Fixes#12338
This allows use to talk to the API with our ssh certificate (and/or ssh-agent) without needing to fetch an API key or tokens.
It will just automatically work when users have added their ssh principal in gitea.
This needs client code in tea
Update: also support normal pubkeys
ref: https://tools.ietf.org/html/draft-cavage-http-signatures
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure git tag tests and other create test repos in tmpdir
There are a few places where tests appear to reuse testing repos which
causes random CI failures.
This PR simply changes these tests to ensure that cloning always happens
into new temporary directories.
Fix#18444
* Change log root for integration tests to use the REPO_TEST_DIR
There is a potential race in the drone integration tests whereby test-mysql etc
will start writing to log files causing make test-check fail.
Fix#18077
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Switch to non-deprecation setting
(Avoid by-default: "Deprecated fallback `[server]` `LFS_CONTENT_PATH` present. Use `[lfs]` `PATH` instead. This fallback will be removed in v1.18.0")
* Update all references
* Second attempt at preventing zombies
* Ensure that the pipes are closed in ssh.go
* Ensure that a cancellable context is passed up in cmd/* http requests
* Make cmd.fail return properly so defers are obeyed
* Ensure that something is sent to stdout in case of blocks here
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate lint
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate lint 2
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate lint 3
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fixup
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Apply suggestions from code review
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Add register manual confirm settings option
The new settings option is used when manually approving new
registrations.
* Enable manual confirmation of new registered user
When manual registration confirmation is desired (by default `false`)
create new user in the database that is *not active*. The user must then
be activated manually.
This change speeds up the process of adding new confirmed users for
Gitea instances without external auth mechanism. (Currently the option
is to manually create new user by admin.)
* Update docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix test
* Add no queue for test only
* improve code
* Auto watch whatever branch operation
* Fix lint
* Rename noqueue to immediate
* Remove old PushUpdate function
* Fix tests
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Some integration test data is being put outside of the integration test folders which means it isn't deleted properly with make clean. Update config so it works as expected.
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add option to use /tmp for test repositories
* Fix exit status
* Add feedback about using tmp repos
Co-authored-by: Guillermo Prandi <guillep2k@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This PR fixes#7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.
## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
- [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
- Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
- [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
- app.ini configuration done
- [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation
I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
resolves git conflicts from #3896 (credit to @belak, in case github doesn't keep original author during squash)
Co-Authored-By: Matti Ranta <techknowlogick@gitea.io>
* Rename BaseLogger to WriterLogger to help the creation of other providers
* Don't export ColorBytes and ResetBytes from ColoredValues
* Make integration tests only print logs if they fail
* check can color before coloring
* I always forget about MSSQL
* Oh and use LEVEL in sqlite.ini
* Make the test logger log at info - as it means you see the router
* Remove empty expected changes
* Make the migrations quieter too
* Don't display SQL on error - it can be looked at in the file logs if necessary
* Fix skip when using onGiteaRun
* Create log mailer for testing email settings
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Switch on the log mailer for the integration tests
This ensures that the sending mail process works
Signed-off-by: Andrew Thornton <art27@cantab.net>
* rename the from user for mysql/mssql
* rename log sender to dummy sender
* update the integration tests
* Pooled and buffered gzip implementation
* Add test for gzip
* Add integration test
* Ensure lfs check within transaction
The previous code made it possible for a race condition to occur whereby a LFSMetaObject could be checked into the database twice. We should check if the LFSMetaObject is within the database and insert it if not in one transaction.
* Try to avoid primary key problem in postgres
The integration tests are being affected by
https://github.com/go-testfixtures/testfixtures/issues/39 if we set the
primary key high enough, keep a count of this and remove at the end of
each test we shouldn't be affected by this.
* test: integration add git cli tests
Extracted form for easing review process and debug #3152
* test: integration add git cli big file commit
* fix: Don't rewrite key if internal server
* Implement routes
* move to api/sdk and create model
* Implement add + list
* List return 200 empty list no 404
* Add verify lfs lock api
* Add delete and start implementing auth control
* Revert to code.gitea.io/sdk/gitea vendor
* Apply needed check for all lfs locks route
* Add simple tests
* fix lint
* Improve tests
* Add delete test + fix
* Add lfs ascii header
* Various fixes from review + remove useless code + add more corner case testing
* Remove repo link since only id is needed.
Save a little of memory and cpu time.
* Improve tests
* Use TEXT column format for path + test
* fix mispell
* Use NewRequestWithJSON for POST tests
* Clean path
* Improve DB format
* Revert uniquess repoid+path
* (Re)-setup uniqueness + max path length
* Fixed TEXT in place of VARCHAR
* Settle back to maximum VARCHAR(3072)
* Let place for repoid in key
* Let place for repoid in key
* Let place for repoid in key
* Revert back
Wim
Lunny Xiao
zeripath
Gusted
KN4CK3R
Jiri Vlasak
techknowlogick
mrsdizzie
guillep2k
Antoine GIRARD
Lauris BH
Ethan Koenig
Thomas Boerger
Ethan Koenig