Need help to enable autosign
-
Thanks for the detailed description. I have changed the package to allow adding the keys and set the
GNUPGHOME(this change is not published yet). It all seems fine, but I am not sure how to test or check if the signing actually was performed. Also do I have to set something for a git repository in gitea specifically to make it sign the commits?@nebulon I would love to test it.
When you create a repository and init it from the webfrostend, then this commit is signed by Gitea. So in fact all the things you do in the webfrontend.
These settings
INITIAL_COMMIT = always CRUD_ACTIONS = pubkey, twofa, parentsigned
say: Always sign the initial commit. Sign every other commits if the User has set a pub key OR enabled TFA or if the parent commit is signed.Hope that helps.
-
@nebulon I would love to test it.
When you create a repository and init it from the webfrostend, then this commit is signed by Gitea. So in fact all the things you do in the webfrontend.
These settings
INITIAL_COMMIT = always CRUD_ACTIONS = pubkey, twofa, parentsigned
say: Always sign the initial commit. Sign every other commits if the User has set a pub key OR enabled TFA or if the parent commit is signed.Hope that helps.
@jaschaezra the change is quite small https://git.cloudron.io/cloudron/gitea-app/-/commit/32eebcff8fd7c095d4e88cba396e693cb12bfbbe
It would be great if you could test this. Basically checkout the app package repo and run
cloudron build && cloudron installin the folder. Granted you have the cloudron cli tool installed and configured for your Cloudron already. -
@jaschaezra the change is quite small https://git.cloudron.io/cloudron/gitea-app/-/commit/32eebcff8fd7c095d4e88cba396e693cb12bfbbe
It would be great if you could test this. Basically checkout the app package repo and run
cloudron build && cloudron installin the folder. Granted you have the cloudron cli tool installed and configured for your Cloudron already.@nebulon Thanks! I will test it later tonight and provide feedback!
EDIT How do I build it? cloudron build asks for a registry...
-
@jaschaezra the change is quite small https://git.cloudron.io/cloudron/gitea-app/-/commit/32eebcff8fd7c095d4e88cba396e693cb12bfbbe
It would be great if you could test this. Basically checkout the app package repo and run
cloudron build && cloudron installin the folder. Granted you have the cloudron cli tool installed and configured for your Cloudron already.This post is deleted! -
@jaschaezra the change is quite small https://git.cloudron.io/cloudron/gitea-app/-/commit/32eebcff8fd7c095d4e88cba396e693cb12bfbbe
It would be great if you could test this. Basically checkout the app package repo and run
cloudron build && cloudron installin the folder. Granted you have the cloudron cli tool installed and configured for your Cloudron already. -
@nebulon I got the image built but I can not install it.
Location: x Port SSH_PORT: 29418 Failed to install app: 409 message: Port 29418-tcp is in use``` -
@jaschaezra seems like you already have an instance using the default port there. Try to run
cloudron install -pfor interactive way to set a different port. -
@nebulon I do not know what is going on on my system but I seriously fucked something up
Sorry, I just can not test it at the moment
-
@jaschaezra there is no time pressure at all. Hope you get your system back up again though. If it is Cloudron related, let us know of course.
-
@nebulon It worked for me
So it would be great if this can be deployed in the container. (With the latest update :D)
-
N nebulon has marked this topic as solved on
-
@jaschaezra thanks for testing and confirming the fix. I have pushed a new package now.
@nebulon I just want to add some screen I just made because I forgot them to create
This is how you'll see it in the repository:
When you take a look at the commit:
The name is set in app.ini
For the key-creation:
It is much easier to do it like this:gpg --default-new-key-algo rsa4096 --gen-keythen enter the Name, the Email (git@DOMAIN) and NO password!
That's it.
-
@nebulon I just want to add some screen I just made because I forgot them to create
This is how you'll see it in the repository:
When you take a look at the commit:
The name is set in app.ini
For the key-creation:
It is much easier to do it like this:gpg --default-new-key-algo rsa4096 --gen-keythen enter the Name, the Email (git@DOMAIN) and NO password!
That's it.
@jaschaezra BTW, you can set a Gravatar/Libravatar for git@DOMAIN and upload e.g. the gitea Logo which then is displayed.
-
This is odd - after working for a looong time I suddenly get this error when creating a repository and initializing it:
CreatePost, initRepository: initRepoCommit: git commit: exit status 128 - error: gpg failed to sign the data fatal: failed to write commit object - error: gpg failed to sign the data fatal: failed to write commit objectI first thought that maybe the key is gone. By checking this I found that:
root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git# sudo -u git gpg --list-keys gpg: Fatal: can't create directory '/home/git/.gnupg': Read-only file system root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git#I have not changed anything and I do not know when this happened as I was not using my git for the last ~9 months.
Any idea what is going on @nebulon?
-
Just briefly rereading the thread, did you set
GNUPGHOMEfor git user so it uses the correct (writeable) folder? Seems like the one which is used should beexport GNUPGHOME=/app/data/appdata/home/.gnupg -
Just briefly rereading the thread, did you set
GNUPGHOMEfor git user so it uses the correct (writeable) folder? Seems like the one which is used should beexport GNUPGHOME=/app/data/appdata/home/.gnupg@nebulon I now get a new error:
root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git# sudo -u git bash git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ export GNUPGHOME=/app/data/appdata/home/.gnupg git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ gpg --list-keys gpg: WARNING: unsafe permissions on homedir '/app/data/appdata/home/.gnupg' git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ -
Oh, no, my key is gone. That is odd as I never touched the key after it worked.
-
After creating a new key and configuring it in app.ini and restarting gitea I still get an error:
root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git# sudo -u git bash git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ export GNUPGHOME=/app/data/appdata/home/.gnupg git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ gpg --list-keys /app/data/appdata/home/.gnupg/pubring.kbx ----------------------------------------- pub rsa4096 2025-01-21 [SC] [expires: 2027-01-21] EF80C8DE297670B7E8C0360108DA2115185FFD9C uid [ultimate] jascha.wtf Gitea <git@git.jascha.wtf>section of app.ini:
[repository.signing] SIGNING_KEY = EF80C8DE297670B7E8C0360108DA2115185FFD9C SIGNING_NAME = jascha.wtf Gitea SIGNING_EMAIL = git@git.jascha.wtf INITIAL_COMMIT = always CRUD_ACTIONS = pubkey, twofa, parentsigned WIKI = never MERGES = pubkey, twofa, basesigned, commitssigned GITEA__REPOSITORY__ENABLE_PUSH_CREATE_USER=trueFrom the log:
Jan 21 10:45:28 Error: exit status 128 - error: gpg failed to sign the data Jan 21 10:45:28 fatal: failed to write commit object Jan 21 10:45:28 - error: gpg failed to sign the data Jan 21 10:45:28 fatal: failed to write commit object Jan 21 10:45:28 2025/01/21 09:45:28 ...ers/web/repo/repo.go:217:handleCreateError() [E] CreatePost: initRepository: initRepoCommit: git commit: exit status 128 - error: gpg failed to sign the data Jan 21 10:45:28 fatal: failed to write commit object Jan 21 10:45:28 - error: gpg failed to sign the data Jan 21 10:45:28 fatal: failed to write commit object Jan 21 10:45:28 2025/01/21 09:45:28 ...eb/routing/logger.go:102:func1() [I] router: completed POST /repo/create for 82.140.42.234:0, 500 Internal Server Error in 55.3ms @ repo/repo.go:222(repo.CreatePost)Update: Gitea does not get the signing key. The response of
https://git.jascha.wtf/api/v1/signing-key.gpgis emptyMy best guess is that there are some path poblems - https://docs.gitea.com/administration/signing
-
Oh, forgot to mention @nebulon
