mirror of
https://github.com/go-gitea/gitea.git
synced 2025-12-16 05:20:14 +01:00
26602fd207
Per-repository signing keys have never been officially supported, as they would require users to modify the repository’s config file. At this point, it is clear that only global signing keys (GPG or SSH) should be allowed. If we want to introduce per-repository signing keys in the future, it will require a complete design proposal. The endpoint will not be removed for repository special signing key, but it will reference the global signing key. --------- Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: delvh <dev.lh@web.de>
78 lines
2.6 KiB
Go
78 lines
2.6 KiB
Go
// Copyright 2025 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package git
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
|
|
"code.gitea.io/gitea/modules/git/gitcmd"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
)
|
|
|
|
// Based on https://git-scm.com/docs/git-config#Documentation/git-config.txt-gpgformat
|
|
const (
|
|
SigningKeyFormatOpenPGP = "openpgp" // for GPG keys, the expected default of git cli
|
|
SigningKeyFormatSSH = "ssh"
|
|
)
|
|
|
|
// SigningKey represents an instance key info which will be used to sign git commits.
|
|
// FIXME: need to refactor it to a new name, this name conflicts with the variable names for "asymkey.GPGKey" in many places.
|
|
type SigningKey struct {
|
|
KeyID string
|
|
Format string
|
|
}
|
|
|
|
func (s *SigningKey) String() string {
|
|
// Do not expose KeyID
|
|
// In case the key is a file path and the struct is rendered in a template, then the server path will be exposed.
|
|
setting.PanicInDevOrTesting("don't call SigningKey.String() - it exposes the KeyID which might be a local file path")
|
|
return "SigningKey:" + s.Format
|
|
}
|
|
|
|
// GetSigningKey returns the KeyID and git Signature for the repo
|
|
func GetSigningKey(ctx context.Context) (*SigningKey, *Signature) {
|
|
if setting.Repository.Signing.SigningKey == "none" {
|
|
return nil, nil
|
|
}
|
|
|
|
if setting.Repository.Signing.SigningKey == "default" || setting.Repository.Signing.SigningKey == "" {
|
|
// Can ignore the error here as it means that commit.gpgsign is not set
|
|
value, _, _ := gitcmd.NewCommand("config", "--global", "--get", "commit.gpgsign").RunStdString(ctx)
|
|
sign, valid := ParseBool(strings.TrimSpace(value))
|
|
if !sign || !valid {
|
|
return nil, nil
|
|
}
|
|
|
|
format, _, _ := gitcmd.NewCommand("config", "--global", "--default", SigningKeyFormatOpenPGP, "--get", "gpg.format").RunStdString(ctx)
|
|
signingKey, _, _ := gitcmd.NewCommand("config", "--global", "--get", "user.signingkey").RunStdString(ctx)
|
|
signingName, _, _ := gitcmd.NewCommand("config", "--global", "--get", "user.name").RunStdString(ctx)
|
|
signingEmail, _, _ := gitcmd.NewCommand("config", "--global", "--get", "user.email").RunStdString(ctx)
|
|
|
|
if strings.TrimSpace(signingKey) == "" {
|
|
return nil, nil
|
|
}
|
|
|
|
return &SigningKey{
|
|
KeyID: strings.TrimSpace(signingKey),
|
|
Format: strings.TrimSpace(format),
|
|
}, &Signature{
|
|
Name: strings.TrimSpace(signingName),
|
|
Email: strings.TrimSpace(signingEmail),
|
|
}
|
|
}
|
|
|
|
if setting.Repository.Signing.SigningKey == "" {
|
|
return nil, nil
|
|
}
|
|
|
|
return &SigningKey{
|
|
KeyID: setting.Repository.Signing.SigningKey,
|
|
Format: setting.Repository.Signing.SigningFormat,
|
|
}, &Signature{
|
|
Name: setting.Repository.Signing.SigningName,
|
|
Email: setting.Repository.Signing.SigningEmail,
|
|
}
|
|
}
|