mirror of
https://github.com/go-gitea/gitea
synced 2025-07-26 04:08:35 +00:00
Improve instance wide ssh commit signing (#34341)
* Signed SSH commits can look in the UI like on GitHub, just like gpg keys today in Gitea * SSH format can be added in gitea config * SSH Signing worked before with DEFAULT_TRUST_MODEL=committer `TRUSTED_SSH_KEYS` can be a list of additional ssh public key contents to trust for every user of this instance Closes #34329 Related #31392 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
ChristopherHX
GitHub
@@ -971,7 +971,8 @@ func Routes() *web.Router {
|
||||
// Misc (public accessible)
|
||||
m.Group("", func() {
|
||||
m.Get("/version", misc.Version)
|
||||
m.Get("/signing-key.gpg", misc.SigningKey)
|
||||
m.Get("/signing-key.gpg", misc.SigningKeyGPG)
|
||||
m.Get("/signing-key.pub", misc.SigningKeySSH)
|
||||
m.Post("/markup", reqToken(), bind(api.MarkupOption{}), misc.Markup)
|
||||
m.Post("/markdown", reqToken(), bind(api.MarkdownOption{}), misc.Markdown)
|
||||
m.Post("/markdown/raw", reqToken(), misc.MarkdownRaw)
|
||||
@@ -1427,7 +1428,8 @@ func Routes() *web.Router {
|
||||
m.Combo("/file-contents", reqRepoReader(unit.TypeCode), context.ReferencesGitRepo()).
|
||||
Get(repo.GetFileContentsGet).
|
||||
Post(bind(api.GetFilesOptions{}), repo.GetFileContentsPost) // POST method requires "write" permission, so we also support "GET" method above
|
||||
m.Get("/signing-key.gpg", misc.SigningKey)
|
||||
m.Get("/signing-key.gpg", misc.SigningKeyGPG)
|
||||
m.Get("/signing-key.pub", misc.SigningKeySSH)
|
||||
m.Group("/topics", func() {
|
||||
m.Combo("").Get(repo.ListTopics).
|
||||
Put(reqToken(), reqAdmin(), bind(api.RepoTopicOptions{}), repo.UpdateTopics)
|
||||
|
||||
@@ -4,14 +4,35 @@
|
||||
package misc
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"code.gitea.io/gitea/modules/git"
|
||||
asymkey_service "code.gitea.io/gitea/services/asymkey"
|
||||
"code.gitea.io/gitea/services/context"
|
||||
)
|
||||
|
||||
// SigningKey returns the public key of the default signing key if it exists
|
||||
func SigningKey(ctx *context.APIContext) {
|
||||
func getSigningKey(ctx *context.APIContext, expectedFormat string) {
|
||||
// if the handler is in the repo's route group, get the repo's signing key
|
||||
// otherwise, get the global signing key
|
||||
path := ""
|
||||
if ctx.Repo != nil && ctx.Repo.Repository != nil {
|
||||
path = ctx.Repo.Repository.RepoPath()
|
||||
}
|
||||
content, format, err := asymkey_service.PublicSigningKey(ctx, path)
|
||||
if err != nil {
|
||||
ctx.APIErrorInternal(err)
|
||||
return
|
||||
}
|
||||
if format == "" {
|
||||
ctx.APIErrorNotFound("no signing key")
|
||||
return
|
||||
} else if format != expectedFormat {
|
||||
ctx.APIErrorNotFound("signing key format is " + format)
|
||||
return
|
||||
}
|
||||
_, _ = ctx.Write([]byte(content))
|
||||
}
|
||||
|
||||
// SigningKeyGPG returns the public key of the default signing key if it exists
|
||||
func SigningKeyGPG(ctx *context.APIContext) {
|
||||
// swagger:operation GET /signing-key.gpg miscellaneous getSigningKey
|
||||
// ---
|
||||
// summary: Get default signing-key.gpg
|
||||
@@ -44,19 +65,42 @@ func SigningKey(ctx *context.APIContext) {
|
||||
// description: "GPG armored public key"
|
||||
// schema:
|
||||
// type: string
|
||||
|
||||
path := ""
|
||||
if ctx.Repo != nil && ctx.Repo.Repository != nil {
|
||||
path = ctx.Repo.Repository.RepoPath()
|
||||
}
|
||||
|
||||
content, err := asymkey_service.PublicSigningKey(ctx, path)
|
||||
if err != nil {
|
||||
ctx.APIErrorInternal(err)
|
||||
return
|
||||
}
|
||||
_, err = ctx.Write([]byte(content))
|
||||
if err != nil {
|
||||
ctx.APIErrorInternal(fmt.Errorf("Error writing key content %w", err))
|
||||
}
|
||||
getSigningKey(ctx, git.SigningKeyFormatOpenPGP)
|
||||
}
|
||||
|
||||
// SigningKeySSH returns the public key of the default signing key if it exists
|
||||
func SigningKeySSH(ctx *context.APIContext) {
|
||||
// swagger:operation GET /signing-key.pub miscellaneous getSigningKeySSH
|
||||
// ---
|
||||
// summary: Get default signing-key.pub
|
||||
// produces:
|
||||
// - text/plain
|
||||
// responses:
|
||||
// "200":
|
||||
// description: "ssh public key"
|
||||
// schema:
|
||||
// type: string
|
||||
|
||||
// swagger:operation GET /repos/{owner}/{repo}/signing-key.pub repository repoSigningKeySSH
|
||||
// ---
|
||||
// summary: Get signing-key.pub for given repository
|
||||
// produces:
|
||||
// - text/plain
|
||||
// parameters:
|
||||
// - name: owner
|
||||
// in: path
|
||||
// description: owner of the repo
|
||||
// type: string
|
||||
// required: true
|
||||
// - name: repo
|
||||
// in: path
|
||||
// description: name of the repo
|
||||
// type: string
|
||||
// required: true
|
||||
// responses:
|
||||
// "200":
|
||||
// description: "ssh public key"
|
||||
// schema:
|
||||
// type: string
|
||||
getSigningKey(ctx, git.SigningKeyFormatSSH)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user