fcb535c5c3
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this. |
||
|---|---|---|
| .. | ||
| gitea-repositories-meta | ||
| migration-test | ||
| README.md | ||
| README_ZH.md | ||
| api_admin_org_test.go | ||
| api_admin_test.go | ||
| api_branch_test.go | ||
| api_comment_test.go | ||
| api_fork_test.go | ||
| api_gpg_keys_test.go | ||
| api_helper_for_declarative_test.go | ||
| api_issue_label_test.go | ||
| api_issue_test.go | ||
| api_keys_test.go | ||
| api_org_test.go | ||
| api_pull_test.go | ||
| api_releases_test.go | ||
| api_repo_edit_test.go | ||
| api_repo_file_create_test.go | ||
| api_repo_file_delete_test.go | ||
| api_repo_file_helpers.go | ||
| api_repo_file_update_test.go | ||
| api_repo_get_contents_list_test.go | ||
| api_repo_get_contents_test.go | ||
| api_repo_git_blobs_test.go | ||
| api_repo_git_commits_test.go | ||
| api_repo_git_hook_test.go | ||
| api_repo_git_ref_test.go | ||
| api_repo_git_tags_test.go | ||
| api_repo_git_trees_test.go | ||
| api_repo_lfs_locks_test.go | ||
| api_repo_raw_test.go | ||
| api_repo_tags_test.go | ||
| api_repo_test.go | ||
| api_repo_topic_test.go | ||
| api_team_test.go | ||
| api_team_user_test.go | ||
| api_token_test.go | ||
| api_user_heatmap_test.go | ||
| api_user_orgs_test.go | ||
| api_user_search_test.go | ||
| auth_ldap_test.go | ||
| benchmarks_test.go | ||
| branches_test.go | ||
| change_default_branch_test.go | ||
| cors_test.go | ||
| create_no_session_test.go | ||
| delete_user_test.go | ||
| download_test.go | ||
| editor_test.go | ||
| empty_repo_test.go | ||
| explore_repos_test.go | ||
| git_helper_for_declarative_test.go | ||
| git_test.go | ||
| gpg_git_test.go | ||
| html_helper.go | ||
| integration_test.go | ||
| issue_test.go | ||
| lfs_getobject_test.go | ||
| links_test.go | ||
| mssql.ini.tmpl | ||
| mysql.ini.tmpl | ||
| mysql8.ini.tmpl | ||
| nonascii_branches_test.go | ||
| oauth_test.go | ||
| org_test.go | ||
| pgsql.ini.tmpl | ||
| pull_compare_test.go | ||
| pull_create_test.go | ||
| pull_merge_test.go | ||
| pull_review_test.go | ||
| pull_status_test.go | ||
| release_test.go | ||
| repo_activity_test.go | ||
| repo_branch_test.go | ||
| repo_commits_search_test.go | ||
| repo_commits_test.go | ||
| repo_fork_test.go | ||
| repo_migrate_test.go | ||
| repo_search_test.go | ||
| repo_test.go | ||
| repofiles_delete_test.go | ||
| repofiles_update_test.go | ||
| setting_test.go | ||
| signin_test.go | ||
| signout_test.go | ||
| signup_test.go | ||
| sqlite.ini | ||
| ssh_key_test.go | ||
| testlogger.go | ||
| timetracking_test.go | ||
| user_test.go | ||
| version_test.go | ||
| xss_test.go | ||
README.md
Integrations tests
Integration tests can be run with make commands for the appropriate backends, namely:
make test-mysql
make test-pgsql
make test-sqlite
Make sure to perform a clean build before running tests:
make clean build
Run all tests via local drone
drone exec --local --build-event "pull_request"
Run sqlite integrations tests
Start tests
make test-sqlite
Run mysql integrations tests
Setup a mysql database inside docker
docker run -e "MYSQL_DATABASE=test" -e "MYSQL_ALLOW_EMPTY_PASSWORD=yes" -p 3306:3306 --rm --name mysql mysql:5.7 #(just ctrl-c to stop db and clean the container)
Start tests based on the database container
TEST_MYSQL_HOST=localhost:3306 TEST_MYSQL_DBNAME=test TEST_MYSQL_USERNAME=root TEST_MYSQL_PASSWORD='' make test-mysql
Run pgsql integrations tests
Setup a pgsql database inside docker
docker run -e "POSTGRES_DB=test" -p 5432:5432 --rm --name pgsql postgres:9.5 #(just ctrl-c to stop db and clean the container)
Start tests based on the database container
TEST_PGSQL_HOST=localhost:5432 TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql
Run mssql integrations tests
Setup a mssql database inside docker
docker run -e "ACCEPT_EULA=Y" -e "MSSQL_PID=Standard" -e "SA_PASSWORD=MwantsaSecurePassword1" -p 1433:1433 --rm --name mssql microsoft/mssql-server-linux:latest #(just ctrl-c to stop db and clean the container)
Start tests based on the database container
TEST_MSSQL_HOST=localhost:1433 TEST_MSSQL_DBNAME=gitea_test TEST_MSSQL_USERNAME=sa TEST_MSSQL_PASSWORD=MwantsaSecurePassword1 make test-mssql
Running individual tests
Example command to run GPG test:
For sqlite:
make test-sqlite#GPG
For other databases(replace MSSQL to MYSQL, MYSQL8, PGSQL):
TEST_MSSQL_HOST=localhost:1433 TEST_MSSQL_DBNAME=test TEST_MSSQL_USERNAME=sa TEST_MSSQL_PASSWORD=MwantsaSecurePassword1 make test-mssql#GPG