diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-04 13:03:25 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-04 13:03:25 +0000 |
commit | 5ee4e9ad1869fca6cc8e5695126d9ca7391dc275 (patch) | |
tree | 710b55ebfeaf86ff0e17c2cf922431d5d1e04d56 /doc/administration | |
parent | 7b81da9dd7775c048776d8b4acd117e022bce3ce (diff) | |
download | gitlab-ce-5ee4e9ad1869fca6cc8e5695126d9ca7391dc275.tar.gz |
Add latest changes from gitlab-org/gitlab@15-4-stable-ee
Diffstat (limited to 'doc/administration')
-rw-r--r-- | doc/administration/gitaly/configure_gitaly.md | 50 | ||||
-rw-r--r-- | doc/administration/gitaly/reference.md | 1 |
2 files changed, 51 insertions, 0 deletions
diff --git a/doc/administration/gitaly/configure_gitaly.md b/doc/administration/gitaly/configure_gitaly.md index ac03c3ffc02..bfd252a9f42 100644 --- a/doc/administration/gitaly/configure_gitaly.md +++ b/doc/administration/gitaly/configure_gitaly.md @@ -1340,3 +1340,53 @@ value = "ignore" key = "receive.fsck.hasDotgit" value = "ignore" ``` + +## Configure commit signing for GitLab UI commits + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/19185) in GitLab 15.4. + +By default, Gitaly doesn't sign commits made using GitLab UI. For example, commits made using: + +- Web editor. +- Web IDE. +- Merge requests. + +You can configure Gitaly to sign commits made using GitLab UI. The commits show as unverified and signed by an unknown user. Support for improvements is +proposed in issue [19185](https://gitlab.com/gitlab-org/gitlab/-/issues/19185). + +**For Omnibus GitLab** + +1. [Create a GPG key](../../user/project/repository/gpg_signed_commits/index.md#create-a-gpg-key) + and export it. For optimal performance, consider using an EdDSA key. + + ```shell + gpg --export-secret-keys <ID> > signing_key.gpg + ``` + +1. On the Gitaly nodes, copy the key into `/etc/gitlab/gitaly/`. +1. Edit `/etc/gitlab/gitlab.rb` and configure `gitaly['gpg_signing_key_path']`: + + ```ruby + gitaly['gpg_signing_key_path'] = "/etc/gitlab/gitaly/signing_key.gpg" + ``` + +1. Save the file and [reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure). + +**For installations from source** + +1. [Create a GPG key](../../user/project/repository/gpg_signed_commits/index.md#create-a-gpg-key) + and export it. For optimal performance, consider using an EdDSA key. + + ```shell + gpg --export-secret-keys <ID> > signing_key.gpg + ``` + +1. On the Gitaly nodes, copy the key into `/etc/gitlab`. +1. Edit `/home/git/gitaly/config.toml` and configure `signing_key`: + + ```toml + [git] + signing_key = "/etc/gitlab/gitaly/signing_key.gpg" + ``` + +1. Save the file and [restart GitLab](../restart_gitlab.md#installations-from-source). diff --git a/doc/administration/gitaly/reference.md b/doc/administration/gitaly/reference.md index 91780ec5661..2542848c7a8 100644 --- a/doc/administration/gitaly/reference.md +++ b/doc/administration/gitaly/reference.md @@ -129,6 +129,7 @@ The following values can be set in the `[git]` section of the configuration file | ---- | ---- | -------- | ----------- | | `bin_path` | string | no | Path to Git binary. If not set, is resolved using `PATH`. | | `catfile_cache_size` | integer | no | Maximum number of cached [cat-file processes](#cat-file-cache). Default is `100`. | +| `signing_key` | string | no | Path to [GPG signing key](configure_gitaly.md#configure-commit-signing-for-gitlab-ui-commits). If not set, Gitaly doesn't sign commits made using the UI. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/19185) in GitLab 15.4. | #### `cat-file` cache |