forgejo

luckyimnotanigger/forgejo

Fork 0

mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-06-18 15:15:18 +00:00

Commit graph

Author	SHA1	Message	Date
Gusted	90f8239448	fix: make test suite run on older git version (#8188 ) Ref: forgejo/forgejo#8140, forgejo/forgejo#8144 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8188 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-06-14 19:50:58 +02:00
Gusted	df5d656827	feat: consider WebAuthn & SSH for instance signing (#7693 ) Some checks are pending / release (push) Waiting to run Details testing / backend-checks (push) Has been skipped Details testing / frontend-checks (push) Has been skipped Details testing / test-unit (push) Has been skipped Details testing / test-e2e (push) Has been skipped Details testing / test-mysql (push) Has been skipped Details testing / test-pgsql (push) Has been skipped Details testing / test-sqlite (push) Has been skipped Details testing / test-remote-cacher (redis) (push) Has been skipped Details testing / test-remote-cacher (valkey) (push) Has been skipped Details testing / test-remote-cacher (garnet) (push) Has been skipped Details testing / test-remote-cacher (redict) (push) Has been skipped Details testing / security-check (push) Has been skipped Details - Currently the options `pubkey` and `twofa` only consider TOTP and GPG keys respectively. Adjust the code to also consider WebAuthn credentials and SSH keys. - While adding the new unified functions I noticed that certain places also benefited from using these unified functions and took the liberty (where it was either a trivial translation or it was covered under testing) to use the new unified functions. - Resolves forgejo/forgejo#7658 - Adds unit and integration tests. Documentation PR: https://codeberg.org/forgejo/docs/pulls/1166 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7693 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-04-29 10:34:07 +00:00
Gusted	b55c72828e	feat(sec): Add SSH signing support for instances (#6897 ) - Add support to set `gpg.format` in the Git config, via the new `[repository.signing].FORMAT` option. This is to tell Git that the instance would like to use SSH instead of OpenPGP to sign its commits. This is guarded behind a Git version check for v2.34.0 and a check that a `ssh-keygen` binary is present. - Add support to recognize the public SSH key that is given to `[repository.signing].SIGNING_KEY` as the signing key by the instance. - Thus this allows the instance to use SSH commit signing for commits that the instance creates (e.g. initial and squash commits) instead of using PGP. - Technically (although I have no clue how as this is not documented) you can have a different PGP signing key for different repositories; this is not implemented for SSH signing. - Add unit and integration testing. - `TestInstanceSigning` was reworked from `TestGPGGit`, now also includes testing for SHA256 repositories. Is the main integration test that actually signs commits and checks that they are marked as verified by Forgejo. - `TestParseCommitWithSSHSignature` is a unit test that makes sure that if a SSH instnace signing key is set, that it is used to possibly verify instance SSH signed commits. - `TestSyncConfigGPGFormat` is a unit test that makes sure the correct git config is set according to the signing format setting. Also checks that the guarded git version check and ssh-keygen binary presence check is done correctly. - `TestSSHInstanceKey` is a unit test that makes sure the parsing of a SSH signing key is done correctly. - `TestAPISSHSigningKey` is a integration test that makes sure the newly added API route `/api/v1/signing-key.ssh` responds correctly. Documentation PR: forgejo/docs#1122 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6897 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-04-11 13:25:35 +00:00

Author

SHA1

Message

Date

Gusted

90f8239448

fix: make test suite run on older git version (#8188 )

Ref: forgejo/forgejo#8140, forgejo/forgejo#8144
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8188
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>

2025-06-14 19:50:58 +02:00

Gusted

df5d656827

feat: consider WebAuthn & SSH for instance signing (#7693 )

/ release (push) Waiting to run

Details

testing / backend-checks (push) Has been skipped

Details

testing / frontend-checks (push) Has been skipped

Details

testing / test-unit (push) Has been skipped

Details

testing / test-e2e (push) Has been skipped

Details

testing / test-mysql (push) Has been skipped

Details

testing / test-pgsql (push) Has been skipped

Details

testing / test-sqlite (push) Has been skipped

Details

testing / test-remote-cacher (redis) (push) Has been skipped

Details

testing / test-remote-cacher (valkey) (push) Has been skipped

Details

testing / test-remote-cacher (garnet) (push) Has been skipped

Details

testing / test-remote-cacher (redict) (push) Has been skipped

Details

testing / security-check (push) Has been skipped

Details

- Currently the options `pubkey` and `twofa` only consider TOTP and GPG keys respectively. Adjust the code to also consider WebAuthn credentials and SSH keys.
- While adding the new unified functions I noticed that certain places also benefited from using these unified functions and took the liberty (where it was either a trivial translation or it was covered under testing) to use the new unified functions.
- Resolves forgejo/forgejo#7658
- Adds unit and integration tests.

Documentation PR: https://codeberg.org/forgejo/docs/pulls/1166

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7693
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>

2025-04-29 10:34:07 +00:00

Gusted

b55c72828e

feat(sec): Add SSH signing support for instances (#6897 )

- Add support to set `gpg.format` in the Git config, via the new `[repository.signing].FORMAT` option. This is to tell Git that the instance would like to use SSH instead of OpenPGP to sign its commits. This is guarded behind a Git version check for v2.34.0 and a check that a `ssh-keygen` binary is present.
- Add support to recognize the public SSH key that is given to `[repository.signing].SIGNING_KEY` as the signing key by the instance.
- Thus this allows the instance to use SSH commit signing for commits that the instance creates (e.g. initial and squash commits) instead of using PGP.
- Technically (although I have no clue how as this is not documented) you can have a different PGP signing key for different repositories; this is not implemented for SSH signing.
- Add unit and integration testing.
- `TestInstanceSigning` was reworked from `TestGPGGit`, now also includes testing for SHA256 repositories. Is the main integration test that actually signs commits and checks that they are marked as verified by Forgejo.
- `TestParseCommitWithSSHSignature` is a unit test that makes sure that if a SSH instnace signing key is set, that it is used to possibly verify instance SSH signed commits.
- `TestSyncConfigGPGFormat` is a unit test that makes sure the correct git config is set according to the signing format setting. Also checks that the guarded git version check and ssh-keygen binary presence check is done correctly.
- `TestSSHInstanceKey` is a unit test that makes sure the parsing of a SSH signing key is done correctly.
- `TestAPISSHSigningKey` is a integration test that makes sure the newly added API route `/api/v1/signing-key.ssh` responds correctly.

Documentation PR: forgejo/docs#1122

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6897
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>

2025-04-11 13:25:35 +00:00

3 commits