Gitea no longer GPG signs commits made on the web interface #151
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
For example, my latest website commits have not been signed: https://git.exozy.me/Ta180m/website/commits/branch/main
Also, https://git.exozy.me/api/v1/signing-key.gpg should display the public key but it displays nothing.
I suspect this bug is caused by us using the Gitea main branch instead of a release, so a recent commit probably broke this. I'm not sure if this has been reported to Gitea upstream yet.
I did a
git bisect
anda0051634b9
is the bad commit.Yay, that PR is a breaking change so using bleeding edge main code is always a fun time. Welp that's what life is like being a Gitea contributor...
The fix is to move the
.gitconfig
from the Gitea home directory/var/lib/gitea
to/var/lib/gitea/repos
since Gitea uses a private config directory now.Crap:
Moving the
.gnupg
directory to/var/lib/gitea/repos
fixes that issue.I'm getting the error
...mmit_verification.go:269:verifyWithGPGSettings() [E] Unable to get default signing key: failed to parse gpg key openpgp: invalid argument: no armored data found
now.So apparently you need to have the
.gnupg
folder copied in both the Gitea home and therepos
folder... not sure about the reason for that but the bug is now fixed.This bug has returned!!!
It looks like Gitea now uses the
/var/lib/gitea/data/home
directory for storing its.gitconfig
and.gnupg
directory according to the latest docs, so copying these files to that new location fixed the bug.Welp, that's what it's like deploying and running the Gitea main branch...