Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/create gpg signatures #1285

Merged
merged 52 commits into from
Aug 12, 2020
Merged

Feature/create gpg signatures #1285

merged 52 commits into from
Aug 12, 2020

Conversation

Pilopa
Copy link
Contributor

@Pilopa Pilopa commented Aug 7, 2020

Proposed changes

PR merges and commits performed through the SCM-Manager UI will now automatically be signed and verified with an automatically generated GPG key pair. Public keys can now be downloaded both from within the signature as well as in the public key management view by clicking on the key id.

Your checklist for this pull request

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

  • PR is well described
  • Related issues linked to PR if existing and labels set
  • Target branch is not master (in most cases develop should bet the target of choice)
  • Code does not conflict with target branch
  • New code is covered with unit tests
  • CHANGELOG.md updated
  • Definition of Done's fulfilled: DoD // UI DoD
  • Documentation updated (only necessary for new features or changed behaviour)

Checklist for branch merge request (not required for forks)

sdorra and others added 30 commits July 20, 2020 15:07
@sdorra
implemented public api for verifying changeset signatures
4210dc0
@sdorra
added public api for resolving public gpg keys
1015445
@sdorra
use child injector pattern for git commands
6e27051 
We are using a Google Guice child injector to reduce the amount of injection dependencies for the GitRepositoryServiceResolver and the GitRepositoryServiceProvider.
@sdorra
introduces GitChangesetConverterFactory
7cb3492 
This change introduces a GitChangesetConverterFactory to allow injections for the GitChangesetConverter.
@sdorra
revisit gpg api and use it with from git plugin
64da676
@sdorra
start implementation of store api
cf1ef3b
@sdorra
fixed npe on build
37f3c15
@sdorra
set since tag for gpg stuff to 2.4.0, rename Signature.key to Signatu…
13326d6 
…re.keyId and added DummyGPG for testing
@eheimbuch
add config form for public keys
4290ca4
@eheimbuch
Merge branch 'develop' into feature/verify_gpg_signatures
ebb6a1f
@eheimbuch
implement default gpg using bouncy castle
0c45cf2
@eheimbuch
show signature key on changeset
b22ead2
@eheimbuch
refactor
3da7710
@eheimbuch
refactor
a1153df
@sdorra
fixes gpg verification
274ce56
@sdorra
adds signature stories to changeset stories
8609a14
@sdorra
fixes some small bugs with signature icon
103edf2
@sdorra
uses id of public key in overview
2763e6e
@sdorra
adds public key link to footer
4112a0b
@sdorra
adds key id to the tooltip, which is shown for unknown keys
f4ab367
@eheimbuch
cleanup
8db0301
@eheimbuch
update documentation
c5bac94
@eheimbuch
update storyshots
2d89d2a
@eheimbuch
update CHANGELOG.md
4768e7a
@Pilopa
wip
08a025b
@Pilopa
implementation and unit tests
7072761
@Pilopa
first functional snapshot with unit test, no frontend changes
0ac8b90
@Pilopa
public gpg key download on management screen
acaf70f
@sdorra
Adds generic popover component to ui-component
e5215bd
@Pilopa
allow key download from signature in changeset view
143d427
sdorra
sdorra requested changes Aug 10, 2020
View reviewed changes
Copy link
Member

@sdorra sdorra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR adds a few exceptions but i do not see any localizations for those.

scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyResource.java Outdated Show resolved Hide resolved
scm-webapp/src/main/java/sonia/scm/security/gpg/PublicKeyStore.java Outdated Show resolved Hide resolved
scm-core/src/main/java/sonia/scm/security/PublicKeyCreatedEvent.java Show resolved Hide resolved
scm-core/src/main/java/sonia/scm/security/PublicKeyCreatedEvent.java Outdated Show resolved Hide resolved
scm-core/src/main/java/sonia/scm/security/PublicKeyDeletedEvent.java Outdated Show resolved Hide resolved
scm-core/src/main/java/sonia/scm/repository/spi/MergeCommandRequest.java Outdated Show resolved Hide resolved
scm-core/src/main/java/sonia/scm/repository/spi/ModifyCommandRequest.java Outdated Show resolved Hide resolved
scm-ui/ui-components/src/repos/changesets/SignatureIcon.tsx Outdated Show resolved Hide resolved
scm-ui/ui-components/src/repos/changesets/Changesets.stories.tsx Show resolved Hide resolved
scm-ui/ui-components/src/repos/changesets/SignatureIcon.tsx Outdated Show resolved Hide resolved
@Pilopa
resolve review findings
0601770
@Pilopa
Merge branch 'develop' into feature/create_gpg_signatures
8576b66 
# Conflicts:
#	CHANGELOG.md
#	scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/GitHookContextProvider.java
#	scm-plugins/scm-git-plugin/src/main/java/sonia/scm/repository/spi/GitLogCommand.java
#	scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/GitReceiveHook.java
@Pilopa
fix merge issues
5a5289f
@Pilopa
fix issue with signature status text color and layout
e942359
@Pilopa
add story and update storyshots
a4d0ff2
@Pilopa Pilopa requested a review from sdorra August 11, 2020 13:30
@sdorra
Copy link
Member

sdorra commented Aug 12, 2020

Please fix the sonarqube warnings.

@Pilopa Pilopa force-pushed the feature/create_gpg_signatures branch from f9c3db1 to a4d0ff2 Compare August 12, 2020 09:34
@Pilopa Pilopa requested a review from sdorra August 12, 2020 11:31
@sonarcloud
Copy link

sonarcloud bot commented Aug 12, 2020

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 1 Code Smell

56.4% 56.4% Coverage
2.0% 2.0% Duplication

@sdorra sdorra merged commit 55aabff into develop Aug 12, 2020
@sdorra sdorra deleted the feature/create_gpg_signatures branch August 12, 2020 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sdorra sdorra Awaiting requested review from sdorra

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Pilopa @sdorra @eheimbuch