forked from gitea/gitea
1
0
Fork 0
gitea/integrations
zeripath fcb535c5c3
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631)
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.

## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
    - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
    - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
    - [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
    - app.ini configuration done
    - [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation

I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
2019-10-16 14:42:42 +01:00
..
gitea-repositories-meta Restrict repository indexing by glob match (#7767) 2019-09-11 20:26:28 +03:00
migration-test Move database settings from models to setting (#7806) 2019-08-24 11:24:45 +02:00
README.md Improve integration tests (#8276) 2019-09-25 14:13:18 +02:00
README_ZH.md Improve integration tests (#8276) 2019-09-25 14:13:18 +02:00
api_admin_org_test.go Fixes #7023 - API Org Visibility (#7028) 2019-05-30 13:57:55 -04:00
api_admin_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_branch_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_comment_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_fork_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_gpg_keys_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_helper_for_declarative_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
api_issue_label_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_issue_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_keys_test.go Use gitea forked macaron (#7933) 2019-08-23 12:40:29 -04:00
api_org_test.go Fixes #7023 - API Org Visibility (#7028) 2019-05-30 13:57:55 -04:00
api_pull_test.go Move change issue title from models to issue service package (#8456) 2019-10-11 14:44:43 +08:00
api_releases_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_repo_edit_test.go Api: advanced settings for repository (external wiki, issue tracker etc.) (#7756) 2019-10-02 17:30:41 +08:00
api_repo_file_create_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
api_repo_file_delete_test.go Fixes #7152 - Allow create/update/delete message to be empty, use default message (#7324) 2019-06-29 16:19:24 +01:00
api_repo_file_helpers.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_repo_file_update_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
api_repo_get_contents_list_test.go Fixes #7292 - API File Contents bug (#7301) 2019-06-29 16:51:10 -04:00
api_repo_get_contents_test.go Fixes #7292 - API File Contents bug (#7301) 2019-06-29 16:51:10 -04:00
api_repo_git_blobs_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_repo_git_commits_test.go API method to list all commits of a repository (#6408) 2019-08-26 16:09:10 +02:00
api_repo_git_hook_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_repo_git_ref_test.go Implement git refs API for listing references (branches, tags and other) (#5354) 2018-11-27 16:52:20 -05:00
api_repo_git_tags_test.go Fixes #2738 - Adds the /git/tags API endpoint (#7138) 2019-06-08 17:31:11 +03:00
api_repo_git_trees_test.go Fixes 4762 - Content API for Creating, Updating, Deleting Files (#6314) 2019-04-17 12:06:35 -04:00
api_repo_lfs_locks_test.go Fix lfs locks (#8361) 2019-10-03 09:56:26 +02:00
api_repo_raw_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_repo_tags_test.go Fixes #2738 - Adds the /git/tags API endpoint (#7138) 2019-06-08 17:31:11 +03:00
api_repo_test.go Restrict repository indexing by glob match (#7767) 2019-09-11 20:26:28 +03:00
api_repo_topic_test.go Add API endpoint for accessing repo topics (#7963) 2019-09-03 23:46:24 +08:00
api_team_test.go API endpoint for searching teams. (#8108) 2019-10-01 13:32:28 +08:00
api_team_user_test.go Fix team user api (#8172) 2019-09-15 20:22:02 +08:00
api_token_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
api_user_heatmap_test.go Use gitea forked macaron (#7933) 2019-08-23 12:40:29 -04:00
api_user_orgs_test.go Fixes #7023 - API Org Visibility (#7028) 2019-05-30 13:57:55 -04:00
api_user_search_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
auth_ldap_test.go Use gitea forked macaron (#7933) 2019-08-23 12:40:29 -04:00
benchmarks_test.go Move sdk structs to modules/structs (#6905) 2019-05-11 18:21:34 +08:00
branches_test.go Use gitea forked macaron (#7933) 2019-08-23 12:40:29 -04:00
change_default_branch_test.go Less verbose integration tests (#2123) 2017-07-07 21:36:47 +02:00
cors_test.go Handle CORS requests (#6289) 2019-05-13 11:38:53 -04:00
create_no_session_test.go Use gitea forked macaron (#7933) 2019-08-23 12:40:29 -04:00
delete_user_test.go Refactor User Settings (#3900) 2018-05-15 13:07:32 +03:00
download_test.go Allow markdown files to read from the LFS (#5787) 2019-02-12 15:09:43 +00:00
editor_test.go Add golangci (#6418) 2019-06-12 15:41:28 -04:00
empty_repo_test.go Refactor repo.isBare to repo.isEmpty #5629 (#5714) 2019-01-17 19:01:04 -05:00
explore_repos_test.go fix template error on explore repos (#2319) 2017-08-17 15:20:21 +03:00
git_helper_for_declarative_test.go Restore functionality for early gits (#7775) 2019-10-12 08:13:27 +08:00
git_test.go Restore functionality for early gits (#7775) 2019-10-12 08:13:27 +08:00
gpg_git_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
html_helper.go integration tests: Use t.Helper() (#7654) 2019-07-29 12:15:18 +08:00
integration_test.go Improve integration tests (#8276) 2019-09-25 14:13:18 +02:00
issue_test.go Rewrite reference processing code in preparation for opening/closing from comment references (#8261) 2019-10-13 23:29:10 +01:00
lfs_getobject_test.go Restore functionality for early gits (#7775) 2019-10-12 08:13:27 +08:00
links_test.go refactor: append, build variable and type switch (#4940) 2019-05-28 23:45:54 +08:00
mssql.ini.tmpl Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
mysql.ini.tmpl Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
mysql8.ini.tmpl Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
nonascii_branches_test.go Fix redirect with non-ascii branch names (#4764) (#4810) 2018-09-06 21:37:02 -04:00
oauth_test.go Add json tags for oauth2 form (#6627) 2019-04-15 11:54:50 -04:00
org_test.go Allow collaborators to view repo owned private org (#6965) 2019-05-16 11:48:40 -04:00
pgsql.ini.tmpl Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
pull_compare_test.go Responsive view (#2750) 2017-12-30 18:47:52 -06:00
pull_create_test.go Make CI work (#8057) 2019-09-02 15:12:29 -04:00
pull_merge_test.go Use gitea forked macaron (#7933) 2019-08-23 12:40:29 -04:00
pull_review_test.go fix 500 when reviewer is deleted with integration tests (#6856) 2019-05-06 20:09:31 +08:00
pull_status_test.go Fix pull creation with empty changes (#7920) 2019-08-20 13:43:00 -04:00
release_test.go Use gitea forked macaron (#7933) 2019-08-23 12:40:29 -04:00
repo_activity_test.go Remove local clones & make hooks run on merge/edit/upload (#6672) 2019-05-11 11:29:17 -04:00
repo_branch_test.go Use gitea forked macaron (#7933) 2019-08-23 12:40:29 -04:00
repo_commits_search_test.go Search Commits via Commit Hash (#7400) 2019-09-02 19:38:04 -04:00
repo_commits_test.go api: fix multiple bugs with statuses endpoints (#7785) 2019-08-09 10:13:03 +08:00
repo_fork_test.go Use httptest in integration tests (#3080) 2017-12-04 00:46:01 +02:00
repo_migrate_test.go Add more bench (#3161) 2017-12-24 02:33:34 +02:00
repo_search_test.go Restrict repository indexing by glob match (#7767) 2019-09-11 20:26:28 +03:00
repo_test.go switch to use gliderlabs/ssh for builtin server (#7250) 2019-07-06 21:28:09 -04:00
repofiles_delete_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
repofiles_update_test.go Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
setting_test.go Show email if the authenticated user owns the profile page being requested for (#4981) 2019-02-19 09:11:50 -05:00
signin_test.go Use gitea forked macaron (#7933) 2019-08-23 12:40:29 -04:00
signout_test.go Add integration test for logging out (#2892) 2017-11-11 23:29:07 -06:00
signup_test.go Less verbose integration tests (#2123) 2017-07-07 21:36:47 +02:00
sqlite.ini Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) 2019-10-16 14:42:42 +01:00
ssh_key_test.go Use gitea forked macaron (#7933) 2019-08-23 12:40:29 -04:00
testlogger.go Fix data race (#8204) 2019-09-17 12:39:37 +03:00
timetracking_test.go Unit tests for routers/repo/issue_label (#3198) 2017-12-15 23:11:02 +02:00
user_test.go Test more reserved usernames (#8263) 2019-09-24 13:12:56 -04:00
version_test.go Removed unnecessary conversions (#7557) 2019-07-23 19:50:39 +01:00
xss_test.go Added user language setting (#3875) 2018-05-05 08:28:30 +08:00

README.md

Integrations tests

Integration tests can be run with make commands for the appropriate backends, namely:

make test-mysql
make test-pgsql
make test-sqlite

Make sure to perform a clean build before running tests:

make clean build

Run all tests via local drone

drone exec --local --build-event "pull_request"

Run sqlite integrations tests

Start tests

make test-sqlite

Run mysql integrations tests

Setup a mysql database inside docker

docker run -e "MYSQL_DATABASE=test" -e "MYSQL_ALLOW_EMPTY_PASSWORD=yes" -p 3306:3306 --rm --name mysql mysql:5.7 #(just ctrl-c to stop db and clean the container) 

Start tests based on the database container

TEST_MYSQL_HOST=localhost:3306 TEST_MYSQL_DBNAME=test TEST_MYSQL_USERNAME=root TEST_MYSQL_PASSWORD='' make test-mysql

Run pgsql integrations tests

Setup a pgsql database inside docker

docker run -e "POSTGRES_DB=test" -p 5432:5432 --rm --name pgsql postgres:9.5 #(just ctrl-c to stop db and clean the container) 

Start tests based on the database container

TEST_PGSQL_HOST=localhost:5432 TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql

Run mssql integrations tests

Setup a mssql database inside docker

docker run -e "ACCEPT_EULA=Y" -e "MSSQL_PID=Standard" -e "SA_PASSWORD=MwantsaSecurePassword1" -p 1433:1433 --rm --name mssql microsoft/mssql-server-linux:latest #(just ctrl-c to stop db and clean the container) 

Start tests based on the database container

TEST_MSSQL_HOST=localhost:1433 TEST_MSSQL_DBNAME=gitea_test TEST_MSSQL_USERNAME=sa TEST_MSSQL_PASSWORD=MwantsaSecurePassword1 make test-mssql

Running individual tests

Example command to run GPG test:

For sqlite:

make test-sqlite#GPG

For other databases(replace MSSQL to MYSQL, MYSQL8, PGSQL):

TEST_MSSQL_HOST=localhost:1433 TEST_MSSQL_DBNAME=test TEST_MSSQL_USERNAME=sa TEST_MSSQL_PASSWORD=MwantsaSecurePassword1 make test-mssql#GPG