Is your feature request related to a problem? Please describe.
Currently, git-proxy has no mechanism to verify that commits are cryptographically signed. Organizations may wish to mandate that all commits be signed with GPG or SSH keys to ensure authenticity and non-repudiation. This can be a simple access control check where keys are only signed for approved committers.
The commit parsing logic already extracts the gpgsig header from commit objects (visible in parsePush), but this data is not validated.
Describe the solution you'd like
A new processor (checkCommitSignatures or similar) that:
- Requires commits to be signed - Block unsigned commits
- Verifies signatures are valid - Use
gpg --verify or equivalent to validate the signature
- Optionally validates against a trusted keyring - Only accept signatures from pre-approved keys
example configuration
{
"commitConfig": {
"signature": {
"required": true,
"verifySignature": true,
"trustedKeys": [
"ABCD1234EFGH5678",
"fingerprint:SHA256:..."
],
"allowSSHSignatures": true
}
}
}Additional context
Related: #62
Is your feature request related to a problem? Please describe.
Currently, git-proxy has no mechanism to verify that commits are cryptographically signed. Organizations may wish to mandate that all commits be signed with GPG or SSH keys to ensure authenticity and non-repudiation. This can be a simple access control check where keys are only signed for approved committers.
The commit parsing logic already extracts the
gpgsigheader from commit objects (visible in parsePush), but this data is not validated.Describe the solution you'd like
A new processor (
checkCommitSignaturesor similar) that:gpg --verifyor equivalent to validate the signatureexample configuration
{ "commitConfig": { "signature": { "required": true, "verifySignature": true, "trustedKeys": [ "ABCD1234EFGH5678", "fingerprint:SHA256:..." ], "allowSSHSignatures": true } } }Additional context
Related: #62