Skip to content

feat(gitaly-git2go): sign commits with OpenPGP key

Savely Krasovsky requested to merge L11R/gitaly:master into master

Sign commits made via WebUI (edit, WebIDE, merge requests)


To combat supply chain attacks, you must sign every commit you make. We currently use pre-receive hook to reject every unsigned commit, but this breaks web-commits completely. While it is still better to sign commits directly on a workstation, I think it is acceptable for some projects to allow commits made using webui, but still gain some benefits. Signing all commits reduces the risks and allows you to deploy more restrictive policies (like in our case with pre-receive hook).


Old issues


  • Sign commits
    • apply
    • cherry-pick
    • commit
    • conflicts
    • merge
    • rebase
    • resolve
    • revert
    • submodule
  • Sign tags (tag signing currently not supported by git2go)
  • gitaly-git2go should support commits both with and without signature
  • Pass existing Go tests
  • Add new tests to cover cases with signed commits
  • Add an option in GitLab admin to sign web-commits
  • Add an option in config.toml
  • Display this signatures in UI properly (in scope of gitlab!95231 (closed))
  • (Optional) Generate default key pair during first boot (after installation or update) (first iteration probably should be configured manually)
Edited by Savely Krasovsky

Merge request reports