gitea/helm-chart
45
55
Fork 125
Code Issues 32 Pull Requests 8 Actions Releases 87 Activity

Customizable .gnupg folder location #186

Merged
techknowlogick merged 3 commits from justusbunsi/helm-chart:persistent-signing-keys-in-rootless into master 2021-06-29 19:23:32 +00:00
Conversation 1 Commits 3 Files Changed 3 +19
justusbunsi commented 2021-06-26 09:10:27 +00:00
Member
Copy Link

The HOME path is not persistent when using the rootless image, so the
.gnupg folder isn't either. Since the chart always used /data/... as
mount point for storage of all kinds, it is a minimal impact to just
relocate the dynamic $HOME/.gnupg folder location to the persistent
/data/git/.gnupg. This is where the signing keys are stored when
running root based environments. Doing so will

  • allow migrations between both image variants
  • persist signing keys for rootless environments

Fixes: #155

The `HOME` path is not persistent when using the rootless image, so the `.gnupg` folder isn't either. Since the chart always used `/data/...` as mount point for storage of all kinds, it is a minimal impact to just relocate the dynamic `$HOME/.gnupg` folder location to the persistent `/data/git/.gnupg`. This is where the signing keys are stored when running root based environments. Doing so will - allow migrations between both image variants - persist signing keys for rootless environments Fixes: #155
justusbunsi added 1 commit 2021-06-26 09:10:28 +00:00
Standardize .gnupg folder location 
The `HOME` path is not persistent when using the rootless image, so the
`.gnupg` folder isn't either. Since the chart always used `/data/...` as
mount point for storage of all kinds, it is a minimal impact to just
relocate the dynamic `$HOME/.gnupg` folder location to the persistent
`/data/git/.gnupg`. This is where the signing keys are stored when
running root based environments. Doing so will

 - allow migrations between both image variants
 - persist signing keys for rootless environments

Fixes: #155
All checks were successful
continuous-integration/drone/pr Build is passing
Details
1b3cc64953
justusbunsi added the
kind
bug
 label 2021-06-26 09:12:10 +00:00
luhahn reviewed 2021-06-28 08:11:12 +00:00
luhahn left a comment
Member
Copy Link

I thi

I thi
templates/gitea/statefulset.yaml
@ -121,2 +121,4 @@
- name: TMPDIR
value: /tmp/gitea
- name: GNUPGHOME
value: /data/git/.gnupg
luhahn commented 2021-06-28 08:11:08 +00:00
Member
Copy Link

It might be better, if we're going to set the GNUPGHOME via values.
If, for example, someone already has the keys imported to the default location, they will most likely get an error when using the new default.

By providing this via values, they would be able to configure it by hand (If neccessary).

It might be better, if we're going to set the GNUPGHOME via values. If, for example, someone already has the keys imported to the default location, they will most likely get an error when using the new default. By providing this via values, they would be able to configure it by hand (If neccessary).
justusbunsi commented 2021-06-28 19:29:15 +00:00
Author
Member
Copy Link

Good catch.

Good catch.
justusbunsi marked this conversation as resolved
justusbunsi added 1 commit 2021-06-28 19:27:04 +00:00
Introduce new signing configuration object 
To allow customizing the path for stored signing keys (and potentially
other options), a new section in `values.yaml` got introduced.
All checks were successful
continuous-integration/drone/pr Build is passing
Details
fa9a02b6af
justusbunsi commented 2021-06-28 19:29:49 +00:00
Author
Member
Copy Link

I've added a new signing configuration object in values.yaml to allow customization and wrote a small section in the docs.

I've added a new `signing` configuration object in `values.yaml` to allow customization and wrote a small section in the docs.
luhahn approved these changes 2021-06-29 07:30:55 +00:00
justusbunsi changed title from Standardize .gnupg folder location to Customizable .gnupg folder location 2021-06-29 10:41:09 +00:00
techknowlogick approved these changes 2021-06-29 19:23:17 +00:00
techknowlogick added 1 commit 2021-06-29 19:23:23 +00:00
Merge branch 'master' into persistent-signing-keys-in-rootless
All checks were successful
continuous-integration/drone/pr Build is passing
Details
e08e3cf526
techknowlogick merged commit 7a3515c2f2 into master 2021-06-29 19:23:32 +00:00
justusbunsi deleted branch persistent-signing-keys-in-rootless 2021-06-29 19:29:47 +00:00
justusbunsi added this to the Release 4.0.0 milestone 2021-06-30 10:15:04 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
luhahn
techknowlogick
Labels
Clear labels   
has
backport

  
in progress

   
invalid
  
kind
breaking

  
kind
bug

  
kind
build

  
kind
dependency

  
kind
deployment

  
kind
docs

  
kind
enhancement

  
kind
feature

  
kind
lint

  
kind
proposal

  
kind
question

  
kind
refactor

  
kind
security

  
kind
testing

  
kind
translation

  
kind
ui

  
need
backport

  
priority
critical

  
priority
low

  
priority
maybe

  
priority
medium

  
reviewed
duplicate

  
reviewed
invalid

  
reviewed
wontfix

  
skip-changelog
  
status
blocked

  
status
needs-feedback

  
status
needs-reviews

  
status
wip

  
upstream
gitea

  
upstream
other

No Label
has
backport
in progress
invalid
kind
breaking
kind
bug
kind
build
kind
dependency
kind
deployment
kind
docs
kind
enhancement
kind
feature
kind
lint
kind
proposal
kind
question
kind
refactor
kind
security
kind
testing
kind
translation
kind
ui
need
backport
priority
critical
priority
low
priority
maybe
priority
medium
reviewed
duplicate
reviewed
invalid
reviewed
wontfix
skip-changelog
status
blocked
status
needs-feedback
status
needs-reviews
status
wip
upstream
gitea
upstream
other
Milestone
Clear milestone
No items
No Milestone
Release 4.0.0
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitea/helm-chart#186
No description provided.
Delete Branch "justusbunsi/helm-chart:persistent-signing-keys-in-rootless"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?