign

  151. 

  152. Options other than `never` and `always` can be combined as a comma

  153. separated list.

  154. 

  155. ## Obtaining the Public Key of the Signing Key

  156. 

  157. The public key used to sign Gitea's commits can be obtained from the API at:

  158. 

  159. ```

  160. /api/v1/signing-key.gpg

  161. ```

  162. 

  163. In cases where there is a repository specific key this can be obtained from:

  164. 

  165. ```

  166. /api/v1/repos/:username/:reponame/signing-key.gpg

  167. ```

No Description