Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gpg signing not working for PR in organisition #24503

Closed
8mccm8 opened this issue May 3, 2023 · 4 comments · Fixed by #25330
Closed

gpg signing not working for PR in organisition #24503

8mccm8 opened this issue May 3, 2023 · 4 comments · Fixed by #25330
Assignees
@techknowlogick
Labels
type/bug

Comments

@8mccm8
Copy link

8mccm8 commented May 3, 2023
edited
Loading

Description

Hi,

  • I created an organization called team and a one repository ansible. I cloned this repo in my account jeanmichel and my goal is to signed the PR request into the origin repo team/ansible.git from mine for sure!

  • All, my personal commit are signed no issue BUT my PR are not signed.

  • During the process gitea can read the gpg key and tell me it will be signed:

  • but not and return an HTTP 500

2023/05/03 16:31:36 ...dules/git/command.go:255:Run() [D] /home/git/gitea/data/tmp/local-repo/pull.git1708653802: /usr/bin/git -c protocol.version=2 -c credential.helper= -c filter.lfs.required= -c filter.lfs.smudge= -c filter.lfs.clean= commit --message=Merge pull request 'Mise à jour de 'README.md'' (#3) from jeanmichel/ansible:master into master
        Reviewed-on: http://server/git/team/ansible/pulls/3 -S1528 07CD 9411 4E1B 0419 644A 47D1 AA5F 58E0 79AF
2023/05/03 16:31:36 ...rvices/pull/merge.go:342:commitAndSignNoAuthor() [E] git commit PR[11]team/ansible#3[master...jeanmichel/ansible:master]: exit status 128
        error: gpg failed to sign the data
        fatal: failed to write commit object
2023/05/03 16:31:36 .../pull/merge_merge.go:21:doMergeStyleMerge() [E] PR[11]team/ansible#3[master...jeanmichel/ansible:master] Unable to make final commit: git commit PR[11]team/ansible#3[master...jeanmichel/ansible:master]: exit status 128
        error: gpg failed to sign the data
        fatal: failed to write commit object
2023/05/03 16:31:36 ...ers/web/repo/pull.go:1084:MergePullRequest() [E] Merge: git commit PR[11]team/ansible#3[master...jeanmichel/ansible:master]: exit status 128
        error: gpg failed to sign the data
        fatal: failed to write commit object
2023/05/03 16:31:36 ...s/context/context.go:218:HTML() [D] Template: status/500
2023/05/03 16:31:36 router: completed POST /team/ansible/pulls/3/merge for 10.130.120.16:0, 500 Internal Server Error in 84.4ms @ repo/pull.go:919(repo.MergePullRequest)
  • here the sample on my app.ini
[repository.signing]
SIGNING_KEY         = 152807CD94114E1B0419644A47D1AA5F58E079AF
SIGNING_NAME        = team
SIGNING_EMAIL       = [email protected]
INITIAL_COMMIT      = always
CRUD_ACTIONS        = pubkey, parentsigned
WIKI                = never
MERGES              = always
DEFAULT_TRUST_MODEL = committer
  • GPG looks good:
$ gpg --fingerprint [email protected]
pub   rsa2048 2023-05-03 [SC]
      152807CD94114E1B0419644A47D1AA5F58E079AF
uid          [  ultime ] team (Gitea Keys) <[email protected]>
sub   rsa2048 2023-05-03 [E]
  • and the gitconfig file:

$ cd /home/git/gitea/data/home
$ cat .gitconfig
[user]
        name = team
        email = [email protected]
[core]
        quotePath = false
        logAllRefUpdates = true
        commitGraph = true
[gc]
        reflogExpire = 90
        writeCommitGraph = true
[receive]
        advertisePushOptions = true
        procReceiveRefs = refs/for
[fetch]
        writeCommitGraph = true
[safe]
        directory = *
[uploadpack]
        allowfilter = true
        allowAnySHA1InWant = true

I tried also with:

& git config --global user.signingkey 152807CD94114E1B0419644A47D1AA5F58E079AF
$ git config --global user.name team
$ git config --global user.email [email protected]

config added in

$ cat /home/git/.gitconfig
[user]
        signingkey = 152807CD94114E1B0419644A47D1AA5F58E079AF
        name = team
        email = [email protected]

I'm pretty sure I missed something but I tried different configuration all gpg in gitconfig but always the same issue...

thanks for your feed back

thx for @techknowlogick discord support

Gitea Version

1.19.0 and 1.19.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

2.31.1

Operating System

Red Hat Enterprise Linux release 8.7 (Ootpa)

How are you running Gitea?

simple systemd start
fresh install and all repo are created with migration tool from 1.14.0, no package,
and debuging in consol

GITEA_WORK_DIR=/home/git/gitea /usr/local/bin/gitea web -c /etc/gitea/app.ini -p 3001

Database

MySQL
@8mccm8 8mccm8 added the type/bug label May 3, 2023
@techknowlogick techknowlogick self-assigned this May 3, 2023
@8mccm8
Copy link
Author

8mccm8 commented May 16, 2023

Hi all,

have you reproduce the bug?

@DanielGibson
Copy link

DanielGibson commented Jun 17, 2023
edited
Loading

Gitea should use the .gitconfig in [git] HOME_PATH, which in your case should be /home/git/gitea/data/home/ or something like that.

But even if you modify that .gitconfig it might still not work due to this bug I found in Forgejo: https://codeberg.org/forgejo/forgejo/issues/869
(I'd be surprised if Gitea didn't have the same problem).
It boils down to .gitconfig not being used for clients connecting through SSH, because the public key entries Gitea/Forgejo generates in $HOME/.ssh/authorized_keys contain a command that calls forgejo/gitea, and only sets the path to the config, but not the working dir, so it will use $path_of_the_gitea_executable/data/home/ as Git.HOME_PATH

If that bug also exists in Gitea's current development code, it should be fixed before the 1.20 release!

@DanielGibson
Copy link

At least "my" bug seems to be fixed in 1.20 rc0 and git.HOME_PATH now defaults to the correct path - @8mccm8 might be worth trying out that version, maybe your bug is fixed as well?

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Jun 18, 2023
edited
Loading

What's your app.ini and how did you install Gitea?

By default, [git].HOME_PATH should depend on [server].APP_DATA_PATH, which is an absolute path by default installation. (actually, it needs GITEA_WORK_DIR to be stable)

And , do you have GITEA_WORK_DIR=/home/git/gitea in your systemd service?

@wxiaoguang wxiaoguang mentioned this issue Jun 18, 2023
Merged
@DanielGibson DanielGibson mentioned this issue Jun 18, 2023
Closed
@lunny lunny closed this as completed in 2cdf260 Jun 21, 2023
wxiaoguang added a commit to wxiaoguang/gitea that referenced this issue Jun 21, 2023
@wxiaoguang
Refactor path & config system (go-gitea#25330)
5d57309 
# The problem

There were many "path tricks":

* By default, Gitea uses its program directory as its work path
* Gitea tries to use the "work path" to guess its "custom path" and
"custom conf (app.ini)"
* Users might want to use other directories as work path
* The non-default work path should be passed to Gitea by GITEA_WORK_DIR
or "--work-path"
* But some Gitea processes are started without these values
    * The "serv" process started by OpenSSH server
    * The CLI sub-commands started by site admin
* The paths are guessed by SetCustomPathAndConf again and again
* The default values of "work path / custom path / custom conf" can be
changed when compiling

# The solution

* Use `InitWorkPathAndCommonConfig` to handle these path tricks, and use
test code to cover its behaviors.
* When Gitea's web server runs, write the WORK_PATH to "app.ini", this
value must be the most correct one, because if this value is not right,
users would find that the web UI doesn't work and then they should be
able to fix it.
* Then all other sub-commands can use the WORK_PATH in app.ini to
initialize their paths.
* By the way, when Gitea starts for git protocol, it shouldn't output
any log, otherwise the git protocol gets broken and client blocks
forever.

The "work path" priority is: WORK_PATH in app.ini > cmd arg --work-path
> env var GITEA_WORK_DIR > builtin default

The "app.ini" searching order is: cmd arg --config > cmd arg "work path
/ custom path" > env var "work path / custom path" > builtin default

## ⚠️ BREAKING

If your instance's "work path / custom path / custom conf" doesn't meet
the requirements (eg: work path must be absolute), Gitea will report a
fatal error and exit. You need to set these values according to the
error log.

----

Close go-gitea#24818
Close go-gitea#24222
Close go-gitea#21606
Close go-gitea#21498
Close go-gitea#25107
Close go-gitea#24981
Maybe close go-gitea#24503

Replace go-gitea#23301
Replace go-gitea#22754

And maybe more
# Conflicts:
#	cmd/web.go
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@techknowlogick techknowlogick

Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refactor path & config system wxiaoguang/gitea
4 participants
@techknowlogick @DanielGibson @wxiaoguang @8mccm8