Gitea does not sign a CRUD_ACTIONS commit when setting is `CRUD_ACTIONS = pubkey` and user has only SSH pubkey (instead of GPG)

[rebeccan]

Hi,

I have noticed the behaviour, that Gitea does not sign a CRUD_ACTIONS commit (in this case cherry pick from web UI).

The setting I used was CRUD_ACTIONS = pubkey. According to the docs: "Only sign if the user has a public key". The user I tested with has a public key uploaded, but it is of type SSH and none of type GPG.

Affected line of code:

gitea/services/asymkey/sign.go

Line 269 in f74a136

keys, err := db.Find[asymkey_model.GPGKey](ctx, asymkey_model.FindGPGKeyOptions{

We use Gitea Version: 1.23.8

I assume that it was forgotten to check SSH pubkeys as well. Or is that behaviour intentional?

Steps to reproduce:

1. Gitea setting CRUD_ACTIONS = pubkey
2. Log into Gitea UI with user that has an SSH pubkey but no GPG pubkey
3. Cherry pick a commit over the UI

Expected Result: The new commit is signed by Gitea.
Actual Result: The new commit is unsigned.

[wxiaoguang]

IIRC the feature is in 1.25 Improve instance wide ssh commit signing #34341

You can try it here (main nightly, but not 1.24):

• https://dl.gitea.com/gitea/main-nightly/
• https://hub.docker.com/r/gitea/gitea/tags?name=nightly

[rebeccan]

Hi, thank you for the response! I will test it with version 1.25 when it is released. Should we close the issue for now or leave it open until I can confirm it is solved?

[wxiaoguang]

I think it can be closed.

Feel free to reopen if there would be any problem. Thank you.