mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-25 01:24:13 +02:00 
			
		
		
		
	* Signed SSH commits can look in the UI like on GitHub, just like gpg keys today in Gitea * SSH format can be added in gitea config * SSH Signing worked before with DEFAULT_TRUST_MODEL=committer `TRUSTED_SSH_KEYS` can be a list of additional ssh public key contents to trust for every user of this instance Closes #34329 Related #31392 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
		
			
				
	
	
		
			71 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			71 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2015 The Gogs Authors. All rights reserved.
 | |
| // Copyright 2017 The Gitea Authors. All rights reserved.
 | |
| // SPDX-License-Identifier: MIT
 | |
| 
 | |
| package git
 | |
| 
 | |
| import (
 | |
| 	"fmt"
 | |
| 	"os"
 | |
| 	"strings"
 | |
| 
 | |
| 	"code.gitea.io/gitea/modules/process"
 | |
| )
 | |
| 
 | |
| // LoadPublicKeyContent will load the key from gpg
 | |
| func (gpgSettings *GPGSettings) LoadPublicKeyContent() error {
 | |
| 	if gpgSettings.Format == SigningKeyFormatSSH {
 | |
| 		content, err := os.ReadFile(gpgSettings.KeyID)
 | |
| 		if err != nil {
 | |
| 			return fmt.Errorf("unable to read SSH public key file: %s, %w", gpgSettings.KeyID, err)
 | |
| 		}
 | |
| 		gpgSettings.PublicKeyContent = string(content)
 | |
| 		return nil
 | |
| 	}
 | |
| 	content, stderr, err := process.GetManager().Exec(
 | |
| 		"gpg -a --export",
 | |
| 		"gpg", "-a", "--export", gpgSettings.KeyID)
 | |
| 	if err != nil {
 | |
| 		return fmt.Errorf("unable to get default signing key: %s, %s, %w", gpgSettings.KeyID, stderr, err)
 | |
| 	}
 | |
| 	gpgSettings.PublicKeyContent = content
 | |
| 	return nil
 | |
| }
 | |
| 
 | |
| // GetDefaultPublicGPGKey will return and cache the default public GPG settings for this repository
 | |
| func (repo *Repository) GetDefaultPublicGPGKey(forceUpdate bool) (*GPGSettings, error) {
 | |
| 	if repo.gpgSettings != nil && !forceUpdate {
 | |
| 		return repo.gpgSettings, nil
 | |
| 	}
 | |
| 
 | |
| 	gpgSettings := &GPGSettings{
 | |
| 		Sign: true,
 | |
| 	}
 | |
| 
 | |
| 	value, _, _ := NewCommand("config", "--get", "commit.gpgsign").RunStdString(repo.Ctx, &RunOpts{Dir: repo.Path})
 | |
| 	sign, valid := ParseBool(strings.TrimSpace(value))
 | |
| 	if !sign || !valid {
 | |
| 		gpgSettings.Sign = false
 | |
| 		repo.gpgSettings = gpgSettings
 | |
| 		return gpgSettings, nil
 | |
| 	}
 | |
| 
 | |
| 	signingKey, _, _ := NewCommand("config", "--get", "user.signingkey").RunStdString(repo.Ctx, &RunOpts{Dir: repo.Path})
 | |
| 	gpgSettings.KeyID = strings.TrimSpace(signingKey)
 | |
| 
 | |
| 	format, _, _ := NewCommand("config", "--default", SigningKeyFormatOpenPGP, "--get", "gpg.format").RunStdString(repo.Ctx, &RunOpts{Dir: repo.Path})
 | |
| 	gpgSettings.Format = strings.TrimSpace(format)
 | |
| 
 | |
| 	defaultEmail, _, _ := NewCommand("config", "--get", "user.email").RunStdString(repo.Ctx, &RunOpts{Dir: repo.Path})
 | |
| 	gpgSettings.Email = strings.TrimSpace(defaultEmail)
 | |
| 
 | |
| 	defaultName, _, _ := NewCommand("config", "--get", "user.name").RunStdString(repo.Ctx, &RunOpts{Dir: repo.Path})
 | |
| 	gpgSettings.Name = strings.TrimSpace(defaultName)
 | |
| 
 | |
| 	if err := gpgSettings.LoadPublicKeyContent(); err != nil {
 | |
| 		return nil, err
 | |
| 	}
 | |
| 	repo.gpgSettings = gpgSettings
 | |
| 	return repo.gpgSettings, nil
 | |
| }
 |