mirror of
https://gitcode.com/gitea/gitea.git
synced 2025-06-20 03:43:59 +08:00
Add require signed commit for protected branch (#9708)
* Add require signed commit for protected branch * Fix fmt * Make editor show if they will be signed * bugfix * Add basic merge check and better information for CRUD * linting comment * Add descriptors to merge signing * Slight refactor * Slight improvement to appearances * Handle Merge API * manage CRUD API * Move error to error.go * Remove fix to delete.go * prep for merge * need to tolerate \r\n in message * check protected branch before trying to load it * Apply suggestions from code review Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * fix commit-reader Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
This commit is contained in:
zeripath
@ -46,6 +46,7 @@ type ProtectedBranch struct {
|
||||
RequiredApprovals int64 `xorm:"NOT NULL DEFAULT 0"`
|
||||
BlockOnRejectedReviews bool `xorm:"NOT NULL DEFAULT false"`
|
||||
DismissStaleApprovals bool `xorm:"NOT NULL DEFAULT false"`
|
||||
RequireSignedCommits bool `xorm:"NOT NULL DEFAULT false"`
|
||||
|
||||
CreatedUnix timeutil.TimeStamp `xorm:"created"`
|
||||
UpdatedUnix timeutil.TimeStamp `xorm:"updated"`
|
||||
|
||||
@ -916,6 +916,22 @@ func (err ErrUserDoesNotHaveAccessToRepo) Error() string {
|
||||
return fmt.Sprintf("user doesn't have acces to repo [user_id: %d, repo_name: %s]", err.UserID, err.RepoName)
|
||||
}
|
||||
|
||||
// ErrWontSign explains the first reason why a commit would not be signed
|
||||
// There may be other reasons - this is just the first reason found
|
||||
type ErrWontSign struct {
|
||||
Reason signingMode
|
||||
}
|
||||
|
||||
func (e *ErrWontSign) Error() string {
|
||||
return fmt.Sprintf("wont sign: %s", e.Reason)
|
||||
}
|
||||
|
||||
// IsErrWontSign checks if an error is a ErrWontSign
|
||||
func IsErrWontSign(err error) bool {
|
||||
_, ok := err.(*ErrWontSign)
|
||||
return ok
|
||||
}
|
||||
|
||||
// __________ .__
|
||||
// \______ \____________ ____ ____ | |__
|
||||
// | | _/\_ __ \__ \ / \_/ ___\| | \
|
||||
|
||||
@ -298,6 +298,8 @@ var migrations = []Migration{
|
||||
NewMigration("Add owner_name on table repository", addOwnerNameOnRepository),
|
||||
// v121 -> v122
|
||||
NewMigration("add is_restricted column for users table", addIsRestricted),
|
||||
// v122 -> v123
|
||||
NewMigration("Add Require Signed Commits to ProtectedBranch", addRequireSignedCommits),
|
||||
}
|
||||
|
||||
// Migrate database to current version
|
||||
|
||||
18
models/migrations/v122.go
Normal file
18
models/migrations/v122.go
Normal file
@ -0,0 +1,18 @@
|
||||
// Copyright 2020 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package migrations
|
||||
|
||||
import (
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
func addRequireSignedCommits(x *xorm.Engine) error {
|
||||
|
||||
type ProtectedBranch struct {
|
||||
RequireSignedCommits bool `xorm:"NOT NULL DEFAULT false"`
|
||||
}
|
||||
|
||||
return x.Sync2(new(ProtectedBranch))
|
||||
}
|
||||
@ -152,16 +152,18 @@ func (pr *PullRequest) LoadProtectedBranch() (err error) {
|
||||
}
|
||||
|
||||
func (pr *PullRequest) loadProtectedBranch(e Engine) (err error) {
|
||||
if pr.BaseRepo == nil {
|
||||
if pr.BaseRepoID == 0 {
|
||||
return nil
|
||||
}
|
||||
pr.BaseRepo, err = getRepositoryByID(e, pr.BaseRepoID)
|
||||
if err != nil {
|
||||
return
|
||||
if pr.ProtectedBranch == nil {
|
||||
if pr.BaseRepo == nil {
|
||||
if pr.BaseRepoID == 0 {
|
||||
return nil
|
||||
}
|
||||
pr.BaseRepo, err = getRepositoryByID(e, pr.BaseRepoID)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
}
|
||||
pr.ProtectedBranch, err = getProtectedBranchBy(e, pr.BaseRepo.ID, pr.BaseBranch)
|
||||
}
|
||||
pr.ProtectedBranch, err = getProtectedBranchBy(e, pr.BaseRepo.ID, pr.BaseBranch)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@ -11,16 +11,16 @@ import (
|
||||
)
|
||||
|
||||
// SignMerge determines if we should sign a PR merge commit to the base repository
|
||||
func (pr *PullRequest) SignMerge(u *User, tmpBasePath, baseCommit, headCommit string) (bool, string) {
|
||||
func (pr *PullRequest) SignMerge(u *User, tmpBasePath, baseCommit, headCommit string) (bool, string, error) {
|
||||
if err := pr.GetBaseRepo(); err != nil {
|
||||
log.Error("Unable to get Base Repo for pull request")
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
repo := pr.BaseRepo
|
||||
|
||||
signingKey := signingKey(repo.RepoPath())
|
||||
if signingKey == "" {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{noKey}
|
||||
}
|
||||
rules := signingModeFromStrings(setting.Repository.Signing.Merges)
|
||||
|
||||
@ -30,92 +30,101 @@ func (pr *PullRequest) SignMerge(u *User, tmpBasePath, baseCommit, headCommit st
|
||||
for _, rule := range rules {
|
||||
switch rule {
|
||||
case never:
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{never}
|
||||
case always:
|
||||
break
|
||||
case pubkey:
|
||||
keys, err := ListGPGKeys(u.ID)
|
||||
if err != nil || len(keys) == 0 {
|
||||
return false, ""
|
||||
if err != nil {
|
||||
return false, "", err
|
||||
}
|
||||
if len(keys) == 0 {
|
||||
return false, "", &ErrWontSign{pubkey}
|
||||
}
|
||||
case twofa:
|
||||
twofa, err := GetTwoFactorByUID(u.ID)
|
||||
if err != nil || twofa == nil {
|
||||
return false, ""
|
||||
twofaModel, err := GetTwoFactorByUID(u.ID)
|
||||
if err != nil {
|
||||
return false, "", err
|
||||
}
|
||||
if twofaModel == nil {
|
||||
return false, "", &ErrWontSign{twofa}
|
||||
}
|
||||
case approved:
|
||||
protectedBranch, err := GetProtectedBranchBy(repo.ID, pr.BaseBranch)
|
||||
if err != nil || protectedBranch == nil {
|
||||
return false, ""
|
||||
if err != nil {
|
||||
return false, "", err
|
||||
}
|
||||
if protectedBranch == nil {
|
||||
return false, "", &ErrWontSign{approved}
|
||||
}
|
||||
if protectedBranch.GetGrantedApprovalsCount(pr) < 1 {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{approved}
|
||||
}
|
||||
case baseSigned:
|
||||
if gitRepo == nil {
|
||||
gitRepo, err = git.OpenRepository(tmpBasePath)
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
defer gitRepo.Close()
|
||||
}
|
||||
commit, err := gitRepo.GetCommit(baseCommit)
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
verification := ParseCommitWithSignature(commit)
|
||||
if !verification.Verified {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{baseSigned}
|
||||
}
|
||||
case headSigned:
|
||||
if gitRepo == nil {
|
||||
gitRepo, err = git.OpenRepository(tmpBasePath)
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
defer gitRepo.Close()
|
||||
}
|
||||
commit, err := gitRepo.GetCommit(headCommit)
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
verification := ParseCommitWithSignature(commit)
|
||||
if !verification.Verified {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{headSigned}
|
||||
}
|
||||
case commitsSigned:
|
||||
if gitRepo == nil {
|
||||
gitRepo, err = git.OpenRepository(tmpBasePath)
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
defer gitRepo.Close()
|
||||
}
|
||||
commit, err := gitRepo.GetCommit(headCommit)
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
verification := ParseCommitWithSignature(commit)
|
||||
if !verification.Verified {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{commitsSigned}
|
||||
}
|
||||
// need to work out merge-base
|
||||
mergeBaseCommit, _, err := gitRepo.GetMergeBase("", baseCommit, headCommit)
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
commitList, err := commit.CommitsBeforeUntil(mergeBaseCommit)
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
for e := commitList.Front(); e != nil; e = e.Next() {
|
||||
commit = e.Value.(*git.Commit)
|
||||
verification := ParseCommitWithSignature(commit)
|
||||
if !verification.Verified {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{commitsSigned}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return true, signingKey
|
||||
return true, signingKey, nil
|
||||
}
|
||||
|
||||
@ -25,6 +25,7 @@ const (
|
||||
headSigned signingMode = "headsigned"
|
||||
commitsSigned signingMode = "commitssigned"
|
||||
approved signingMode = "approved"
|
||||
noKey signingMode = "nokey"
|
||||
)
|
||||
|
||||
func signingModeFromStrings(modeStrings []string) []signingMode {
|
||||
@ -95,122 +96,140 @@ func PublicSigningKey(repoPath string) (string, error) {
|
||||
}
|
||||
|
||||
// SignInitialCommit determines if we should sign the initial commit to this repository
|
||||
func SignInitialCommit(repoPath string, u *User) (bool, string) {
|
||||
func SignInitialCommit(repoPath string, u *User) (bool, string, error) {
|
||||
rules := signingModeFromStrings(setting.Repository.Signing.InitialCommit)
|
||||
signingKey := signingKey(repoPath)
|
||||
if signingKey == "" {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{noKey}
|
||||
}
|
||||
|
||||
for _, rule := range rules {
|
||||
switch rule {
|
||||
case never:
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{never}
|
||||
case always:
|
||||
break
|
||||
case pubkey:
|
||||
keys, err := ListGPGKeys(u.ID)
|
||||
if err != nil || len(keys) == 0 {
|
||||
return false, ""
|
||||
if err != nil {
|
||||
return false, "", err
|
||||
}
|
||||
if len(keys) == 0 {
|
||||
return false, "", &ErrWontSign{pubkey}
|
||||
}
|
||||
case twofa:
|
||||
twofa, err := GetTwoFactorByUID(u.ID)
|
||||
if err != nil || twofa == nil {
|
||||
return false, ""
|
||||
twofaModel, err := GetTwoFactorByUID(u.ID)
|
||||
if err != nil {
|
||||
return false, "", err
|
||||
}
|
||||
if twofaModel == nil {
|
||||
return false, "", &ErrWontSign{twofa}
|
||||
}
|
||||
}
|
||||
}
|
||||
return true, signingKey
|
||||
return true, signingKey, nil
|
||||
}
|
||||
|
||||
// SignWikiCommit determines if we should sign the commits to this repository wiki
|
||||
func (repo *Repository) SignWikiCommit(u *User) (bool, string) {
|
||||
func (repo *Repository) SignWikiCommit(u *User) (bool, string, error) {
|
||||
rules := signingModeFromStrings(setting.Repository.Signing.Wiki)
|
||||
signingKey := signingKey(repo.WikiPath())
|
||||
if signingKey == "" {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{noKey}
|
||||
}
|
||||
|
||||
for _, rule := range rules {
|
||||
switch rule {
|
||||
case never:
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{never}
|
||||
case always:
|
||||
break
|
||||
case pubkey:
|
||||
keys, err := ListGPGKeys(u.ID)
|
||||
if err != nil || len(keys) == 0 {
|
||||
return false, ""
|
||||
if err != nil {
|
||||
return false, "", err
|
||||
}
|
||||
if len(keys) == 0 {
|
||||
return false, "", &ErrWontSign{pubkey}
|
||||
}
|
||||
case twofa:
|
||||
twofa, err := GetTwoFactorByUID(u.ID)
|
||||
if err != nil || twofa == nil {
|
||||
return false, ""
|
||||
twofaModel, err := GetTwoFactorByUID(u.ID)
|
||||
if err != nil {
|
||||
return false, "", err
|
||||
}
|
||||
if twofaModel == nil {
|
||||
return false, "", &ErrWontSign{twofa}
|
||||
}
|
||||
case parentSigned:
|
||||
gitRepo, err := git.OpenRepository(repo.WikiPath())
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
defer gitRepo.Close()
|
||||
commit, err := gitRepo.GetCommit("HEAD")
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
if commit.Signature == nil {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{parentSigned}
|
||||
}
|
||||
verification := ParseCommitWithSignature(commit)
|
||||
if !verification.Verified {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{parentSigned}
|
||||
}
|
||||
}
|
||||
}
|
||||
return true, signingKey
|
||||
return true, signingKey, nil
|
||||
}
|
||||
|
||||
// SignCRUDAction determines if we should sign a CRUD commit to this repository
|
||||
func (repo *Repository) SignCRUDAction(u *User, tmpBasePath, parentCommit string) (bool, string) {
|
||||
func (repo *Repository) SignCRUDAction(u *User, tmpBasePath, parentCommit string) (bool, string, error) {
|
||||
rules := signingModeFromStrings(setting.Repository.Signing.CRUDActions)
|
||||
signingKey := signingKey(repo.RepoPath())
|
||||
if signingKey == "" {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{noKey}
|
||||
}
|
||||
|
||||
for _, rule := range rules {
|
||||
switch rule {
|
||||
case never:
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{never}
|
||||
case always:
|
||||
break
|
||||
case pubkey:
|
||||
keys, err := ListGPGKeys(u.ID)
|
||||
if err != nil || len(keys) == 0 {
|
||||
return false, ""
|
||||
if err != nil {
|
||||
return false, "", err
|
||||
}
|
||||
if len(keys) == 0 {
|
||||
return false, "", &ErrWontSign{pubkey}
|
||||
}
|
||||
case twofa:
|
||||
twofa, err := GetTwoFactorByUID(u.ID)
|
||||
if err != nil || twofa == nil {
|
||||
return false, ""
|
||||
twofaModel, err := GetTwoFactorByUID(u.ID)
|
||||
if err != nil {
|
||||
return false, "", err
|
||||
}
|
||||
if twofaModel == nil {
|
||||
return false, "", &ErrWontSign{twofa}
|
||||
}
|
||||
case parentSigned:
|
||||
gitRepo, err := git.OpenRepository(tmpBasePath)
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
defer gitRepo.Close()
|
||||
commit, err := gitRepo.GetCommit(parentCommit)
|
||||
if err != nil {
|
||||
return false, ""
|
||||
return false, "", err
|
||||
}
|
||||
if commit.Signature == nil {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{parentSigned}
|
||||
}
|
||||
verification := ParseCommitWithSignature(commit)
|
||||
if !verification.Verified {
|
||||
return false, ""
|
||||
return false, "", &ErrWontSign{parentSigned}
|
||||
}
|
||||
}
|
||||
}
|
||||
return true, signingKey
|
||||
return true, signingKey, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user