Beyond coding. We forge. https://forgejo.org
Find a file
Wim 9066d09c57
Add ssh certificate support (#12281)
* Add ssh certificate support

* Add ssh certificate support to builtin ssh

* Write trusted-user-ca-keys.pem based on configuration

* Update app.example.ini

* Update templates/user/settings/keys_principal.tmpl

Co-authored-by: silverwind <me@silverwind.io>

* Remove unused locale string

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* Add missing creation of SSH.Rootpath

* Update cheatsheet, example and locale strings

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

* Optimizations based on feedback

* Validate CA keys for external sshd

* Add filename option and change default filename

Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem

Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.

Add some more documentation.

* Remove unneeded principalkey functions

* Add blank line

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option

This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.

To allow anything the admin need to set the option anything.

This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).

This commit also has some small other fixes from the last code review.

* Rewrite principal keys file on user deletion

* Use correct rewrite method

* Set correct AuthorizedPrincipalsBackup default setting

* Rewrite principalsfile when adding principals

* Add update authorized_principals option to admin dashboard

* Handle non-primary emails

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add the command actually to the dashboard template

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* By default do not show principal options unless there are CA keys set or they are explicitly set

Signed-off-by: Andrew Thornton <art27@cantab.net>

* allow settings when enabled

* Fix typos in TrustedUserCAKeys path

* Allow every CASignatureAlgorithms algorithm

As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA

* Update models/ssh_key.go

Co-authored-by: Lauris BH <lauris@nix.lv>

* Fix linting issue

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-10 20:38:09 -04:00
.github Improve stale message (#9920) 2020-01-22 12:55:27 +02:00
assets Rework 'make generate-images' (#12316) 2020-07-26 17:47:51 +08:00
build update revive lint to latest commit (#12921) 2020-09-22 20:02:16 +03:00
cmd Add ssh certificate support (#12281) 2020-10-10 20:38:09 -04:00
contrib Removing k8s contrib file (#12761) 2020-09-07 23:22:55 -04:00
custom/conf Add ssh certificate support (#12281) 2020-10-10 20:38:09 -04:00
docker Add ssh certificate support (#12281) 2020-10-10 20:38:09 -04:00
docs Add ssh certificate support (#12281) 2020-10-10 20:38:09 -04:00
integrations Disable DSA ssh keys by default (#13056) 2020-10-09 09:52:57 +03:00
models Add ssh certificate support (#12281) 2020-10-10 20:38:09 -04:00
modules Add ssh certificate support (#12281) 2020-10-10 20:38:09 -04:00
options Add ssh certificate support (#12281) 2020-10-10 20:38:09 -04:00
public Add a migrate service type switch page (#12697) 2020-09-09 14:29:10 -04:00
routers Add ssh certificate support (#12281) 2020-10-10 20:38:09 -04:00
services Cache last commit when pushing for big repository (#10109) 2020-10-09 01:17:23 +03:00
snap Add logic to build stable and edge builds (#12052) 2020-07-17 13:27:00 -04:00
templates Add ssh certificate support (#12281) 2020-10-10 20:38:09 -04:00
tools Add 'make watch' (#12636) 2020-09-04 20:55:06 -04:00
vendor hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
web_src Fix attachments list in edit comment (#13036) 2020-10-11 00:49:59 +01:00
.air.conf Add 'watch-backend' (#12330) 2020-07-27 14:05:42 -04:00
.changelog.yml Changelog 1.11.0 (#10204) (#10211) 2020-02-10 11:16:31 -05:00
.drone.yml Bump min required golang to 1.13 (#12717) 2020-09-04 14:12:01 -04:00
.editorconfig Reindent Less to 2-space (#12602) 2020-08-25 22:48:53 +03:00
.eslintrc Update JS dependencies (#12702) 2020-09-04 00:26:50 +03:00
.gitattributes Update vendored .gitattributes (#12322) 2020-07-27 00:17:01 -04:00
.gitignore Move jquery-minicolors to npm/webpack (#12305) 2020-07-29 14:44:23 -04:00
.golangci.yml Add default storage configurations (#12813) 2020-09-29 12:05:13 +03:00
.ignore Fonts rework (#12114) 2020-07-06 11:56:54 +03:00
.lgtm refactor: ignore LGTM from author of pull request. (#3283) 2018-01-02 06:13:49 -06:00
.npmrc add package-lock=true in .npmrc (#9736) 2020-01-13 00:11:43 +01:00
.revive.toml refactor: replace lint to revive (#5422) 2018-12-03 09:28:46 -05:00
.stylelintrc File header tweaks, add CSS helpers (#12635) 2020-09-08 13:17:56 -04:00
BSDmakefile Add BSDmakefile to prevent errors when make is called under FreeBSD (#4446) 2018-07-16 20:45:51 +02:00
build.go update revive lint to latest commit (#12921) 2020-09-22 20:02:16 +03:00
CHANGELOG.md Changelog 1.12.5 (#13002) (#13003) 2020-10-01 14:47:54 -04:00
CONTRIBUTING.md Add link to owners election tickets, reorder to most-recent first (#11632) 2020-05-26 16:11:26 -05:00
DCO follow the advisor: add DCO and some improvements 2016-11-04 16:43:41 +08:00
Dockerfile Update Dockerfile (#12922) 2020-09-27 18:52:22 -04:00
go.mod hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
go.sum hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
LICENSE Fix typo 2016-11-08 08:42:05 +01:00
main.go Add a storage layer for attachments (#11387) 2020-08-18 12:23:45 +08:00
MAINTAINERS Add myself to MAINTAINERS (#11494) 2020-05-18 16:50:22 -05:00
Makefile Add migration for password algorithm change (#12784) 2020-09-15 18:02:41 -04:00
package-lock.json Update JS dependencies (#12782) 2020-09-10 12:16:40 +08:00
package.json Update JS dependencies (#12782) 2020-09-10 12:16:40 +08:00
README.md fix readme format (#12797) 2020-09-10 13:05:15 -04:00
README_ZH.md update discord link (#10455) 2020-02-25 12:36:45 -05:00
SECURITY.md Add security policy to repo (#12536) 2020-08-19 17:15:55 +01:00
semantic.json Update JS dependencies (#12782) 2020-09-10 12:16:40 +08:00
webpack.config.js Update JS dependencies (#12782) 2020-09-10 12:16:40 +08:00

简体中文

logo Gitea - Git with a cup of tea

Build Status Join the Discord chat at https://discord.gg/Gitea codecov Go Report Card GoDoc GitHub release Help Contribute to Open Source Become a backer/sponsor of gitea License: MIT Crowdin TODOs

Purpose

The goal of this project is to make the easiest, fastest, and most painless way of setting up a self-hosted Git service. Using Go, this can be done with an independent binary distribution across all platforms which Go supports, including Linux, macOS, and Windows on x86, amd64, ARM and PowerPC architectures. Want to try it before doing anything else? Do it with the online demo! This project has been forked from Gogs since 2016.11 but changed a lot.

Building

From the root of the source tree, run:

TAGS="bindata" make build

or if sqlite support is required:

TAGS="bindata sqlite sqlite_unlock_notify" make build

The build target is split into two sub-targets:

  • make backend which requires Go 1.13 or greater.
  • make frontend which requires Node.js 10.13 or greater.

If pre-built frontend files are present it is possible to only build the backend:

TAGS="bindata" make backend

Parallelism is not supported for these targets, so please don't include -j <num>.

More info: https://docs.gitea.io/en-us/install-from-source/

Using

./gitea web

NOTE: If you're interested in using our APIs, we have experimental support with documentation.

Contributing

Expected workflow is: Fork -> Patch -> Push -> Pull Request

NOTES:

  1. YOU MUST READ THE CONTRIBUTORS GUIDE BEFORE STARTING TO WORK ON A PULL REQUEST.
  2. If you have found a vulnerability in the project, please write privately to security@gitea.io. Thanks!

Further information

For more information and instructions about how to install Gitea, please look at our documentation. If you have questions that are not covered by the documentation, you can get in contact with us on our Discord server, or forum!

Authors

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

FAQ

How do you pronounce Gitea?

Gitea is pronounced /ɡɪti:/ as in "gi-tea" with a hard g.

Why is this not hosted on a Gitea instance?

We're working on it.

License

This project is licensed under the MIT License. See the LICENSE file for the full license text.

Screenshots

Looking for an overview of the interface? Check it out!

Dashboard User Profile Global Issues
Branches Web Editor Activity
New Migration Migrating Pull Request View
Pull Request Dark Diff Review Dark Diff Dark