Remove undocumented support of signing key in the repository git configuration file (#36143)

Per-repository signing keys have never been officially supported, as they would require users to modify the repository’s config file. At this point, it is clear that only global signing keys (GPG or SSH) should be allowed. If we want to introduce per-repository signing keys in the future, it will require a complete design proposal. The endpoint will not be removed for repository special signing key, but it will reference the global signing key. --------- Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: delvh <dev.lh@web.de>

Author: lunny

modules/git/commit.go

@@ -323,14 +323,6 @@ func GetFullCommitID(ctx context.Context, repoPath, shortID string) (string, err
 return strings.TrimSpace(commitID), nil
 }
 
-// GetRepositoryDefaultPublicGPGKey returns the default public key for this commit
-func (c *Commit) GetRepositoryDefaultPublicGPGKey(forceUpdate bool) (*GPGSettings, error) {
-if c.repo == nil {
-return nil, nil
-}
-return c.repo.GetDefaultPublicGPGKey(forceUpdate)
-}
-
 func IsStringLikelyCommitID(objFmt ObjectFormat, s string, minLength ...int) bool {
 maxLen := 64 // sha256
 if objFmt != nil {

modules/git/gpg.go

@@ -0,0 +1,102 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package git
+
+import (
+"context"
+"fmt"
+"os"
+"strings"
+"sync"
+
+"code.gitea.io/gitea/modules/git/gitcmd"
+"code.gitea.io/gitea/modules/process"
+)
+
+// GPGSettings represents the default GPG settings for this repository
+type GPGSettings struct {
+Sign bool
+KeyID string
+Email string
+Name string
+PublicKeyContent string
+Format string
+}
+
+// LoadPublicKeyContent will load the key from gpg
+func (gpgSettings *GPGSettings) LoadPublicKeyContent() error {
+if gpgSettings.PublicKeyContent != "" {
+return nil
+}
+
+if gpgSettings.Format == SigningKeyFormatSSH {
+content, err := os.ReadFile(gpgSettings.KeyID)
+if err != nil {
+return fmt.Errorf("unable to read SSH public key file: %s, %w", gpgSettings.KeyID, err)
+}
+gpgSettings.PublicKeyContent = string(content)
+return nil
+}
+content, stderr, err := process.GetManager().Exec(
+"gpg -a --export",
+"gpg", "-a", "--export", gpgSettings.KeyID)
+if err != nil {
+return fmt.Errorf("unable to get default signing key: %s, %s, %w", gpgSettings.KeyID, stderr, err)
+}
+gpgSettings.PublicKeyContent = content
+return nil
+}
+
+var (
+loadPublicGPGKeyMutex sync.RWMutex
+globalGPGSettings *GPGSettings
+)
+
+// GetDefaultPublicGPGKey will return and cache the default public GPG settings
+func GetDefaultPublicGPGKey(ctx context.Context, forceUpdate bool) (*GPGSettings, error) {
+if !forceUpdate {
+loadPublicGPGKeyMutex.RLock()
+if globalGPGSettings != nil {
+defer loadPublicGPGKeyMutex.RUnlock()
+return globalGPGSettings, nil
+}
+loadPublicGPGKeyMutex.RUnlock()
+}
+
+loadPublicGPGKeyMutex.Lock()
+defer loadPublicGPGKeyMutex.Unlock()
+
+if globalGPGSettings != nil && !forceUpdate {
+return globalGPGSettings, nil
+}
+
+globalGPGSettings = &GPGSettings{
+Sign: true,
+}
+
+value, _, _ := gitcmd.NewCommand("config", "--global", "--get", "commit.gpgsign").RunStdString(ctx)
+sign, valid := ParseBool(strings.TrimSpace(value))
+if !sign || !valid {
+globalGPGSettings.Sign = false
+return globalGPGSettings, nil
+}
+
+signingKey, _, _ := gitcmd.NewCommand("config", "--global", "--get", "user.signingkey").RunStdString(ctx)
+globalGPGSettings.KeyID = strings.TrimSpace(signingKey)
+
+format, _, _ := gitcmd.NewCommand("config", "--global", "--default", SigningKeyFormatOpenPGP, "--get", "gpg.format").RunStdString(ctx)
+globalGPGSettings.Format = strings.TrimSpace(format)
+
+defaultEmail, _, _ := gitcmd.NewCommand("config", "--global", "--get", "user.email").RunStdString(ctx)
+globalGPGSettings.Email = strings.TrimSpace(defaultEmail)
+
+defaultName, _, _ := gitcmd.NewCommand("config", "--global", "--get", "user.name").RunStdString(ctx)
+globalGPGSettings.Name = strings.TrimSpace(defaultName)
+
+if err := globalGPGSettings.LoadPublicKeyContent(); err != nil {
+return nil, err
+}
+return globalGPGSettings, nil
+}

modules/git/key.go

@@ -32,23 +32,23 @@ func (s *SigningKey) String() string {
 }
 
 // GetSigningKey returns the KeyID and git Signature for the repo
-func GetSigningKey(ctx context.Context, repoPath string) (*SigningKey, *Signature) {
+func GetSigningKey(ctx context.Context) (*SigningKey, *Signature) {
 if setting.Repository.Signing.SigningKey == "none" {
 return nil, nil
 }
 
 if setting.Repository.Signing.SigningKey == "default" || setting.Repository.Signing.SigningKey == "" {
 // Can ignore the error here as it means that commit.gpgsign is not set
-value, _, _ := gitcmd.NewCommand("config", "--get", "commit.gpgsign").WithDir(repoPath).RunStdString(ctx)
+value, _, _ := gitcmd.NewCommand("config", "--global", "--get", "commit.gpgsign").RunStdString(ctx)
 sign, valid := ParseBool(strings.TrimSpace(value))
 if !sign || !valid {
 return nil, nil
 }
 
-format, _, _ := gitcmd.NewCommand("config", "--default", SigningKeyFormatOpenPGP, "--get", "gpg.format").WithDir(repoPath).RunStdString(ctx)
-signingKey, _, _ := gitcmd.NewCommand("config", "--get", "user.signingkey").WithDir(repoPath).RunStdString(ctx)
-signingName, _, _ := gitcmd.NewCommand("config", "--get", "user.name").WithDir(repoPath).RunStdString(ctx)
-signingEmail, _, _ := gitcmd.NewCommand("config", "--get", "user.email").WithDir(repoPath).RunStdString(ctx)
+format, _, _ := gitcmd.NewCommand("config", "--global", "--default", SigningKeyFormatOpenPGP, "--get", "gpg.format").RunStdString(ctx)
+signingKey, _, _ := gitcmd.NewCommand("config", "--global", "--get", "user.signingkey").RunStdString(ctx)
+signingName, _, _ := gitcmd.NewCommand("config", "--global", "--get", "user.name").RunStdString(ctx)
+signingEmail, _, _ := gitcmd.NewCommand("config", "--global", "--get", "user.email").RunStdString(ctx)
 
 if strings.TrimSpace(signingKey) == "" {
 return nil, nil

modules/git/repo.go

@@ -20,16 +20,6 @@ import (
 "code.gitea.io/gitea/modules/proxy"
 )
 
-// GPGSettings represents the default GPG settings for this repository
-type GPGSettings struct {
-Sign bool
-KeyID string
-Email string
-Name string
-PublicKeyContent string
-Format string
-}
-
 const prettyLogFormat = `--pretty=format:%H`
 
 func (repo *Repository) ShowPrettyFormatLogToList(ctx context.Context, revisionRange string) ([]*Commit, error) {

modules/git/repo_base_gogit.go

@@ -32,7 +32,6 @@ type Repository struct {
 
 gogitRepo *gogit.Repository
 gogitStorage *filesystem.Storage
-gpgSettings *GPGSettings
 
 Ctx context.Context
 LastCommitCache *LastCommitCache

modules/git/repo_base_nogogit.go

@@ -23,8 +23,6 @@ type Repository struct {
 
 tagCache *ObjectCache[*Tag]
 
-gpgSettings *GPGSettings
-
 batchInUse bool
 batch *Batch
 

modules/git/repo_gpg.go

@@ -9,6 +9,6 @@ import (
 "code.gitea.io/gitea/modules/git"
 )
 
-func GetSigningKey(ctx context.Context, repo Repository) (*git.SigningKey, *git.Signature) {
-return git.GetSigningKey(ctx, repoPath(repo))
+func GetSigningKey(ctx context.Context) (*git.SigningKey, *git.Signature) {
+return git.GetSigningKey(ctx)
 }

modules/gitrepo/signing.go

@@ -10,13 +10,8 @@ import (
 )
 
 func getSigningKey(ctx *context.APIContext, expectedFormat string) {
-// if the handler is in the repo's route group, get the repo's signing key
-// otherwise, get the global signing key
-path := ""
-if ctx.Repo != nil && ctx.Repo.Repository != nil {
-path = ctx.Repo.Repository.RepoPath()
-}
-content, format, err := asymkey_service.PublicSigningKey(ctx, path)
+// get the global signing key
+content, format, err := asymkey_service.PublicSigningKey(ctx)
 if err != nil {
 ctx.APIErrorInternal(err)
 return

routers/api/v1/misc/signing.go

@@ -61,7 +61,7 @@ func SettingsCtxData(ctx *context.Context) {
 ctx.Data["MinimumMirrorInterval"] = setting.Mirror.MinInterval
 ctx.Data["CanConvertFork"] = ctx.Repo.Repository.IsFork && ctx.Doer.CanCreateRepoIn(ctx.Repo.Repository.Owner)
 
-signing, _ := gitrepo.GetSigningKey(ctx, ctx.Repo.Repository)
+signing, _ := gitrepo.GetSigningKey(ctx)
 ctx.Data["SigningKeyAvailable"] = signing != nil
 ctx.Data["SigningSettings"] = setting.Repository.Signing
 ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled
@@ -104,7 +104,7 @@ func SettingsPost(ctx *context.Context) {
 ctx.Data["DefaultMirrorInterval"] = setting.Mirror.DefaultInterval
 ctx.Data["MinimumMirrorInterval"] = setting.Mirror.MinInterval
 
-signing, _ := gitrepo.GetSigningKey(ctx, ctx.Repo.Repository)
+signing, _ := gitrepo.GetSigningKey(ctx)
 ctx.Data["SigningKeyAvailable"] = signing != nil
 ctx.Data["SigningSettings"] = setting.Repository.Signing
 ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled