summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/api/users.md4
-rw-r--r--doc/development/contributing/style_guides.md2
-rw-r--r--doc/user/clusters/applications.md2
-rw-r--r--doc/user/project/repository/x509_signed_commits/index.md100
4 files changed, 106 insertions, 2 deletions
diff --git a/doc/api/users.md b/doc/api/users.md
index e147637ca59..52614a09b70 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -385,6 +385,8 @@ Parameters:
- `skip_confirmation` (optional) - Skip confirmation - true or false (default)
- `external` (optional) - Flags the user as external - true or false (default)
- `avatar` (optional) - Image file for user's avatar
+- `theme_id` (optional) - The GitLab theme for the user (see [the user preference docs](../user/profile/preferences.md#navigation-theme) for more information)
+- `color_scheme_id` (optional) - User's color scheme for the file viewer (see [the user preference docs](../user/profile/preferences.md#syntax-highlighting-theme) for more information)
- `private_profile` (optional) - User's profile is private - true, false (default), or null (will be converted to false)
- `shared_runners_minutes_limit` (optional) - Pipeline minutes quota for this user **(STARTER)**
- `extra_shared_runners_minutes_limit` (optional) - Extra pipeline minutes quota for this user **(STARTER)**
@@ -423,6 +425,8 @@ Parameters:
- `shared_runners_minutes_limit` (optional) - Pipeline minutes quota for this user
- `extra_shared_runners_minutes_limit` (optional) - Extra pipeline minutes quota for this user
- `avatar` (optional) - Image file for user's avatar
+- `theme_id` (optional) - The GitLab theme for the user (see [the user preference docs](../user/profile/preferences.md#navigation-theme) for more information)
+- `color_scheme_id` (optional) - User's color scheme for the file viewer (see [the user preference docs](../user/profile/preferences.md#syntax-highlighting-theme) for more information)
- `private_profile` (optional) - User's profile is private - true, false (default), or null (will be converted to false)
- `shared_runners_minutes_limit` (optional) - Pipeline minutes quota for this user **(STARTER)**
- `extra_shared_runners_minutes_limit` (optional) - Extra pipeline minutes quota for this user **(STARTER)**
diff --git a/doc/development/contributing/style_guides.md b/doc/development/contributing/style_guides.md
index 022c40a9d1b..873d90dcf79 100644
--- a/doc/development/contributing/style_guides.md
+++ b/doc/development/contributing/style_guides.md
@@ -30,7 +30,7 @@ Our codebase style is defined and enforced by [RuboCop](https://github.com/ruboc
You can check for any offenses locally with `bundle exec rubocop --parallel`.
On the CI, this is automatically checked by the `static-analysis` jobs.
-For RuboCop rules that we have not taken a decision yet, we follow the
+For RuboCop rules that we have not taken a decision on yet, we follow the
[Ruby Style Guide](https://github.com/rubocop-hq/ruby-style-guide),
[Rails Style Guide](https://github.com/rubocop-hq/rails-style-guide), and
[RSpec Style Guide](https://github.com/rubocop-hq/rspec-style-guide) as general
diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md
index 89ca40bfbb1..20aa6648c65 100644
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -437,7 +437,7 @@ Filebeat will run as a DaemonSet on each node in your cluster, and it will ship
GitLab will then connect to Elasticsearch for logs instead of the Kubernetes API,
and you will have access to more advanced querying capabilities.
-Log data is automatically deleted after 15 days using [Curator](https://www.elastic.co/guide/en/elasticsearch/client/curator/5.5/about.html).
+Log data is automatically deleted after 30 days using [Curator](https://www.elastic.co/guide/en/elasticsearch/client/curator/5.5/about.html).
To enable log shipping, install Elastic Stack into the cluster with the **Install** button.
diff --git a/doc/user/project/repository/x509_signed_commits/index.md b/doc/user/project/repository/x509_signed_commits/index.md
new file mode 100644
index 00000000000..421c2f60350
--- /dev/null
+++ b/doc/user/project/repository/x509_signed_commits/index.md
@@ -0,0 +1,100 @@
+---
+type: concepts, howto
+---
+
+# Signing commits with x509
+
+[x509](https://en.wikipedia.org/wiki/X.509) is a standard format for public key
+certificates issued by a public or private Public Key Infrastructure (PKI).
+Personal x509 certificates are used for authentication or signing purposes
+such as SMIME, but beside that, Git supports signing of commits and tags
+with x509 certificates in a similar way as with [GPG](../gpg_signed_commits/index.md).
+The main difference is the trust anchor which is the PKI for x509 certificates
+instead of a web of trust with GPG.
+
+## How GitLab handles x509
+
+GitLab uses its own certificate store and therefore defines the trust chain.
+
+For a commit to be *verified* by GitLab:
+
+- The signing certificate email must match a verified email address used by the committer in GitLab.
+- The Certificate Authority has to be trusted by the GitLab instance, see also
+ [Omnibus install custom public certificates](https://docs.gitlab.com/omnibus/settings/ssl.html#install-custom-public-certificates).
+- The signing time has to be within the time range of the [certificate validity](https://www.rfc-editor.org/rfc/rfc5280.html#section-4.1.2.5)
+ which is usually up to three years.
+- The signing time is equal or later then commit time.
+
+NOTE: **Note:** There is no certificate revocation list check in place at the moment.
+
+## Obtaining an x509 key pair
+
+If your organization has Public Key Infrastructure (PKI), that PKI will provide
+an S/MIME key.
+
+If you do not have an S/MIME key pair from a PKI, you can either create your
+own self-signed one, or purchase one. MozillaZine keeps a nice collection
+of [S/MIME-capable signing authorities](http://kb.mozillazine.org/Getting_an_SMIME_certificate)
+and some of them generate keys for free.
+
+## Associating your x509 certificate with Git
+
+To take advantage of X509 signing, you will need Git 2.19.0 or later. You can
+check your Git version with:
+
+```sh
+git --version
+```
+
+If you have the correct version, you can proceed to configure Git.
+
+### Linux
+
+Configure Git to use your key for signing:
+
+```sh
+signingkey = $( gpgsm --list-secret-keys | egrep '(key usage|ID)' | grep -B 1 digitalSignature | awk '/ID/ {print $2}' )
+git config --global user.signingkey $signingkey
+git config --global gpg.format x509
+```
+
+### Windows and MacOS
+
+Install [smimesign](https://github.com/github/smimesign) by downloading the
+installer or via `brew install smimesign` on MacOS.
+
+Get the ID of your certificate with `smimesign --list-keys` and set your
+signingkey `git config --global user.signingkey ID`, then configure x509:
+
+```sh
+git config --global gpg.x509.program smimesign
+git config --global gpg.format x509
+```
+
+## Signing commits
+
+After you have [associated your x509 certificate with Git](#associating-your-x509-certificate-with-git) you
+can start signing your commits:
+
+1. Commit like you used to, the only difference is the addition of the `-S` flag:
+
+ ```sh
+ git commit -S -m "feat: x509 signed commits"
+ ```
+
+1. Push to GitLab and check that your commits [are verified](#verifying-commits).
+
+If you don't want to type the `-S` flag every time you commit, you can tell Git
+to sign your commits automatically:
+
+```sh
+git config --global commit.gpgsign true
+```
+
+## Verifying commits
+
+To verify that a commit is signed, you can use the `--show-signature` flag:
+
+```sh
+git log --show-signature
+```
View Lorry Controller Status