mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-24 10:46:10 +01:00
fcb535c5c3
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this. |
||
---|---|---|
.. | ||
gitea-repositories-meta | ||
migration-test | ||
api_admin_org_test.go | ||
api_admin_test.go | ||
api_branch_test.go | ||
api_comment_test.go | ||
api_fork_test.go | ||
api_gpg_keys_test.go | ||
api_helper_for_declarative_test.go | ||
api_issue_label_test.go | ||
api_issue_test.go | ||
api_keys_test.go | ||
api_org_test.go | ||
api_pull_test.go | ||
api_releases_test.go | ||
api_repo_edit_test.go | ||
api_repo_file_create_test.go | ||
api_repo_file_delete_test.go | ||
api_repo_file_helpers.go | ||
api_repo_file_update_test.go | ||
api_repo_get_contents_list_test.go | ||
api_repo_get_contents_test.go | ||
api_repo_git_blobs_test.go | ||
api_repo_git_commits_test.go | ||
api_repo_git_hook_test.go | ||
api_repo_git_ref_test.go | ||
api_repo_git_tags_test.go | ||
api_repo_git_trees_test.go | ||
api_repo_lfs_locks_test.go | ||
api_repo_raw_test.go | ||
api_repo_tags_test.go | ||
api_repo_test.go | ||
api_repo_topic_test.go | ||
api_team_test.go | ||
api_team_user_test.go | ||
api_token_test.go | ||
api_user_heatmap_test.go | ||
api_user_orgs_test.go | ||
api_user_search_test.go | ||
auth_ldap_test.go | ||
benchmarks_test.go | ||
branches_test.go | ||
change_default_branch_test.go | ||
cors_test.go | ||
create_no_session_test.go | ||
delete_user_test.go | ||
download_test.go | ||
editor_test.go | ||
empty_repo_test.go | ||
explore_repos_test.go | ||
git_helper_for_declarative_test.go | ||
git_test.go | ||
gpg_git_test.go | ||
html_helper.go | ||
integration_test.go | ||
issue_test.go | ||
lfs_getobject_test.go | ||
links_test.go | ||
mssql.ini.tmpl | ||
mysql.ini.tmpl | ||
mysql8.ini.tmpl | ||
nonascii_branches_test.go | ||
oauth_test.go | ||
org_test.go | ||
pgsql.ini.tmpl | ||
pull_compare_test.go | ||
pull_create_test.go | ||
pull_merge_test.go | ||
pull_review_test.go | ||
pull_status_test.go | ||
README.md | ||
README_ZH.md | ||
release_test.go | ||
repo_activity_test.go | ||
repo_branch_test.go | ||
repo_commits_search_test.go | ||
repo_commits_test.go | ||
repo_fork_test.go | ||
repo_migrate_test.go | ||
repo_search_test.go | ||
repo_test.go | ||
repofiles_delete_test.go | ||
repofiles_update_test.go | ||
setting_test.go | ||
signin_test.go | ||
signout_test.go | ||
signup_test.go | ||
sqlite.ini | ||
ssh_key_test.go | ||
testlogger.go | ||
timetracking_test.go | ||
user_test.go | ||
version_test.go | ||
xss_test.go |
Integrations tests
Integration tests can be run with make commands for the appropriate backends, namely:
make test-mysql
make test-pgsql
make test-sqlite
Make sure to perform a clean build before running tests:
make clean build
Run all tests via local drone
drone exec --local --build-event "pull_request"
Run sqlite integrations tests
Start tests
make test-sqlite
Run mysql integrations tests
Setup a mysql database inside docker
docker run -e "MYSQL_DATABASE=test" -e "MYSQL_ALLOW_EMPTY_PASSWORD=yes" -p 3306:3306 --rm --name mysql mysql:5.7 #(just ctrl-c to stop db and clean the container)
Start tests based on the database container
TEST_MYSQL_HOST=localhost:3306 TEST_MYSQL_DBNAME=test TEST_MYSQL_USERNAME=root TEST_MYSQL_PASSWORD='' make test-mysql
Run pgsql integrations tests
Setup a pgsql database inside docker
docker run -e "POSTGRES_DB=test" -p 5432:5432 --rm --name pgsql postgres:9.5 #(just ctrl-c to stop db and clean the container)
Start tests based on the database container
TEST_PGSQL_HOST=localhost:5432 TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql
Run mssql integrations tests
Setup a mssql database inside docker
docker run -e "ACCEPT_EULA=Y" -e "MSSQL_PID=Standard" -e "SA_PASSWORD=MwantsaSecurePassword1" -p 1433:1433 --rm --name mssql microsoft/mssql-server-linux:latest #(just ctrl-c to stop db and clean the container)
Start tests based on the database container
TEST_MSSQL_HOST=localhost:1433 TEST_MSSQL_DBNAME=gitea_test TEST_MSSQL_USERNAME=sa TEST_MSSQL_PASSWORD=MwantsaSecurePassword1 make test-mssql
Running individual tests
Example command to run GPG test:
For sqlite:
make test-sqlite#GPG
For other databases(replace MSSQL to MYSQL, MYSQL8, PGSQL):
TEST_MSSQL_HOST=localhost:1433 TEST_MSSQL_DBNAME=test TEST_MSSQL_USERNAME=sa TEST_MSSQL_PASSWORD=MwantsaSecurePassword1 make test-mssql#GPG