forgejo/integrations
zeripath fcb535c5c3
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631)
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.

## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
    - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
    - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
    - [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
    - app.ini configuration done
    - [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation

I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
2019-10-16 14:42:42 +01:00
..
gitea-repositories-meta
migration-test
api_admin_org_test.go
api_admin_test.go
api_branch_test.go
api_comment_test.go
api_fork_test.go
api_gpg_keys_test.go
api_helper_for_declarative_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
api_issue_label_test.go
api_issue_test.go
api_keys_test.go
api_org_test.go
api_pull_test.go Move change issue title from models to issue service package (#8456) 2019-10-11 14:44:43 +08:00
api_releases_test.go
api_repo_edit_test.go Api: advanced settings for repository (external wiki, issue tracker etc.) (#7756) 2019-10-02 17:30:41 +08:00
api_repo_file_create_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
api_repo_file_delete_test.go
api_repo_file_helpers.go
api_repo_file_update_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
api_repo_get_contents_list_test.go
api_repo_get_contents_test.go
api_repo_git_blobs_test.go
api_repo_git_commits_test.go
api_repo_git_hook_test.go
api_repo_git_ref_test.go
api_repo_git_tags_test.go
api_repo_git_trees_test.go
api_repo_lfs_locks_test.go Fix lfs locks (#8361) 2019-10-03 09:56:26 +02:00
api_repo_raw_test.go
api_repo_tags_test.go
api_repo_test.go
api_repo_topic_test.go
api_team_test.go API endpoint for searching teams. (#8108) 2019-10-01 13:32:28 +08:00
api_team_user_test.go Fix team user api (#8172) 2019-09-15 20:22:02 +08:00
api_token_test.go
api_user_heatmap_test.go
api_user_orgs_test.go
api_user_search_test.go
auth_ldap_test.go
benchmarks_test.go
branches_test.go
change_default_branch_test.go
cors_test.go
create_no_session_test.go
delete_user_test.go
download_test.go
editor_test.go
empty_repo_test.go
explore_repos_test.go
git_helper_for_declarative_test.go Restore functionality for early gits (#7775) 2019-10-12 08:13:27 +08:00
git_test.go Restore functionality for early gits (#7775) 2019-10-12 08:13:27 +08:00
gpg_git_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
html_helper.go
integration_test.go Improve integration tests (#8276) 2019-09-25 14:13:18 +02:00
issue_test.go Rewrite reference processing code in preparation for opening/closing from comment references (#8261) 2019-10-13 23:29:10 +01:00
lfs_getobject_test.go Restore functionality for early gits (#7775) 2019-10-12 08:13:27 +08:00
links_test.go
mssql.ini.tmpl Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
mysql.ini.tmpl Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
mysql8.ini.tmpl Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
nonascii_branches_test.go
oauth_test.go
org_test.go
pgsql.ini.tmpl Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
pull_compare_test.go
pull_create_test.go
pull_merge_test.go
pull_review_test.go
pull_status_test.go
README.md Improve integration tests (#8276) 2019-09-25 14:13:18 +02:00
README_ZH.md Improve integration tests (#8276) 2019-09-25 14:13:18 +02:00
release_test.go
repo_activity_test.go
repo_branch_test.go
repo_commits_search_test.go
repo_commits_test.go
repo_fork_test.go
repo_migrate_test.go
repo_search_test.go
repo_test.go
repofiles_delete_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
repofiles_update_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
setting_test.go
signin_test.go
signout_test.go
signup_test.go
sqlite.ini Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
ssh_key_test.go
testlogger.go Fix data race (#8204) 2019-09-17 12:39:37 +03:00
timetracking_test.go
user_test.go Test more reserved usernames (#8263) 2019-09-24 13:12:56 -04:00
version_test.go
xss_test.go

Integrations tests

Integration tests can be run with make commands for the appropriate backends, namely:

make test-mysql
make test-pgsql
make test-sqlite

Make sure to perform a clean build before running tests:

make clean build

Run all tests via local drone

drone exec --local --build-event "pull_request"

Run sqlite integrations tests

Start tests

make test-sqlite

Run mysql integrations tests

Setup a mysql database inside docker

docker run -e "MYSQL_DATABASE=test" -e "MYSQL_ALLOW_EMPTY_PASSWORD=yes" -p 3306:3306 --rm --name mysql mysql:5.7 #(just ctrl-c to stop db and clean the container) 

Start tests based on the database container

TEST_MYSQL_HOST=localhost:3306 TEST_MYSQL_DBNAME=test TEST_MYSQL_USERNAME=root TEST_MYSQL_PASSWORD='' make test-mysql

Run pgsql integrations tests

Setup a pgsql database inside docker

docker run -e "POSTGRES_DB=test" -p 5432:5432 --rm --name pgsql postgres:9.5 #(just ctrl-c to stop db and clean the container) 

Start tests based on the database container

TEST_PGSQL_HOST=localhost:5432 TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql

Run mssql integrations tests

Setup a mssql database inside docker

docker run -e "ACCEPT_EULA=Y" -e "MSSQL_PID=Standard" -e "SA_PASSWORD=MwantsaSecurePassword1" -p 1433:1433 --rm --name mssql microsoft/mssql-server-linux:latest #(just ctrl-c to stop db and clean the container) 

Start tests based on the database container

TEST_MSSQL_HOST=localhost:1433 TEST_MSSQL_DBNAME=gitea_test TEST_MSSQL_USERNAME=sa TEST_MSSQL_PASSWORD=MwantsaSecurePassword1 make test-mssql

Running individual tests

Example command to run GPG test:

For sqlite:

make test-sqlite#GPG

For other databases(replace MSSQL to MYSQL, MYSQL8, PGSQL):

TEST_MSSQL_HOST=localhost:1433 TEST_MSSQL_DBNAME=test TEST_MSSQL_USERNAME=sa TEST_MSSQL_PASSWORD=MwantsaSecurePassword1 make test-mssql#GPG