Customizable .gnupg folder location #186

Merged
techknowlogick merged 3 commits from justusbunsi/helm-chart:persistent-signing-keys-in-rootless into master 1 year ago
Collaborator

The HOME path is not persistent when using the rootless image, so the
.gnupg folder isn't either. Since the chart always used /data/... as
mount point for storage of all kinds, it is a minimal impact to just
relocate the dynamic $HOME/.gnupg folder location to the persistent
/data/git/.gnupg. This is where the signing keys are stored when
running root based environments. Doing so will

  • allow migrations between both image variants
  • persist signing keys for rootless environments

Fixes: #155

The `HOME` path is not persistent when using the rootless image, so the `.gnupg` folder isn't either. Since the chart always used `/data/...` as mount point for storage of all kinds, it is a minimal impact to just relocate the dynamic `$HOME/.gnupg` folder location to the persistent `/data/git/.gnupg`. This is where the signing keys are stored when running root based environments. Doing so will - allow migrations between both image variants - persist signing keys for rootless environments Fixes: #155
justusbunsi added 1 commit 1 year ago
1b3cc64953 Standardize .gnupg folder location
justusbunsi added the
kind/bug
label 1 year ago
luhahn reviewed 1 year ago
luhahn left a comment
Collaborator

I thi

I thi
- name: TMPDIR
value: /tmp/gitea
- name: GNUPGHOME
value: /data/git/.gnupg
luhahn commented 1 year ago
Collaborator

It might be better, if we're going to set the GNUPGHOME via values.
If, for example, someone already has the keys imported to the default location, they will most likely get an error when using the new default.

By providing this via values, they would be able to configure it by hand (If neccessary).

It might be better, if we're going to set the GNUPGHOME via values. If, for example, someone already has the keys imported to the default location, they will most likely get an error when using the new default. By providing this via values, they would be able to configure it by hand (If neccessary).
Poster
Collaborator

Good catch.

Good catch.
justusbunsi marked this conversation as resolved
justusbunsi added 1 commit 1 year ago
fa9a02b6af Introduce new `signing` configuration object
Poster
Collaborator

I've added a new signing configuration object in values.yaml to allow customization and wrote a small section in the docs.

I've added a new `signing` configuration object in `values.yaml` to allow customization and wrote a small section in the docs.
luhahn approved these changes 1 year ago
justusbunsi changed title from Standardize .gnupg folder location to Customizable .gnupg folder location 1 year ago
techknowlogick approved these changes 1 year ago
techknowlogick added 1 commit 1 year ago
techknowlogick merged commit 7a3515c2f2 into master 1 year ago
justusbunsi deleted branch persistent-signing-keys-in-rootless 1 year ago
justusbunsi added this to the Release 4.0.0 milestone 1 year ago

Reviewers

luhahn approved these changes 1 year ago
techknowlogick approved these changes 1 year ago
continuous-integration/drone/pr Build is passing
The pull request has been merged as 7a3515c2f2.
Sign in to join this conversation.
Loading…
There is no content yet.