1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-23 12:59:11 -05:00
forgejo/docs/content/doc/advanced
zeripath fcb535c5c3
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631)
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.

## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
    - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
    - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
    - [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
    - app.ini configuration done
    - [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation

I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
2019-10-16 14:42:42 +01:00
..
api-usage.en-us.md DOCS: add mention of swagger api reference (#8452) 2019-10-10 08:42:01 -04:00
api-usage.zh-cn.md Adapt documentation to renamed ENABLE_SWAGGER option (#5811) 2019-01-23 20:09:18 +00:00
ci-cd.en-us.md Add buildbot CI (#8378) 2019-10-04 19:30:05 +02:00
config-cheat-sheet.en-us.md Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
config-cheat-sheet.zh-cn.md Make static resouces web browser cache time customized on app.ini (#8442) 2019-10-14 23:05:57 +01:00
customizing-gitea.en-us.md Remove unnecessary backslash (#8249) 2019-09-20 13:06:17 -04:00
customizing-gitea.zh-cn.md Fix translation errors in doc advanced part (zh-cn) (#5112) 2018-12-23 18:57:49 +08:00
external-renderers.en-us.md [docs] Docker build - ZeroMQ dependency for Jupyter (#8262) 2019-09-26 09:04:53 +02:00
hacking-on-gitea.en-us.md Add 'make revive' to instructions for checking code (#8314) 2019-09-29 23:36:52 +03:00
hacking-on-gitea.zh-cn.md ZH-CN translation of Advanced part (#5090) 2018-10-17 14:21:20 +03:00
logging-documentation.en-us.md Move serv hook functionality & drop GitLogger (#6993) 2019-06-01 23:00:21 +08:00
make.en-us.md General documentation cleanup (#3317) 2018-01-08 23:48:42 +01:00
make.fr-fr.md General documentation cleanup (#3317) 2018-01-08 23:48:42 +01:00
make.zh-cn.md ZH-CN translation of Advanced part (#5090) 2018-10-17 14:21:20 +03:00
migrations.en-us.md Import topics during migration (#7851) 2019-08-14 14:16:12 +08:00
oauth2-provider.md Add oauth2 documentation (#6604) 2019-04-14 10:42:11 +02:00
repo-indexer.en-us.md Restrict repository indexing by glob match (#7767) 2019-09-11 20:26:28 +03:00
signing.en-us.md Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
specific-variables.en-us.md Copyedit docs (#6275) 2019-03-09 16:15:45 -05:00
specific-variables.zh-cn.md ZH-CN translation of Advanced part (#5090) 2018-10-17 14:21:20 +03:00
third-party-tools.en-us.md Update third-party-tools.en-us.md (#8148) 2019-09-11 00:16:11 -04:00