2019-10-16 09:42:42 -04:00
---
date: "2019-08-17T10:20:00+01:00"
title: "GPG Commit Signatures"
slug: "signing"
2023-07-26 00:53:13 -04:00
sidebar_position: 50
2019-10-16 09:42:42 -04:00
toc: false
draft: false
Refactor docs (#23752)
This was intended to be a small followup for
https://github.com/go-gitea/gitea/pull/23712, but...here we are.
1. Our docs currently use `slug` as the entire URL, which makes
refactoring tricky (see https://github.com/go-gitea/gitea/pull/23712).
Instead, this PR attempts to make future refactoring easier by using
slugs as an extension of the section. (Hugo terminology)
- What the above boils down to is this PR attempts to use directory
organization as URL management. e.g. `usage/comparison.en-us.md` ->
`en-us/usage/comparison/`, `usage/packages/overview.en-us.md` ->
`en-us/usage/packages/overview/`
- Technically we could even remove `slug`, as Hugo defaults to using
filename, however at least with this PR it means `slug` only needs to be
the name for the **current file** rather than an entire URL
2. This PR adds appropriate aliases (redirects) for pages, so anything
on the internet that links to our docs should hopefully not break.
3. A minor nit I've had for a while, renaming `seek-help` to `support`.
It's a minor thing, but `seek-help` has a strange connotation to it.
4. The commits are split such that you can review the first which is the
"actual" change, and the second is added redirects so that the first
doesn't break links elsewhere.
---------
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-04-27 23:33:41 -04:00
aliases:
- /en-us/signing
2019-10-16 09:42:42 -04:00
menu:
sidebar:
2023-03-23 11:18:24 -04:00
parent: "administration"
2019-10-16 09:42:42 -04:00
name: "GPG Commit Signatures"
2023-07-26 00:53:13 -04:00
sidebar_position: 50
2019-10-16 09:42:42 -04:00
identifier: "signing"
---
# GPG Commit Signatures
Gitea will verify GPG commit signatures in the provided tree by
2021-11-28 08:28:30 -05:00
checking if the commits are signed by a key within the Gitea database,
2021-12-23 22:56:57 -05:00
or if the commit matches the default key for Git.
2019-10-16 09:42:42 -04:00
Keys are not checked to determine if they have expired or revoked.
Keys are also not checked with keyservers.
A commit will be marked with a grey unlocked icon if no key can be
found to verify it. If a commit is marked with a red unlocked icon,
it is reported to be signed with a key with an id.
Please note: The signer of a commit does not have to be an author or
committer of a commit.
2021-12-23 22:56:57 -05:00
This functionality requires Git >= 1.7.9 but for full functionality
this requires Git >= 2.0.0.
2019-10-16 09:42:42 -04:00
## Automatic Signing
There are a number of places where Gitea will generate commits itself:
2020-12-09 01:47:06 -05:00
- Repository Initialisation
- Wiki Changes
- CRUD actions using the editor or the API
- Merges from Pull Requests
2019-10-16 09:42:42 -04:00
Depending on configuration and server trust you may want Gitea to
sign these commits.
2020-02-18 20:23:45 -05:00
## Installing and generating a GPG key for Gitea
It is up to a server administrator to determine how best to install
a signing key. Gitea generates all its commits using the server `git`
command at present - and therefore the server `gpg` will be used for
signing (if configured.) Administrators should review best-practices
2021-12-23 22:56:57 -05:00
for GPG - in particular it is probably advisable to only install a
2020-02-18 20:23:45 -05:00
signing secret subkey without the master signing and certifying secret
key.
2019-10-16 09:42:42 -04:00
## General Configuration
Gitea's configuration for signing can be found with the
`[repository.signing]` section of `app.ini` :
```ini
...
[repository.signing]
SIGNING_KEY = default
SIGNING_NAME =
SIGNING_EMAIL =
INITIAL_COMMIT = always
CRUD_ACTIONS = pubkey, twofa, parentsigned
WIKI = never
MERGES = pubkey, twofa, basesigned, commitssigned
...
```
### `SIGNING_KEY`
The first option to discuss is the `SIGNING_KEY` . There are three main
options:
2020-12-09 01:47:06 -05:00
- `none` - this prevents Gitea from signing any commits
2022-06-16 11:47:44 -04:00
- `default` - Gitea will default to the key configured within `git config`
2020-12-09 01:47:06 -05:00
- `KEYID` - Gitea will sign commits with the gpg key with the ID
`KEYID` . In this case you should provide a `SIGNING_NAME` and
`SIGNING_EMAIL` to be displayed for this key.
2019-10-16 09:42:42 -04:00
The `default` option will interrogate `git config` for
`commit.gpgsign` option - if this is set, then it will use the results
of the `user.signingkey` , `user.name` and `user.email` as appropriate.
2021-12-23 22:56:57 -05:00
Please note: by adjusting Git's `config` file within Gitea's
2019-10-16 09:42:42 -04:00
repositories, `SIGNING_KEY=default` could be used to provide different
2020-02-18 20:23:45 -05:00
signing keys on a per-repository basis. However, this is clearly not an
2019-10-16 09:42:42 -04:00
ideal UI and therefore subject to change.
2022-07-08 04:09:07 -04:00
**Since 1.17**, Gitea runs git in its own home directory `[git].HOME_PATH` (default to `%(APP_DATA_PATH)/home` )
and uses its own config `{[git].HOME_PATH}/.gitconfig` .
2022-06-16 11:47:44 -04:00
If you have your own customized git config for Gitea, you should set these configs in system git config (aka `/etc/gitconfig` )
2022-07-10 05:04:46 -04:00
or the Gitea internal git config `{[git].HOME_PATH}/.gitconfig` .
Related home files for git command (like `.gnupg` ) should also be put in Gitea's git home directory `[git].HOME_PATH` .
If you like to keep the `.gnupg` directory outside of `{[git].HOME_PATH}/` , consider setting the `$GNUPGHOME` environment variable to your preferred location.
2022-06-16 11:47:44 -04:00
2019-10-16 09:42:42 -04:00
### `INITIAL_COMMIT`
This option determines whether Gitea should sign the initial commit
when creating a repository. The possible values are:
2020-12-09 01:47:06 -05:00
- `never` : Never sign
- `pubkey` : Only sign if the user has a public key
- `twofa` : Only sign if the user logs in with two factor authentication
- `always` : Always sign
2019-10-16 09:42:42 -04:00
Options other than `never` and `always` can be combined as a comma
2021-04-15 12:06:32 -04:00
separated list. The commit will be signed if all selected options are true.
2019-10-16 09:42:42 -04:00
### `WIKI`
This options determines if Gitea should sign commits to the Wiki.
The possible values are:
2020-12-09 01:47:06 -05:00
- `never` : Never sign
- `pubkey` : Only sign if the user has a public key
2022-06-16 11:47:44 -04:00
- `twofa` : Only sign if the user logs in with two-factor authentication
2020-12-09 01:47:06 -05:00
- `parentsigned` : Only sign if the parent commit is signed.
- `always` : Always sign
2019-10-16 09:42:42 -04:00
Options other than `never` and `always` can be combined as a comma
2021-04-15 12:06:32 -04:00
separated list. The commit will be signed if all selected options are true.
2019-10-16 09:42:42 -04:00
### `CRUD_ACTIONS`
This option determines if Gitea should sign commits from the web
editor or API CRUD actions. The possible values are:
2020-12-09 01:47:06 -05:00
- `never` : Never sign
- `pubkey` : Only sign if the user has a public key
2022-06-16 11:47:44 -04:00
- `twofa` : Only sign if the user logs in with two-factor authentication
2020-12-09 01:47:06 -05:00
- `parentsigned` : Only sign if the parent commit is signed.
- `always` : Always sign
2019-10-16 09:42:42 -04:00
Options other than `never` and `always` can be combined as a comma
2021-04-15 12:06:32 -04:00
separated list. The change will be signed if all selected options are true.
2019-10-16 09:42:42 -04:00
### `MERGES`
This option determines if Gitea should sign merge commits from PRs.
The possible options are:
2020-12-09 01:47:06 -05:00
- `never` : Never sign
- `pubkey` : Only sign if the user has a public key
2022-06-16 11:47:44 -04:00
- `twofa` : Only sign if the user logs in with two-factor authentication
2020-12-09 01:47:06 -05:00
- `basesigned` : Only sign if the parent commit in the base repo is signed.
- `headsigned` : Only sign if the head commit in the head branch is signed.
- `commitssigned` : Only sign if all the commits in the head branch to the merge point are signed.
- `approved` : Only sign approved merges to a protected branch.
- `always` : Always sign
2019-10-16 09:42:42 -04:00
Options other than `never` and `always` can be combined as a comma
2021-04-15 12:06:32 -04:00
separated list. The merge will be signed if all selected options are true.
2019-10-16 09:42:42 -04:00
## Obtaining the Public Key of the Signing Key
The public key used to sign Gitea's commits can be obtained from the API at:
2020-12-09 01:47:06 -05:00
```sh
2020-02-18 20:23:45 -05:00
/api/v1/signing-key.gpg
```
2019-10-16 09:42:42 -04:00
In cases where there is a repository specific key this can be obtained from:
2020-12-09 01:47:06 -05:00
```sh
2020-02-18 20:23:45 -05:00
/api/v1/repos/:username/:reponame/signing-key.gpg
```