Support Signing Commits #898

Open
opened 2 years ago by enot · 2 comments
enot commented 2 years ago

# What do you want to address?

  • Bug
  • Feature
  • Suggestion

# Describe your matter briefly

It would be neat if the app supported signing of commits via something like OpenKeychain.

The app provides two APIs:

Not sure how much work this is but just thought it might be a nice addition one day.


Thank you for your time.

## # What do you want to address? <!-- This step is required; examples are shown below --> - [ ] Bug - [X] Feature - [ ] Suggestion ## # Describe your matter briefly <!-- This step is required. --> It would be neat if the app supported signing of commits via something like [OpenKeychain](https://www.openkeychain.org/). The app provides two APIs: - [OpenKeychain Intents](https://github.com/open-keychain/open-keychain/wiki/Intents) - [OpenPGP API](https://github.com/open-keychain/openpgp-api) Not sure how much work this is but just thought it might be a nice addition one day. <br><br> - [X] I carefully read the [contribution guidelines](https://codeberg.org/GitNex/GitNex/src/branch/master/CONTRIBUTING.md). <br> #### Thank you for your time.
opyale added the
🎉 Feature
label 2 years ago
Collaborator

I don't think this is possible with the current architecture. GitNex doesn't use Git directly, instead it uses Gitea's API to update files. I don't know enough about Gitea's structure of signing commits on the server, but maybe the server signs the commits when using the API (which requires a correct server configuration). Using a custom GPG key from the user is not that easy with this API and would need Git (which is not really possible in an Android app).

I don't think this is possible with the current architecture. GitNex doesn't use Git directly, instead it uses Gitea's API to update files. I don't know enough about Gitea's structure of signing commits on the server, but maybe the server signs the commits when using the API (which requires a correct server configuration). Using a custom GPG key from the user is not that easy with this API and would need Git (which is not really possible in an Android app).
Poster

I did some digging this morning as well and agree, the signature is stored inside the object itself which we could create without git on the client. But even then there is no method via the Gitea API that I can find to add and object to the tree, so maybe I will open an issue with Gitea.

If we had such an API endpoint it would just be the base64 encoded:

tree {sha}
parent {sha}
author {name email datetime tz}
committer {name email datetime tz}
gpgsign {PGP sig}

{commit message}

At least to my understanding.

I did some digging this morning as well and agree, the signature is stored inside the object itself which we _could_ create without git on the client. But even then there is no method via the Gitea API that I can find to add and object to the tree, so maybe I will open an issue with Gitea. If we had such an API endpoint it would just be the base64 encoded: ``` tree {sha} parent {sha} author {name email datetime tz} committer {name email datetime tz} gpgsign {PGP sig} {commit message} ``` At least to my understanding.
6543 added the
🪜 Upstream
label 1 year ago
Sign in to join this conversation.
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: gitnex/GitNex#898
Loading…
There is no content yet.