Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create command for retrieving user's SSH and GPG key #892

Open
bmeneg opened this issue Mar 7, 2024 · 1 comment
Open

Create command for retrieving user's SSH and GPG key #892

bmeneg opened this issue Mar 7, 2024 · 1 comment
Assignees
@bmeneg

Comments

@bmeneg
Copy link
Collaborator

bmeneg commented Mar 7, 2024
edited

When a user works with signed commits (SSH or GPG key) and wants to verify the keys locally, one must retrieve the public key for the commit's author from GitLab's database and add it to the allowed_signers file (or the file pointed by gpg.ssh.allowedSignersFile git config) and/or the GPG local keyring, enabling the signature verification on git log --show-signatures.

For that, we must use User's API endpoint, which is also available in go-gitlab package.
@bmeneg bmeneg self-assigned this Mar 7, 2024
@bmeneg
Copy link
Collaborator Author

bmeneg commented Mar 7, 2024

At first, we can just print enough information for the user and let one deal with adding that public key to the correct place: "allowed_signers" file in case of SSH signature, and GPG keyring for GPG signature, avoiding system differences, eg. gpg gpg2 gnome-keyring....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bmeneg bmeneg

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bmeneg