Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add configurable Trust Models #11712

Merged
merged 16 commits into from
Sep 19, 2020
Merged

Add configurable Trust Models #11712

merged 16 commits into from
Sep 19, 2020

Conversation

zeripath
Copy link
Contributor

Gitea's default signature verification model differs from GitHub. GitHub
uses signatures to verify that the committer is who they say they are -
meaning that when GitHub makes a signed commit it must be the committer.
The GitHub model prevents re-publishing of commits after revocation of a
key and prevents re-signing of other people's commits to create a
completely trusted repository signed by one key or a set of trusted
keys.

The default behaviour of Gitea in contrast is to always display the
avatar and information related to a signature. This allows signatures to
be decoupled from the committer. That being said, allowing arbitary
users to present other peoples commits as theirs is not necessarily
desired therefore we have a trust model whereby signatures from
collaborators are marked trusted, signatures matching the commit line
are marked untrusted and signatures that match a user in the db but not
the committer line are marked unmatched.

The problem with this model is that this conflicts with Github therefore
we need to provide an option to allow users to choose the Github model
should they wish to.

Signed-off-by: Andrew Thornton art27@cantab.net

@zeripath
Add configurable Trust Models
dbff91b 
Gitea's default signature verification model differs from GitHub. GitHub
uses signatures to verify that the committer is who they say they are -
meaning that when GitHub makes a signed commit it must be the committer.
The GitHub model prevents re-publishing of commits after revocation of a
key and prevents re-signing of other people's commits to create a
completely trusted repository signed by one key or a set of trusted
keys.

The default behaviour of Gitea in contrast is to always display the
avatar and information related to a signature. This allows signatures to
be decoupled from the committer. That being said, allowing arbitary
users to present other peoples commits as theirs is not necessarily
desired therefore we have a trust model whereby signatures from
collaborators are marked trusted, signatures matching the commit line
are marked untrusted and signatures that match a user in the db but not
the committer line are marked unmatched.

The problem with this model is that this conflicts with Github therefore
we need to provide an option to allow users to choose the Github model
should they wish to.

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath added the type/enhancement An improvement of existing functionality label May 31, 2020
@zeripath zeripath added this to the 1.13.0 milestone May 31, 2020
CirnoT
CirnoT reviewed May 31, 2020
View reviewed changes
custom/conf/app.ini.sample Outdated Show resolved Hide resolved
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 31, 2020
CirnoT
CirnoT reviewed Jun 6, 2020
View reviewed changes
options/locale/locale_en-US.ini Outdated Show resolved Hide resolved
options/locale/locale_en-US.ini Outdated Show resolved Hide resolved
options/locale/locale_en-US.ini Outdated Show resolved Hide resolved
options/locale/locale_en-US.ini Outdated Show resolved Hide resolved
options/locale/locale_en-US.ini Outdated Show resolved Hide resolved
options/locale/locale_en-US.ini Outdated Show resolved Hide resolved
@CirnoT
Copy link
Contributor

CirnoT commented Jun 6, 2020

Need to resolve conflicts too

@codecov-commenter
Copy link

codecov-commenter commented Aug 13, 2020
edited
Loading

Codecov Report

Merging #11712 into master will decrease coverage by 0.03%.
The diff coverage is 34.86%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #11712      +/-   ##
==========================================
- Coverage   43.11%   43.08%   -0.04%     
==========================================
  Files         657      658       +1     
  Lines       72340    72448     +108     
==========================================
+ Hits        31189    31212      +23     
- Misses      36107    36183      +76     
- Partials     5044     5053       +9
Impacted Files Coverage Δ
models/migrations/migrations.go 2.46% <ø> (ø)
models/migrations/v152.go 0.00% <0.00%> (ø)
modules/auth/repo_form.go 42.34% <ø> (ø)
modules/git/repo_tree.go 40.00% <0.00%> (ø)
modules/repofiles/delete.go 48.62% <0.00%> (ø)
modules/repofiles/update.go 37.08% <0.00%> (ø)
modules/repository/generate.go 0.00% <0.00%> (ø)
modules/structs/repo.go 50.00% <ø> (ø)
models/gpg_key.go 53.33% <14.28%> (-1.49%) ⬇️
routers/repo/setting.go 14.95% <18.75%> (+0.10%) ⬆️
... and 28 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 89c94e2...17dd1c0. Read the comment docs.

6543
6543 reviewed Aug 24, 2020
View reviewed changes
models/gpg_key.go Show resolved Hide resolved
models/gpg_key.go Outdated Show resolved Hide resolved
models/gpg_key.go Outdated Show resolved Hide resolved
@6543
Copy link
Member

6543 commented Aug 24, 2020

☝️ set trusted at the begining once and then overwrite it if a case matches ...

@zeripath @6543
as per @6543
6d65d0e 
Co-authored-by: 6543 <6543@obermui.de>
@6543
Copy link
Member

6543 commented Aug 26, 2020
edited
Loading

make fmt (i think there is one /newline too mouch)

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Aug 26, 2020
zeripath
zeripath commented Aug 26, 2020
View reviewed changes
models/gpg_key.go Outdated Show resolved Hide resolved
lunny
lunny reviewed Sep 18, 2020
View reviewed changes
models/repo.go Show resolved Hide resolved
@zeripath
Add migration for repository
fba6adc 
Signed-off-by: Andrew Thornton <art27@cantab.net>
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Sep 19, 2020
@lunny lunny merged commit 4979f15 into go-gitea:master Sep 19, 2020
@zeripath zeripath deleted the verification-trust-models branch September 19, 2020 18:48
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@CirnoT CirnoT CirnoT left review comments

@6543 6543 6543 approved these changes

@lunny lunny lunny approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
1.13.0
Development

Successfully merging this pull request may close these issues.
6 participants
@zeripath @CirnoT @codecov-commenter @6543 @lunny @GiteaBot