Skip to content

Improve instance wide ssh commit signing #34341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

Conversation

ChristopherHX
Copy link
Contributor

@ChristopherHX ChristopherHX commented May 2, 2025

  • Signed SSH commits can look in the UI like on GitHub, just like gpg keys today in Gitea
  • No user account of the SIGNING_EMAIL required anymore to get the verified badge
  • SSH format can be added in gitea config
  • No gitconfig changes needed
  • Set gpg.format git key for signing command
  • Previously only the default gpg key had global trust in Gitea
    • SSH Signing worked before with DEFAULT_TRUST_MODEL=committer, but not with model default and manually changing the .gitconfig

e.g. the following is all needed after ssh-keygen, no trouble with installing and setting up gpg or hacking around a hidden .gitconfig for ssh key usage

[repository.signing]
SIGNING_KEY = /data/id_ed25519.pub
SIGNING_NAME = Gitea
SIGNING_EMAIL = [email protected]
SIGNING_FORMAT = ssh
INITIAL_COMMIT = always
CRUD_ACTIONS = always
WIKI = always
MERGES = always

Where /data/id_ed25519 is the private key.

TRUSTED_SSH_KEYS can be a list of additional ssh public key contents to trust for every user of this instance

Closes #34329
Related #31392

* Signed SSH commits can look like on GitHub
* No user account of the committer needed
* SSH format can be added in gitea config
* No gitconfig changes needed
* Set gpg.format git key for signing command
* Previously only the default gpg key had global trust in Gitea
  * SSH Signing worked before with DEFAULT_TRUST_MODEL=committer, but not with model default and manually changing the .gitconfig

e.g. the following is all needed
```
[repository.signing]
SIGNING_KEY = /data/id_ed25519.pub
SIGNING_NAME = Gitea
SIGNING_EMAIL = [email protected]
SIGNING_FORMAT = ssh
INITIAL_COMMIT = always
CRUD_ACTIONS = always
WIKI = always
MERGES = always
```

`TRUSTED_SSH_KEYS` can be a list of additional ssh public keys to trust for every user of this instance
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 2, 2025
@github-actions github-actions bot added modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code labels May 2, 2025
@ChristopherHX
Copy link
Contributor Author

ChristopherHX commented May 2, 2025

What do you think @brtwrst about this?

Except of an absent automatic setup this should now be even easier, by just editing a single file.

I found out that gpg supported global key verification for all users, but ssh not, this PR aims to change that.

No I have no idea how to write tests for this

@brtwrst
Copy link

brtwrst commented May 2, 2025

That looks awesome. Makes it super simple to set up and the TRUSTED_SSH_KEYS allows for "key rotation" without losing the green checkmark on older commits. How should TRUSTED_SSH_KEYS look in the app.ini?
Like this?
TRUSTED_SSH_KEYS="ssh-ed25519 AAAA... user1@hostname", "ssh-ed25519 AAAA... user2@hostname"
Or should it be a path to a file that includes the trusted public keys?

@ChristopherHX
Copy link
Contributor Author

I tested this like this TRUSTED_SSH_KEYS = ssh-ed25519 AAAA... and should support comma like other array like ini options.

Since the ssh keys are so simple idk if a double quote are even needed / supported.

File paths are not supported in this PR for this list.

@brtwrst
Copy link

brtwrst commented May 2, 2025

Ok, can't wait for this to make it in :)

Thank you for your work.

@lunny lunny added this to the 1.25.0 milestone May 3, 2025
@lunny lunny added the type/enhancement An improvement of existing functionality label May 3, 2025
@lunny
Copy link
Member

lunny commented May 11, 2025

app.example.ini needs to be updated.

@github-actions github-actions bot added the docs-update-needed The document needs to be updated synchronously label May 11, 2025
@wxiaoguang wxiaoguang self-assigned this Jun 7, 2025
@wxiaoguang wxiaoguang marked this pull request as draft June 10, 2025 17:43
@wxiaoguang
Copy link
Contributor

Made some changes in c771cd6 and reverted unnecessary test changes.

I have some new questions and left some FIXMEs in code.

@wxiaoguang wxiaoguang removed their assignment Jun 10, 2025
@wxiaoguang
Copy link
Contributor

I made some new changes and added some comments, does it look good to you? If it looks good, let's merge ~

@wxiaoguang wxiaoguang marked this pull request as ready for review June 11, 2025 09:56
@ChristopherHX
Copy link
Contributor Author

Looks good for me now, updated the default openpgp value reference with your rename and removed the lint error

@wxiaoguang wxiaoguang enabled auto-merge (squash) June 11, 2025 10:07
@wxiaoguang wxiaoguang added type/feature Completely new functionality. Can only be merged if feature freeze is not active. and removed type/enhancement An improvement of existing functionality labels Jun 11, 2025
@wxiaoguang wxiaoguang merged commit c9505a2 into go-gitea:main Jun 11, 2025
26 checks passed
zjjhot added a commit to zjjhot/gitea that referenced this pull request Jun 13, 2025
* giteaofficial/main:
  [skip ci] Updated translations via Crowdin
  Improve the performance when detecting the file editable (go-gitea#34653)
  Fix various problems (go-gitea#34708)
  Refactor embedded assets and drop unnecessary dependencies (go-gitea#34692)
  Bump minimum go version to 1.24.4 (go-gitea#34699)
  Update JS deps (go-gitea#34701)
  Fix markdown wrap (go-gitea#34697)
  [skip ci] Updated translations via Crowdin
  frontport changelog (go-gitea#34689)
  Improve instance wide ssh commit signing (go-gitea#34341)
DennisRasey pushed a commit to DennisRasey/forgejo that referenced this pull request Jun 17, 2025
## Checklist

- [x] go to the last cherry-pick PR (forgejo/forgejo#8040) to figure out how far it went: [gitea@d5bbaee64e](go-gitea/gitea@d5bbaee)
- [x] cherry-pick and open PR (forgejo/forgejo#8198)
- [ ] have the PR pass the CI
- end-to-end (specially important if there are actions related changes)
  - [ ] add `run-end-to-end` label
  - [ ] check the result
- [ ] write release notes
- [ ] assign reviewers
- [ ] 48h later, last call
- merge 1 hour after the last call

## Legend

- ❓ - No decision about the commit has been made.
- 🍒 - The commit has been cherry picked.
- ⏩ - The commit has been skipped.
- 💡 - The commit has been skipped, but should be ported to Forgejo.
- ✍️ - The commit has been skipped, and a port to Forgejo already exists.

## Commits

- 🍒 [`gitea`](go-gitea/gitea@17cfae8) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/6397da88d30de0a470dabadb8e27fbb202d75458) Hide href attribute of a tag if there is no target_url ([gitea#34556](go-gitea/gitea#34556))
- 🍒 [`gitea`](go-gitea/gitea@b408bf2) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/46bc899d57515fc5349e9113e92da2e4b0d93c75) Fix: skip paths check on tag push events in workflows ([gitea#34602](go-gitea/gitea#34602))
- 🍒 [`gitea`](go-gitea/gitea@9165ea8) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/04332f31bfd8a1c0e8676e4764d44e087f1ccc30) Only activity tab needs heatmap data loading ([gitea#34652](go-gitea/gitea#34652))
- 🍒 [`gitea`](go-gitea/gitea@3f7dbbd) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/2a9019fd0491684cdeab6d50a16e5cffaef5508b) Small fix in Pull Requests page ([gitea#34612](go-gitea/gitea#34612))
- 🍒 [`gitea`](go-gitea/gitea@497b83b) -> [`forgejo`](https://codeberg.org/forgejo/forgejo/commit/9a83cc7bad79fe79447bf6e3cb3144292f922ebb) Fix migration pull request title too long ([gitea#34577](go-gitea/gitea#34577))

## TODO

- 💡 [`gitea`](go-gitea/gitea@6b8b580) Refactor container and UI ([gitea#34736](go-gitea/gitea#34736))
  Packages: Fix for container, needs careful merge.
------
- 💡 [`gitea`](go-gitea/gitea@bbee652) Prevent duplicate form submissions when creating forks ([gitea#34714](go-gitea/gitea#34714))
  Fork: Fix, needs careful merge.
------
- 💡 [`gitea`](go-gitea/gitea@d21ce9f) Improve the performance when detecting the file editable ([gitea#34653](go-gitea/gitea#34653))
  LFS: Performance improvement - needs careful merge.
------
- 💡 [`gitea`](go-gitea/gitea@8fed27b) Fix various problems ([gitea#34708](go-gitea/gitea#34708))
  Various: Fixes, tests missing.
------
- 💡 [`gitea`](go-gitea/gitea@c9505a2) Improve instance wide ssh commit signing ([gitea#34341](go-gitea/gitea#34341))
  CodeSign: Nice feature - needs careful merge.
------
- 💡 [`gitea`](go-gitea/gitea@fbc3796) Fix pull requests API convert panic when head repository is deleted. ([gitea#34685](go-gitea/gitea#34685))
  Pull: Fix, needs careful merge.
------
- 💡 [`gitea`](go-gitea/gitea@1610a63) Fix commit message rendering and some UI problems ([gitea#34680](go-gitea/gitea#34680))
  Various Fixes - needs carefull merge.
------
- 💡 [`gitea`](go-gitea/gitea@0082cb5) Fix last admin check when syncing users ([gitea#34649](go-gitea/gitea#34649))
  oidc: fix "first user is always admin". Needs careful merge.
------
- 💡 [`gitea`](go-gitea/gitea@c6b2cbd) Fix footnote jump behavior on the issue page. ([gitea#34621](go-gitea/gitea#34621))
  Issues: Fix Markdown rendering. Needs carefull merge
------
- 💡 [`gitea`](go-gitea/gitea@7a59f5a) Ignore "Close" error when uploading container blob ([gitea#34620](go-gitea/gitea#34620))
  No issue, no test.
------
- 💡 [`gitea`](go-gitea/gitea@6d0b240) Keeping consistent between UI and API about combined commit status state and fix some bugs ([gitea#34562](go-gitea/gitea#34562))
  Next PR in Commit-Status story.
------
- 💡 [`gitea`](go-gitea/gitea@f604144) Refactor FindOrgOptions to use enum instead of bool, fix membership visibility ([gitea#34629](go-gitea/gitea#34629))
  Just for a common sense here: How should I consider refactorings?
------
- 💡 [`gitea`](go-gitea/gitea@cc942e2) Fix GetUsersByEmails ([gitea#34643](go-gitea/gitea#34643))
  User: Seems to fix email validation - but seems not to be finished.
------
- 💡 [`gitea`](go-gitea/gitea@7fa5a88) Add `--color-logo` for text that should match logo color ([gitea#34639](go-gitea/gitea#34639))
  UI: Nice idea - can we adapt this?
------
- 💡 [`gitea`](go-gitea/gitea@47d69b7) Validate hex colors when creating/editing labels ([gitea#34623](go-gitea/gitea#34623))
  Label: Color validation but needs careful merge.
------
- 💡 [`gitea`](go-gitea/gitea@108db0b) Fix possible pull request broken when leave the page immediately after clicking the update button ([gitea#34509](go-gitea/gitea#34509))
  Nice fix for a bug hard to trace down.
  Needs careful merge & think about whether a test is possible.
------
- 💡 [`gitea`](go-gitea/gitea@79cc369) Fix issue label delete incorrect labels webhook payload ([gitea#34575](go-gitea/gitea#34575))
  Small fix but would expect a test, showing what was fixed.
------
- 💡 [`gitea`](go-gitea/gitea@fe57ee3) fixed incorrect page navigation with up and down arrow on last item of dashboard repos ([gitea#34570](go-gitea/gitea#34570))
  Small & simple - but tests are missing.
------
- 💡 [`gitea`](go-gitea/gitea@4e47148) Remove unnecessary duplicate code ([gitea#34552](go-gitea/gitea#34552))
  Fix arround "Split GetLatestCommitStatus".
------
- 💡 [`gitea`](go-gitea/gitea@c5e78fc) Do not mutate incoming options to SearchRepositoryByName ([gitea#34553](go-gitea/gitea#34553))
  Large refactoring to simplify options handling. But needs careful merge.
------
- 💡 [`gitea`](go-gitea/gitea@f48c013) Fix/improve avatar sync from LDAP ([gitea#34573](go-gitea/gitea#34573))
  Nice fix but needs test.
------
- 💡 [`gitea`](go-gitea/gitea@e8d8984) Fix some trivial problems ([gitea#34579](go-gitea/gitea#34579))
  Various fixes, tests missing.
------

## Skipped

- ⏩ [`gitea`](go-gitea/gitea@637070e) Fix container range bug ([gitea#34725](go-gitea/gitea#34725))
------
- ⏩ [`gitea`](go-gitea/gitea@0d3e995) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](go-gitea/gitea@28debdb) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](go-gitea/gitea@dcc9206) Raise minimum Node.js version to 20, test on 24 ([gitea#34713](go-gitea/gitea#34713))
------
- ⏩ [`gitea`](go-gitea/gitea@bc28654) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](go-gitea/gitea@65986f4) Refactor embedded assets and drop unnecessary dependencies ([gitea#34692](go-gitea/gitea#34692))
------
- ⏩ [`gitea`](go-gitea/gitea@18bafcc) Bump minimum go version to 1.24.4 ([gitea#34699](go-gitea/gitea#34699))
------
- ⏩ [`gitea`](go-gitea/gitea@8d135ef) Update JS deps ([gitea#34701](go-gitea/gitea#34701))
------
- ⏩ [`gitea`](go-gitea/gitea@d5893ee) Fix markdown wrap ([gitea#34697](go-gitea/gitea#34697))

  - gitea UI specific specific
------
- ⏩ [`gitea`](go-gitea/gitea@06ccb3a) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](go-gitea/gitea@94db956) frontport changelog ([gitea#34689](go-gitea/gitea#34689))
------
- ⏩ [`gitea`](go-gitea/gitea@d5afdcc) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](go-gitea/gitea@e9f5105) Migrate to urfave v3 ([gitea#34510](go-gitea/gitea#34510))
  already in Forgejo - see https://codeberg.org/forgejo/forgejo/pulls/8035
------
- ⏩ [`gitea`](go-gitea/gitea@2c341b6) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](go-gitea/gitea@92e7e98) Update x/crypto package and make builtin SSH use default parameters ([gitea#34667](go-gitea/gitea#34667))
------
- ⏩ [`gitea`](go-gitea/gitea@7b39c82) Fix "oras" OCI client compatibility ([gitea#34666](go-gitea/gitea#34666))
  Already in forgejo - see https://codeberg.org/forgejo/forgejo/issues/8070
------
- ⏩ [`gitea`](go-gitea/gitea@1fe652c) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](go-gitea/gitea@a9a705f) Fix missed merge commit sha and time when migrating from codecommit ([gitea#34645](go-gitea/gitea#34645))
  Migration: Seems to be an important fix, but no tests.

  As I know @earl-warren worked hard on migration, is this still relevant to us?
------
- ⏩ [`gitea`](go-gitea/gitea@1e0758a) [skip ci] Updated translations via Crowdin
------
- ⏩ [`gitea`](go-gitea/gitea@f6f6aed) Update JS deps, regenerate SVGs ([gitea#34640](go-gitea/gitea#34640))
------
- ⏩ [`gitea`](go-gitea/gitea@aa2b3b2) Misc CSS fixes ([gitea#34638](go-gitea/gitea#34638))

  - gitea UI specific specific
------
- ⏩ [`gitea`](go-gitea/gitea@b38f2d3) add codecommit to supported services in api docs ([gitea#34626](go-gitea/gitea#34626))
------
- ⏩ [`gitea`](go-gitea/gitea@74a0178) add openssh-keygen to rootless image ([gitea#34625](go-gitea/gitea#34625))
  already in Forgejo - see https://codeberg.org/forgejo/forgejo/issues/6896
------
- ⏩ [`gitea`](go-gitea/gitea@5b22af4) bump to alpine 3.22 ([gitea#34613](go-gitea/gitea#34613))
------
- ⏩ [`gitea`](go-gitea/gitea@9e0e107) Fix notification count positioning for variable-width elements ([gitea#34597](go-gitea/gitea#34597))

  - gitea UI specific specific
------
- ⏩ [`gitea`](go-gitea/gitea@e5781ce) Fix margin issue in markup paragraph rendering ([gitea#34599](go-gitea/gitea#34599))

  - gitea UI specific specific
------
- ⏩ [`gitea`](go-gitea/gitea@375dab1) Make pull request and issue history more compact ([gitea#34588](go-gitea/gitea#34588))

  - gitea UI specific specific
------
- ⏩ [`gitea`](go-gitea/gitea@2a1585b) Refactor some tests ([gitea#34580](go-gitea/gitea#34580))
------

<details>
<summary><h2>Stats</h2></summary>

<br>

Between [`gitea@d5bbaee64e`](go-gitea/gitea@d5bbaee) and [`gitea@6b8b580218`](go-gitea/gitea@6b8b580), **55** commits have been reviewed. We picked **5**, skipped **28** (of which **3** were already in Forgejo!), and decided to port **22**.

</details>

Co-authored-by: Lunny Xiao <[email protected]>
Co-authored-by: NorthRealm <[email protected]>
Co-authored-by: TheFox0x7 <[email protected]>
Co-authored-by: endo0911engineer <[email protected]>
Co-authored-by: wxiaoguang <[email protected]>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8198
Reviewed-by: Earl Warren <[email protected]>
Co-authored-by: Michael Jerger <[email protected]>
Co-committed-by: Michael Jerger <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docs-update-needed The document needs to be updated synchronously lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow SSH key to be used for commit signatures
8 participants