Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add signature support for the RPM module #27069

Merged
merged 25 commits into from
Aug 6, 2024
Merged

Add signature support for the RPM module #27069

merged 25 commits into from
Aug 6, 2024

Conversation

ExplodingDragon
Copy link
Contributor

@ExplodingDragon ExplodingDragon commented Sep 14, 2023
edited
Loading

close #27031

If the rpm package does not contain a matching gpg signature, the installation will fail. See (#27031) , now auto-signing rpm uploads.

This option is turned off by default for compatibility.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Sep 14, 2023
@pull-request-size pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Sep 14, 2023
@github-actions github-actions bot added modifies/api This PR adds API routes or modifies them topic/packages labels Sep 14, 2023
@pull-request-size pull-request-size bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Sep 14, 2023
@ExplodingDragon ExplodingDragon marked this pull request as draft September 14, 2023 04:58
@ExplodingDragon ExplodingDragon changed the title Support for signing uploaded RPM WIP: Support for signing uploaded RPM Sep 14, 2023
@ExplodingDragon
Copy link
Contributor Author

golang.org/x/crypto/openpgp under golang is outdated, but the signature-related code still relies on it, pending upstream updates.

@JakobDev
Copy link
Contributor

You could also sign existing packages

@ExplodingDragon
Copy link
Contributor Author

ExplodingDragon commented Sep 14, 2023
edited
Loading

You could also sign existing packages

Signing existing packages is not well suited to be done on update, the best option is to create a manual task, sorry I'm not familiar with gitea.

@silverwind
Copy link
Member

silverwind commented Sep 14, 2023
edited
Loading

Maybe use either https://github.com/ProtonMail/go-crypto or https://github.com/ProtonMail/gopenpgp?

@ExplodingDragon
Copy link
Contributor Author

ExplodingDragon commented Sep 14, 2023
edited
Loading

Maybe use either https://github.com/ProtonMail/go-crypto or https://github.com/ProtonMail/gopenpgp?

It may not work well because the old way of signing is missing.

Note:

@silverwind
Copy link
Member

Seems they fixed it in ProtonMail/go-crypto#175, no? Long-term, it's very much preferable to depend on a supported package, ideally with some tests to confirm the signatures work, as just from reading that issue, it seems like something that will be prone to breakage in the future.

@ExplodingDragon ExplodingDragon mentioned this pull request Mar 19, 2024
Closed
@github-actions github-actions bot added the modifies/go Pull requests that update Go code label Mar 19, 2024
@pull-request-size pull-request-size bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 15, 2024
@ExplodingDragon
Copy link
Contributor Author

As of now, the pr functionality is complete and only lacks testing.

@lunny lunny added this to the 1.23.0 milestone May 21, 2024
@ExplodingDragon ExplodingDragon mentioned this pull request Jun 29, 2024
Open
@ExplodingDragon ExplodingDragon changed the title Support for signing uploaded RPM Add signature support for the RPM module Aug 1, 2024
lunny
lunny reviewed Aug 1, 2024
View reviewed changes
custom/conf/app.example.ini Outdated Show resolved Hide resolved
DennisRasey pushed a commit to DennisRasey/forgejo that referenced this pull request Aug 2, 2024
@ExplodingDragon
Add signature support for the RPM module (#4780)
471265c 
This pull request comes from go-gitea/gitea#27069.

If the rpm package does not contain a matching gpg signature, the installation will fail. See ([gitea/gitea#27031](go-gitea/gitea#27031)) , now auto-signing all new rpm uploads.

This option is turned off by default for compatibility.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4780): <!--number 4780 --><!--line 0 --><!--description QWRkIHNpZ25hdHVyZSBzdXBwb3J0IGZvciB0aGUgUlBNIG1vZHVsZQ==-->Add signature support for the RPM module<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4780
Reviewed-by: Earl Warren <[email protected]>
Co-authored-by: Exploding Dragon <[email protected]>
Co-committed-by: Exploding Dragon <[email protected]>
techknowlogick
techknowlogick approved these changes Aug 2, 2024
View reviewed changes
Copy link
Member

@techknowlogick techknowlogick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ExplodingDragon for this PR (and your others too)! I've been able to pull this locally and test it, and it works as expected.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Aug 2, 2024
@pull-request-size pull-request-size bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Aug 3, 2024
wolfogre
wolfogre approved these changes Aug 6, 2024
View reviewed changes
Copy link
Member

@wolfogre wolfogre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. And we need to update https://gitea.com/gitea/docs/src/branch/main/docs/administration/config-cheat-sheet.md

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Aug 6, 2024
@techknowlogick techknowlogick merged commit de175e3 into go-gitea:main Aug 6, 2024
26 checks passed
@ExplodingDragon ExplodingDragon deleted the feature-support-rpm-gpgsign branch August 6, 2024 14:00
zjjhot added a commit to zjjhot/gitea that referenced this pull request Aug 7, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
19b1d19 
* giteaofficial/main:
  Fix protected branch files detection on pre_receive hook (go-gitea#31778)
  Add signature support for the RPM module (go-gitea#27069)
  Fix null requested_reviewer from API (go-gitea#31773)
@KN4CK3R KN4CK3R mentioned this pull request Aug 7, 2024
Merged
lafriks pushed a commit that referenced this pull request Aug 8, 2024
@KN4CK3R
Fix RPM resource leak (#31794)
3862b31 
Fixes a resource leak introduced by #27069.

- add defer
- move sign code out of `repository.go`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lunny lunny lunny left review comments

@lafriks lafriks lafriks left review comments

@techknowlogick techknowlogick techknowlogick approved these changes

@wolfogre wolfogre wolfogre approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code size/M Denotes a PR that changes 30-99 lines, ignoring generated files. topic/packages
Projects
None yet
Milestone
1.23.0
Development

Successfully merging this pull request may close these issues.

Support for signing uploaded RPM
8 participants
@ExplodingDragon @JakobDev @silverwind @lunny @techknowlogick @lafriks @wolfogre @GiteaBot