forgejo/docs/content/doc/advanced
zeripath fcb535c5c3
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631)
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.

## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
    - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
    - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
    - [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
    - app.ini configuration done
    - [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation

I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
2019-10-16 14:42:42 +01:00
..
api-usage.en-us.md DOCS: add mention of swagger api reference (#8452) 2019-10-10 08:42:01 -04:00
api-usage.zh-cn.md
ci-cd.en-us.md Add buildbot CI (#8378) 2019-10-04 19:30:05 +02:00
config-cheat-sheet.en-us.md Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
config-cheat-sheet.zh-cn.md Make static resouces web browser cache time customized on app.ini (#8442) 2019-10-14 23:05:57 +01:00
customizing-gitea.en-us.md Remove unnecessary backslash (#8249) 2019-09-20 13:06:17 -04:00
customizing-gitea.zh-cn.md
external-renderers.en-us.md [docs] Docker build - ZeroMQ dependency for Jupyter (#8262) 2019-09-26 09:04:53 +02:00
hacking-on-gitea.en-us.md Add 'make revive' to instructions for checking code (#8314) 2019-09-29 23:36:52 +03:00
hacking-on-gitea.zh-cn.md
logging-documentation.en-us.md
make.en-us.md
make.fr-fr.md
make.zh-cn.md
migrations.en-us.md
oauth2-provider.md
repo-indexer.en-us.md Restrict repository indexing by glob match (#7767) 2019-09-11 20:26:28 +03:00
signing.en-us.md Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
specific-variables.en-us.md
specific-variables.zh-cn.md
third-party-tools.en-us.md