You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
fcb535c5c3
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this. |
5 years ago | |
---|---|---|
.. | ||
gitea-repositories-meta | 5 years ago | |
migration-test | 5 years ago | |
README.md | 5 years ago | |
README_ZH.md | 5 years ago | |
api_admin_org_test.go | 5 years ago | |
api_admin_test.go | 5 years ago | |
api_branch_test.go | 5 years ago | |
api_comment_test.go | 5 years ago | |
api_fork_test.go | 5 years ago | |
api_gpg_keys_test.go | 5 years ago | |
api_helper_for_declarative_test.go | 5 years ago | |
api_issue_label_test.go | 5 years ago | |
api_issue_test.go | 5 years ago | |
api_keys_test.go | 5 years ago | |
api_org_test.go | 5 years ago | |
api_pull_test.go | 5 years ago | |
api_releases_test.go | 5 years ago | |
api_repo_edit_test.go | 5 years ago | |
api_repo_file_create_test.go | 5 years ago | |
api_repo_file_delete_test.go | 5 years ago | |
api_repo_file_helpers.go | 5 years ago | |
api_repo_file_update_test.go | 5 years ago | |
api_repo_get_contents_list_test.go | 5 years ago | |
api_repo_get_contents_test.go | 5 years ago | |
api_repo_git_blobs_test.go | 5 years ago | |
api_repo_git_commits_test.go | 5 years ago | |
api_repo_git_hook_test.go | 5 years ago | |
api_repo_git_ref_test.go | 6 years ago | |
api_repo_git_tags_test.go | 5 years ago | |
api_repo_git_trees_test.go | 5 years ago | |
api_repo_lfs_locks_test.go | 5 years ago | |
api_repo_raw_test.go | 6 years ago | |
api_repo_tags_test.go | 5 years ago | |
api_repo_test.go | 5 years ago | |
api_repo_topic_test.go | 5 years ago | |
api_team_test.go | 5 years ago | |
api_team_user_test.go | 5 years ago | |
api_token_test.go | 5 years ago | |
api_user_heatmap_test.go | 5 years ago | |
api_user_orgs_test.go | 5 years ago | |
api_user_search_test.go | 5 years ago | |
auth_ldap_test.go | 5 years ago | |
benchmarks_test.go | 5 years ago | |
branches_test.go | 5 years ago | |
change_default_branch_test.go | 7 years ago | |
cors_test.go | 5 years ago | |
create_no_session_test.go | 5 years ago | |
delete_user_test.go | 6 years ago | |
download_test.go | 5 years ago | |
editor_test.go | 5 years ago | |
empty_repo_test.go | 6 years ago | |
explore_repos_test.go | 7 years ago | |
git_helper_for_declarative_test.go | 5 years ago | |
git_test.go | 5 years ago | |
gpg_git_test.go | 5 years ago | |
html_helper.go | 5 years ago | |
integration_test.go | 5 years ago | |
issue_test.go | 5 years ago | |
lfs_getobject_test.go | 5 years ago | |
links_test.go | 5 years ago | |
mssql.ini.tmpl | 5 years ago | |
mysql.ini.tmpl | 5 years ago | |
mysql8.ini.tmpl | 5 years ago | |
nonascii_branches_test.go | 6 years ago | |
oauth_test.go | 5 years ago | |
org_test.go | 5 years ago | |
pgsql.ini.tmpl | 5 years ago | |
pull_compare_test.go | 7 years ago | |
pull_create_test.go | 5 years ago | |
pull_merge_test.go | 5 years ago | |
pull_review_test.go | 5 years ago | |
pull_status_test.go | 5 years ago | |
release_test.go | 5 years ago | |
repo_activity_test.go | 5 years ago | |
repo_branch_test.go | 5 years ago | |
repo_commits_search_test.go | 5 years ago | |
repo_commits_test.go | 5 years ago | |
repo_fork_test.go | 7 years ago | |
repo_migrate_test.go | 7 years ago | |
repo_search_test.go | 5 years ago | |
repo_test.go | 5 years ago | |
repofiles_delete_test.go | 5 years ago | |
repofiles_update_test.go | 5 years ago | |
setting_test.go | 5 years ago | |
signin_test.go | 5 years ago | |
signout_test.go | 7 years ago | |
signup_test.go | 7 years ago | |
sqlite.ini | 5 years ago | |
ssh_key_test.go | 5 years ago | |
testlogger.go | 5 years ago | |
timetracking_test.go | 7 years ago | |
user_test.go | 5 years ago | |
version_test.go | 5 years ago | |
xss_test.go | 6 years ago |
README.md
Integrations tests
Integration tests can be run with make commands for the appropriate backends, namely:
make test-mysql
make test-pgsql
make test-sqlite
Make sure to perform a clean build before running tests:
make clean build
Run all tests via local drone
drone exec --local --build-event "pull_request"
Run sqlite integrations tests
Start tests
make test-sqlite
Run mysql integrations tests
Setup a mysql database inside docker
docker run -e "MYSQL_DATABASE=test" -e "MYSQL_ALLOW_EMPTY_PASSWORD=yes" -p 3306:3306 --rm --name mysql mysql:5.7 #(just ctrl-c to stop db and clean the container)
Start tests based on the database container
TEST_MYSQL_HOST=localhost:3306 TEST_MYSQL_DBNAME=test TEST_MYSQL_USERNAME=root TEST_MYSQL_PASSWORD='' make test-mysql
Run pgsql integrations tests
Setup a pgsql database inside docker
docker run -e "POSTGRES_DB=test" -p 5432:5432 --rm --name pgsql postgres:9.5 #(just ctrl-c to stop db and clean the container)
Start tests based on the database container
TEST_PGSQL_HOST=localhost:5432 TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql
Run mssql integrations tests
Setup a mssql database inside docker
docker run -e "ACCEPT_EULA=Y" -e "MSSQL_PID=Standard" -e "SA_PASSWORD=MwantsaSecurePassword1" -p 1433:1433 --rm --name mssql microsoft/mssql-server-linux:latest #(just ctrl-c to stop db and clean the container)
Start tests based on the database container
TEST_MSSQL_HOST=localhost:1433 TEST_MSSQL_DBNAME=gitea_test TEST_MSSQL_USERNAME=sa TEST_MSSQL_PASSWORD=MwantsaSecurePassword1 make test-mssql
Running individual tests
Example command to run GPG test:
For sqlite:
make test-sqlite#GPG
For other databases(replace MSSQL to MYSQL, MYSQL8, PGSQL):
TEST_MSSQL_HOST=localhost:1433 TEST_MSSQL_DBNAME=test TEST_MSSQL_USERNAME=sa TEST_MSSQL_PASSWORD=MwantsaSecurePassword1 make test-mssql#GPG