Need help to enable autosign
-
Thanks for the detailed description. I have changed the package to allow adding the keys and set the
GNUPGHOME(this change is not published yet). It all seems fine, but I am not sure how to test or check if the signing actually was performed. Also do I have to set something for a git repository in gitea specifically to make it sign the commits?@nebulon I would love to test it.
When you create a repository and init it from the webfrostend, then this commit is signed by Gitea. So in fact all the things you do in the webfrontend.
These settings
INITIAL_COMMIT = always CRUD_ACTIONS = pubkey, twofa, parentsigned
say: Always sign the initial commit. Sign every other commits if the User has set a pub key OR enabled TFA or if the parent commit is signed.Hope that helps.
-
@nebulon I would love to test it.
When you create a repository and init it from the webfrostend, then this commit is signed by Gitea. So in fact all the things you do in the webfrontend.
These settings
INITIAL_COMMIT = always CRUD_ACTIONS = pubkey, twofa, parentsigned
say: Always sign the initial commit. Sign every other commits if the User has set a pub key OR enabled TFA or if the parent commit is signed.Hope that helps.
@jaschaezra the change is quite small https://git.cloudron.io/cloudron/gitea-app/-/commit/32eebcff8fd7c095d4e88cba396e693cb12bfbbe
It would be great if you could test this. Basically checkout the app package repo and run
cloudron build && cloudron installin the folder. Granted you have the cloudron cli tool installed and configured for your Cloudron already. -
@jaschaezra the change is quite small https://git.cloudron.io/cloudron/gitea-app/-/commit/32eebcff8fd7c095d4e88cba396e693cb12bfbbe
It would be great if you could test this. Basically checkout the app package repo and run
cloudron build && cloudron installin the folder. Granted you have the cloudron cli tool installed and configured for your Cloudron already.@nebulon Thanks! I will test it later tonight and provide feedback!
EDIT How do I build it? cloudron build asks for a registry...
-
@jaschaezra the change is quite small https://git.cloudron.io/cloudron/gitea-app/-/commit/32eebcff8fd7c095d4e88cba396e693cb12bfbbe
It would be great if you could test this. Basically checkout the app package repo and run
cloudron build && cloudron installin the folder. Granted you have the cloudron cli tool installed and configured for your Cloudron already.This post is deleted! -
@jaschaezra the change is quite small https://git.cloudron.io/cloudron/gitea-app/-/commit/32eebcff8fd7c095d4e88cba396e693cb12bfbbe
It would be great if you could test this. Basically checkout the app package repo and run
cloudron build && cloudron installin the folder. Granted you have the cloudron cli tool installed and configured for your Cloudron already. -
@nebulon I got the image built but I can not install it.
Location: x Port SSH_PORT: 29418 Failed to install app: 409 message: Port 29418-tcp is in use``` -
@jaschaezra seems like you already have an instance using the default port there. Try to run
cloudron install -pfor interactive way to set a different port. -
@nebulon I do not know what is going on on my system but I seriously fucked something up
Sorry, I just can not test it at the moment
-
@jaschaezra there is no time pressure at all. Hope you get your system back up again though. If it is Cloudron related, let us know of course.
-
@nebulon It worked for me
So it would be great if this can be deployed in the container. (With the latest update :D)
-
N nebulon has marked this topic as solved on
-
@jaschaezra thanks for testing and confirming the fix. I have pushed a new package now.
@nebulon I just want to add some screen I just made because I forgot them to create
This is how you'll see it in the repository:
When you take a look at the commit:
The name is set in app.ini
For the key-creation:
It is much easier to do it like this:gpg --default-new-key-algo rsa4096 --gen-keythen enter the Name, the Email (git@DOMAIN) and NO password!
That's it.
-
@nebulon I just want to add some screen I just made because I forgot them to create
This is how you'll see it in the repository:
When you take a look at the commit:
The name is set in app.ini
For the key-creation:
It is much easier to do it like this:gpg --default-new-key-algo rsa4096 --gen-keythen enter the Name, the Email (git@DOMAIN) and NO password!
That's it.
@jaschaezra BTW, you can set a Gravatar/Libravatar for git@DOMAIN and upload e.g. the gitea Logo which then is displayed.
-
This is odd - after working for a looong time I suddenly get this error when creating a repository and initializing it:
CreatePost, initRepository: initRepoCommit: git commit: exit status 128 - error: gpg failed to sign the data fatal: failed to write commit object - error: gpg failed to sign the data fatal: failed to write commit objectI first thought that maybe the key is gone. By checking this I found that:
root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git# sudo -u git gpg --list-keys gpg: Fatal: can't create directory '/home/git/.gnupg': Read-only file system root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git#I have not changed anything and I do not know when this happened as I was not using my git for the last ~9 months.
Any idea what is going on @nebulon?
-
Just briefly rereading the thread, did you set
GNUPGHOMEfor git user so it uses the correct (writeable) folder? Seems like the one which is used should beexport GNUPGHOME=/app/data/appdata/home/.gnupg -
Just briefly rereading the thread, did you set
GNUPGHOMEfor git user so it uses the correct (writeable) folder? Seems like the one which is used should beexport GNUPGHOME=/app/data/appdata/home/.gnupg@nebulon I now get a new error:
root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git# sudo -u git bash git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ export GNUPGHOME=/app/data/appdata/home/.gnupg git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ gpg --list-keys gpg: WARNING: unsafe permissions on homedir '/app/data/appdata/home/.gnupg' git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ -
Oh, no, my key is gone. That is odd as I never touched the key after it worked.
-
After creating a new key and configuring it in app.ini and restarting gitea I still get an error:
root@0f44f577-d0e0-42e6-a371-d3914aba0014:/home/git# sudo -u git bash git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ export GNUPGHOME=/app/data/appdata/home/.gnupg git@0f44f577-d0e0-42e6-a371-d3914aba0014:~$ gpg --list-keys /app/data/appdata/home/.gnupg/pubring.kbx ----------------------------------------- pub rsa4096 2025-01-21 [SC] [expires: 2027-01-21] EF80C8DE297670B7E8C0360108DA2115185FFD9C uid [ultimate] jascha.wtf Gitea <git@git.jascha.wtf>section of app.ini:
[repository.signing] SIGNING_KEY = EF80C8DE297670B7E8C0360108DA2115185FFD9C SIGNING_NAME = jascha.wtf Gitea SIGNING_EMAIL = git@git.jascha.wtf INITIAL_COMMIT = always CRUD_ACTIONS = pubkey, twofa, parentsigned WIKI = never MERGES = pubkey, twofa, basesigned, commitssigned GITEA__REPOSITORY__ENABLE_PUSH_CREATE_USER=trueFrom the log:
Jan 21 10:45:28 Error: exit status 128 - error: gpg failed to sign the data Jan 21 10:45:28 fatal: failed to write commit object Jan 21 10:45:28 - error: gpg failed to sign the data Jan 21 10:45:28 fatal: failed to write commit object Jan 21 10:45:28 2025/01/21 09:45:28 ...ers/web/repo/repo.go:217:handleCreateError() [E] CreatePost: initRepository: initRepoCommit: git commit: exit status 128 - error: gpg failed to sign the data Jan 21 10:45:28 fatal: failed to write commit object Jan 21 10:45:28 - error: gpg failed to sign the data Jan 21 10:45:28 fatal: failed to write commit object Jan 21 10:45:28 2025/01/21 09:45:28 ...eb/routing/logger.go:102:func1() [I] router: completed POST /repo/create for 82.140.42.234:0, 500 Internal Server Error in 55.3ms @ repo/repo.go:222(repo.CreatePost)Update: Gitea does not get the signing key. The response of
https://git.jascha.wtf/api/v1/signing-key.gpgis emptyMy best guess is that there are some path poblems - https://docs.gitea.com/administration/signing
-
Oh, forgot to mention @nebulon
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login