Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Gitea
  3. Need help to enable autosign

Need help to enable autosign

Scheduled Pinned Locked Moved Solved Gitea
27 Posts 5 Posters 14.7k Views 5 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • jaschaezraJ Offline
    jaschaezraJ Offline
    jaschaezra
    wrote on last edited by
    #17

    This is odd - after working for a looong time I suddenly get this error when creating a repository and initializing it:

    CreatePost, initRepository: initRepoCommit: git commit: exit status 128 - error: gpg failed to sign the data
fatal: failed to write commit object
 - error: gpg failed to sign the data
fatal: failed to write commit object

    I first thought that maybe the key is gone. By checking this I found that:

    root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git# sudo -u git gpg --list-keys
gpg: Fatal: can't create directory '/home/git/.gnupg': Read-only file system
root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git#

    I have not changed anything and I do not know when this happened as I was not using my git for the last ~9 months.

    Any idea what is going on @nebulon?

    1 Reply Last reply
    0
    • nebulonN Offline
      nebulonN Offline
      nebulon
      Staff
      wrote on last edited by
      #18

      Just briefly rereading the thread, did you set GNUPGHOME for git user so it uses the correct (writeable) folder? Seems like the one which is used should be export GNUPGHOME=/app/data/appdata/home/.gnupg

      robiR jaschaezraJ 2 Replies Last reply
      1
      • nebulonN nebulon

        Just briefly rereading the thread, did you set GNUPGHOME for git user so it uses the correct (writeable) folder? Seems like the one which is used should be export GNUPGHOME=/app/data/appdata/home/.gnupg

        robiR Offline
        robiR Offline
        robi
        wrote on last edited by
        #19

        @nebulon might be nice to have these set when terminal is launched including HOME.

        Conscious tech

        1 Reply Last reply
        0
        • nebulonN nebulon

          Just briefly rereading the thread, did you set GNUPGHOME for git user so it uses the correct (writeable) folder? Seems like the one which is used should be export GNUPGHOME=/app/data/appdata/home/.gnupg

          jaschaezraJ Offline
          jaschaezraJ Offline
          jaschaezra
          wrote on last edited by
          #20

          @nebulon I now get a new error:

          root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git# sudo -u git bash
git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ export GNUPGHOME=/app/data/appdata/home/.gnupg
git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ gpg --list-keys
gpg: WARNING: unsafe permissions on homedir '/app/data/appdata/home/.gnupg'
git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$
          1 Reply Last reply
          0
          • nebulonN Offline
            nebulonN Offline
            nebulon
            Staff
            wrote on last edited by
            #21

            The permissions can be fixed up with:

            chmod 600 /app/data/appdata/home/.gnupg/*
chmod 700 /app/data/appdata/home/.gnupg

            However, this is also only a warning, not sure if this is the root cause. Are there any keys in the folder itself?

            1 Reply Last reply
            0
            • jaschaezraJ Offline
              jaschaezraJ Offline
              jaschaezra
              wrote on last edited by
              #22

              Oh, no, my key is gone. That is odd as I never touched the key after it worked.

              1 Reply Last reply
              0
              • jaschaezraJ Offline
                jaschaezraJ Offline
                jaschaezra
                wrote on last edited by jaschaezra
                #23

                After creating a new key and configuring it in app.ini and restarting gitea I still get an error:

                root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git# sudo -u git bash
git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ export GNUPGHOME=/app/data/appdata/home/.gnupg
git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ gpg --list-keys
/app/data/appdata/home/.gnupg/pubring.kbx
-----------------------------------------
pub   rsa4096 2025-01-21 [SC] [expires: 2027-01-21]
      EF80C8DE297670B7E8C0360108DA2115185FFD9C
uid           [ultimate] jascha.wtf Gitea <git@git.jascha.wtf>

                section of app.ini:

                [repository.signing]
SIGNING_KEY = EF80C8DE297670B7E8C0360108DA2115185FFD9C
SIGNING_NAME = jascha.wtf Gitea
SIGNING_EMAIL = git@git.jascha.wtf
INITIAL_COMMIT = always
CRUD_ACTIONS = pubkey, twofa, parentsigned
WIKI = never
MERGES = pubkey, twofa, basesigned, commitssigned

GITEA__REPOSITORY__ENABLE_PUSH_CREATE_USER=true

                From the log:

                Jan 21 10:45:28 Error: exit status 128 - error: gpg failed to sign the data
Jan 21 10:45:28 fatal: failed to write commit object
Jan 21 10:45:28 - error: gpg failed to sign the data
Jan 21 10:45:28 fatal: failed to write commit object
Jan 21 10:45:28 2025/01/21 09:45:28 ...ers/web/repo/repo.go:217:handleCreateError() [E] CreatePost: initRepository: initRepoCommit: git commit: exit status 128 - error: gpg failed to sign the data
Jan 21 10:45:28 fatal: failed to write commit object
Jan 21 10:45:28 - error: gpg failed to sign the data
Jan 21 10:45:28 fatal: failed to write commit object
Jan 21 10:45:28 2025/01/21 09:45:28 ...eb/routing/logger.go:102:func1() [I] router: completed POST /repo/create for 82.140.42.234:0, 500 Internal Server Error in 55.3ms @ repo/repo.go:222(repo.CreatePost)

                Update: Gitea does not get the signing key. The response of https://git.jascha.wtf/api/v1/signing-key.gpg is empty

                My best guess is that there are some path poblems - https://docs.gitea.com/administration/signing

                girishG 1 Reply Last reply
                0
                • jaschaezraJ Offline
                  jaschaezraJ Offline
                  jaschaezra
                  wrote on last edited by
                  #24

                  Oh, forgot to mention @nebulon

                  1 Reply Last reply
                  0
                  • J Offline
                    J Offline
                    joseph
                    Staff
                    wrote on last edited by
                    #25

                    @jaschaezra are your GPG keys password protected ? (See also https://docs.gitlab.com/ee/user/project/repository/signed_commits/gpg.html#gpg-fails-to-sign-data)

                    1 Reply Last reply
                    0
                    • jaschaezraJ jaschaezra

                      After creating a new key and configuring it in app.ini and restarting gitea I still get an error:

                      root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git# sudo -u git bash
git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ export GNUPGHOME=/app/data/appdata/home/.gnupg
git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ gpg --list-keys
/app/data/appdata/home/.gnupg/pubring.kbx
-----------------------------------------
pub   rsa4096 2025-01-21 [SC] [expires: 2027-01-21]
      EF80C8DE297670B7E8C0360108DA2115185FFD9C
uid           [ultimate] jascha.wtf Gitea <git@git.jascha.wtf>

                      section of app.ini:

                      [repository.signing]
SIGNING_KEY = EF80C8DE297670B7E8C0360108DA2115185FFD9C
SIGNING_NAME = jascha.wtf Gitea
SIGNING_EMAIL = git@git.jascha.wtf
INITIAL_COMMIT = always
CRUD_ACTIONS = pubkey, twofa, parentsigned
WIKI = never
MERGES = pubkey, twofa, basesigned, commitssigned

GITEA__REPOSITORY__ENABLE_PUSH_CREATE_USER=true

                      From the log:

                      Jan 21 10:45:28 Error: exit status 128 - error: gpg failed to sign the data
Jan 21 10:45:28 fatal: failed to write commit object
Jan 21 10:45:28 - error: gpg failed to sign the data
Jan 21 10:45:28 fatal: failed to write commit object
Jan 21 10:45:28 2025/01/21 09:45:28 ...ers/web/repo/repo.go:217:handleCreateError() [E] CreatePost: initRepository: initRepoCommit: git commit: exit status 128 - error: gpg failed to sign the data
Jan 21 10:45:28 fatal: failed to write commit object
Jan 21 10:45:28 - error: gpg failed to sign the data
Jan 21 10:45:28 fatal: failed to write commit object
Jan 21 10:45:28 2025/01/21 09:45:28 ...eb/routing/logger.go:102:func1() [I] router: completed POST /repo/create for 82.140.42.234:0, 500 Internal Server Error in 55.3ms @ repo/repo.go:222(repo.CreatePost)

                      Update: Gitea does not get the signing key. The response of https://git.jascha.wtf/api/v1/signing-key.gpg is empty

                      My best guess is that there are some path poblems - https://docs.gitea.com/administration/signing

                      girishG Offline
                      girishG Offline
                      girish
                      Staff
                      wrote on last edited by
                      #26

                      @jaschaezra said in Need help to enable autosign:

                      Update: Gitea does not get the signing key

                      Did a quick test. Setting GNUPGHOME env var makes it work. You can use CLI tool for this cloudron env set GPGHOME=/app/data/appdata/home/.gnupg . But I think we should set this in the package itself.

                      1 Reply Last reply
                      0
                      • girishG Offline
                        girishG Offline
                        girish
                        Staff
                        wrote on last edited by
                        #27

                        Well, I am confused. For me, it works out of the box. See this comment from @nebulon - https://forum.cloudron.io/post/55637

                        • GNUPGHOME is already to /app/data/gnupg
                        • Just put your keys in above directory
                        • curl https://gitea.domain.com/api/v1/signing-key.gpg works
                        • Create empty repo.

                        image.png

                        1 Reply Last reply
                        0
                        Reply
                        • Reply as topic
                        Log in to reply
                        • Oldest to Newest
                        • Newest to Oldest
                        • Most Votes

                        • Login
                        • Don't have an account? Register
                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search