From 58b1f6055610ce4ca17d56b7108204af0d4a6b89 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Thu, 10 Aug 2017 09:04:29 +0300 Subject: Change GPG docs location --- app/views/profiles/gpg_keys/index.html.haml | 2 +- .../projects/commit/_signature_badge.html.haml | 2 +- doc/README.md | 2 +- .../img/profile_settings_gpg_keys.png | Bin 0 -> 32699 bytes .../img/profile_settings_gpg_keys_paste_pub.png | Bin 0 -> 24514 bytes .../img/profile_settings_gpg_keys_single_key.png | Bin 0 -> 10331 bytes .../img/project_signed_and_unsigned_commits.png | Bin 0 -> 112812 bytes .../project_signed_commit_unverified_signature.png | Bin 0 -> 9542 bytes .../project_signed_commit_verified_signature.png | Bin 0 -> 14029 bytes doc/user/project/gpg_signed_commits/index.md | 84 ++++++++++++++++++++ .../img/profile_settings_gpg_keys.png | Bin 32699 -> 0 bytes .../img/profile_settings_gpg_keys_paste_pub.png | Bin 24514 -> 0 bytes .../img/profile_settings_gpg_keys_single_key.png | Bin 10331 -> 0 bytes .../img/project_signed_and_unsigned_commits.png | Bin 112812 -> 0 bytes .../project_signed_commit_unverified_signature.png | Bin 9542 -> 0 bytes .../project_signed_commit_verified_signature.png | Bin 14029 -> 0 bytes doc/workflow/gpg_signed_commits/index.md | 85 +-------------------- 17 files changed, 88 insertions(+), 87 deletions(-) create mode 100644 doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys.png create mode 100644 doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys_paste_pub.png create mode 100644 doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys_single_key.png create mode 100644 doc/user/project/gpg_signed_commits/img/project_signed_and_unsigned_commits.png create mode 100644 doc/user/project/gpg_signed_commits/img/project_signed_commit_unverified_signature.png create mode 100644 doc/user/project/gpg_signed_commits/img/project_signed_commit_verified_signature.png create mode 100644 doc/user/project/gpg_signed_commits/index.md delete mode 100644 doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys.png delete mode 100644 doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys_paste_pub.png delete mode 100644 doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys_single_key.png delete mode 100644 doc/workflow/gpg_signed_commits/img/project_signed_and_unsigned_commits.png delete mode 100644 doc/workflow/gpg_signed_commits/img/project_signed_commit_unverified_signature.png delete mode 100644 doc/workflow/gpg_signed_commits/img/project_signed_commit_verified_signature.png diff --git a/app/views/profiles/gpg_keys/index.html.haml b/app/views/profiles/gpg_keys/index.html.haml index 8331daeeb75..720a97cddb7 100644 --- a/app/views/profiles/gpg_keys/index.html.haml +++ b/app/views/profiles/gpg_keys/index.html.haml @@ -12,7 +12,7 @@ Add a GPG key %p.profile-settings-content Before you can add a GPG key you need to - = link_to 'generate it.', help_page_path('workflow/gpg_signed_commits/index.md') + = link_to 'generate it.', help_page_path('user/project/gpg_signed_commits/index.md') = render 'form' %hr %h5 diff --git a/app/views/projects/commit/_signature_badge.html.haml b/app/views/projects/commit/_signature_badge.html.haml index 66f00eb5507..a3783b31b86 100644 --- a/app/views/projects/commit/_signature_badge.html.haml +++ b/app/views/projects/commit/_signature_badge.html.haml @@ -12,7 +12,7 @@ %span.monospace= signature.gpg_key_primary_keyid - = link_to('Learn more about signing commits', help_page_path('workflow/gpg_signed_commits/index.md'), class: 'gpg-popover-help-link') + = link_to('Learn more about signing commits', help_page_path('user/project/gpg_signed_commits/index.md'), class: 'gpg-popover-help-link') %button{ class: css_classes, data: { toggle: 'popover', html: 'true', placement: 'auto top', title: title, content: content } } = label diff --git a/doc/README.md b/doc/README.md index ca4790ceda0..740af556d9d 100644 --- a/doc/README.md +++ b/doc/README.md @@ -91,7 +91,7 @@ Manage your [repositories](user/project/repository/index.md) from the UI (user i - [Git](topics/git/index.md): Getting started with Git, branching strategies, Git LFS, advanced use. - [Git cheatsheet](https://gitlab.com/gitlab-com/marketing/raw/master/design/print/git-cheatsheet/print-pdf/git-cheatsheet.pdf): Download a PDF describing the most used Git operations. - [GitLab Flow](workflow/gitlab_flow.md): explore the best of Git with the GitLab Flow strategy. -- [Signing commits](workflow/gpg_signed_commits/index.md): use GPG to sign your commits. +- [Signing commits](user/project/gpg_signed_commits/index.md): use GPG to sign your commits. ### Migrate and import your projects from other platforms diff --git a/doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys.png b/doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys.png new file mode 100644 index 00000000000..e525083918b Binary files /dev/null and b/doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys.png differ diff --git a/doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys_paste_pub.png b/doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys_paste_pub.png new file mode 100644 index 00000000000..8e26d98f1b0 Binary files /dev/null and b/doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys_paste_pub.png differ diff --git a/doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys_single_key.png b/doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys_single_key.png new file mode 100644 index 00000000000..f715c46adc3 Binary files /dev/null and b/doc/user/project/gpg_signed_commits/img/profile_settings_gpg_keys_single_key.png differ diff --git a/doc/user/project/gpg_signed_commits/img/project_signed_and_unsigned_commits.png b/doc/user/project/gpg_signed_commits/img/project_signed_and_unsigned_commits.png new file mode 100644 index 00000000000..16ec2d031ae Binary files /dev/null and b/doc/user/project/gpg_signed_commits/img/project_signed_and_unsigned_commits.png differ diff --git a/doc/user/project/gpg_signed_commits/img/project_signed_commit_unverified_signature.png b/doc/user/project/gpg_signed_commits/img/project_signed_commit_unverified_signature.png new file mode 100644 index 00000000000..22565cf7c7e Binary files /dev/null and b/doc/user/project/gpg_signed_commits/img/project_signed_commit_unverified_signature.png differ diff --git a/doc/user/project/gpg_signed_commits/img/project_signed_commit_verified_signature.png b/doc/user/project/gpg_signed_commits/img/project_signed_commit_verified_signature.png new file mode 100644 index 00000000000..1778b2ddf2b Binary files /dev/null and b/doc/user/project/gpg_signed_commits/img/project_signed_commit_verified_signature.png differ diff --git a/doc/user/project/gpg_signed_commits/index.md b/doc/user/project/gpg_signed_commits/index.md new file mode 100644 index 00000000000..7d5762d2b9d --- /dev/null +++ b/doc/user/project/gpg_signed_commits/index.md @@ -0,0 +1,84 @@ +# Signing commits with GPG + +## Getting started + +- [Git Tools - Signing Your Work](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work) +- [Git Tools - Signing Your Work: GPG introduction](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work#_gpg_introduction) +- [Git Tools - Signing Your Work: Signing commits](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work#_signing_commits) + +## How GitLab handles GPG + +GitLab uses its own keyring to verify the GPG signature. It does not access any +public key server. + +In order to have a commit verified on GitLab the corresponding public key needs +to be uploaded to GitLab. + +For a signature to be verified two prerequisites need to be met: + +1. The public key needs to be added to GitLab +1. One of the emails in the GPG key matches your **primary** email + +## Add a GPG key + +1. On the upper right corner, click on your avatar and go to your **Settings**. + + ![Settings dropdown](../../gitlab-basics/img/profile_settings.png) + +1. Navigate to the **GPG keys** tab. + + ![GPG Keys](img/profile_settings_gpg_keys.png) + +1. Paste your **public** key in the 'Key' box. + + ![Paste GPG public key](img/profile_settings_gpg_keys_paste_pub.png) + +1. Finally, click on **Add key** to add it to GitLab. You will be able to see + its fingerprint, the corresponding email address and creation date. + + ![GPG key single page](img/profile_settings_gpg_keys_single_key.png) + +>**Note:** +Once you add a key, you cannot edit it, only remove it. In case the paste +didn't work, you will have to remove the offending key and re-add it. + +## Remove a GPG key + +1. On the upper right corner, click on your avatar and go to your **Settings**. + +1. Navigate to the **GPG keys** tab. + +1. Click on the trash icon besides the GPG key you want to delete. + +>**Note:** +Removing a key **does not unverify** already signed commits. Commits that were +verified by using this key will stay verified. Only unpushed commits will stay +unverified once you remove this key. + +## Revoke a GPG key + +1. On the upper right corner, click on your avatar and go to your **Settings**. + +1. Navigate to the **GPG keys** tab. + +1. Click on **Revoke** besides the GPG key you want to delete. + +>**Note:** +Revoking a key **unverifies** already signed commits. Commits that were +verified by using this key will change to an unverified state. Future commits +will also stay unverified once you revoke this key. This action should be used +in case your key has been compromised. + +## Verifying commits + +1. Within a project navigate to the **Commits** tag. Signed commits will show a + badge containing either "Verified" or "Unverified", depending on the + verification status of the GPG signature. + + ![Signed and unsigned commits](img/project_signed_and_unsigned_commits.png) + +1. By clicking on the GPG badge details of the signature are displayed. + + ![Signed commit with verified signature](img/project_signed_commit_verified_signature.png) + + ![Signed commit with verified signature](img/project_signed_commit_unverified_signature.png) diff --git a/doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys.png b/doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys.png deleted file mode 100644 index e525083918b..00000000000 Binary files a/doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys.png and /dev/null differ diff --git a/doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys_paste_pub.png b/doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys_paste_pub.png deleted file mode 100644 index 8e26d98f1b0..00000000000 Binary files a/doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys_paste_pub.png and /dev/null differ diff --git a/doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys_single_key.png b/doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys_single_key.png deleted file mode 100644 index f715c46adc3..00000000000 Binary files a/doc/workflow/gpg_signed_commits/img/profile_settings_gpg_keys_single_key.png and /dev/null differ diff --git a/doc/workflow/gpg_signed_commits/img/project_signed_and_unsigned_commits.png b/doc/workflow/gpg_signed_commits/img/project_signed_and_unsigned_commits.png deleted file mode 100644 index 16ec2d031ae..00000000000 Binary files a/doc/workflow/gpg_signed_commits/img/project_signed_and_unsigned_commits.png and /dev/null differ diff --git a/doc/workflow/gpg_signed_commits/img/project_signed_commit_unverified_signature.png b/doc/workflow/gpg_signed_commits/img/project_signed_commit_unverified_signature.png deleted file mode 100644 index 22565cf7c7e..00000000000 Binary files a/doc/workflow/gpg_signed_commits/img/project_signed_commit_unverified_signature.png and /dev/null differ diff --git a/doc/workflow/gpg_signed_commits/img/project_signed_commit_verified_signature.png b/doc/workflow/gpg_signed_commits/img/project_signed_commit_verified_signature.png deleted file mode 100644 index 1778b2ddf2b..00000000000 Binary files a/doc/workflow/gpg_signed_commits/img/project_signed_commit_verified_signature.png and /dev/null differ diff --git a/doc/workflow/gpg_signed_commits/index.md b/doc/workflow/gpg_signed_commits/index.md index 7d5762d2b9d..cf1c240fc6b 100644 --- a/doc/workflow/gpg_signed_commits/index.md +++ b/doc/workflow/gpg_signed_commits/index.md @@ -1,84 +1 @@ -# Signing commits with GPG - -## Getting started - -- [Git Tools - Signing Your Work](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work) -- [Git Tools - Signing Your Work: GPG introduction](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work#_gpg_introduction) -- [Git Tools - Signing Your Work: Signing commits](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work#_signing_commits) - -## How GitLab handles GPG - -GitLab uses its own keyring to verify the GPG signature. It does not access any -public key server. - -In order to have a commit verified on GitLab the corresponding public key needs -to be uploaded to GitLab. - -For a signature to be verified two prerequisites need to be met: - -1. The public key needs to be added to GitLab -1. One of the emails in the GPG key matches your **primary** email - -## Add a GPG key - -1. On the upper right corner, click on your avatar and go to your **Settings**. - - ![Settings dropdown](../../gitlab-basics/img/profile_settings.png) - -1. Navigate to the **GPG keys** tab. - - ![GPG Keys](img/profile_settings_gpg_keys.png) - -1. Paste your **public** key in the 'Key' box. - - ![Paste GPG public key](img/profile_settings_gpg_keys_paste_pub.png) - -1. Finally, click on **Add key** to add it to GitLab. You will be able to see - its fingerprint, the corresponding email address and creation date. - - ![GPG key single page](img/profile_settings_gpg_keys_single_key.png) - ->**Note:** -Once you add a key, you cannot edit it, only remove it. In case the paste -didn't work, you will have to remove the offending key and re-add it. - -## Remove a GPG key - -1. On the upper right corner, click on your avatar and go to your **Settings**. - -1. Navigate to the **GPG keys** tab. - -1. Click on the trash icon besides the GPG key you want to delete. - ->**Note:** -Removing a key **does not unverify** already signed commits. Commits that were -verified by using this key will stay verified. Only unpushed commits will stay -unverified once you remove this key. - -## Revoke a GPG key - -1. On the upper right corner, click on your avatar and go to your **Settings**. - -1. Navigate to the **GPG keys** tab. - -1. Click on **Revoke** besides the GPG key you want to delete. - ->**Note:** -Revoking a key **unverifies** already signed commits. Commits that were -verified by using this key will change to an unverified state. Future commits -will also stay unverified once you revoke this key. This action should be used -in case your key has been compromised. - -## Verifying commits - -1. Within a project navigate to the **Commits** tag. Signed commits will show a - badge containing either "Verified" or "Unverified", depending on the - verification status of the GPG signature. - - ![Signed and unsigned commits](img/project_signed_and_unsigned_commits.png) - -1. By clicking on the GPG badge details of the signature are displayed. - - ![Signed commit with verified signature](img/project_signed_commit_verified_signature.png) - - ![Signed commit with verified signature](img/project_signed_commit_unverified_signature.png) +This document was moved to [another location](../../user/project/gpg_signed_commits/index.md). -- cgit v1.2.1