Gitea: Unable to add GPG key with extra emails

Created on 21 Jul 2017 · 6Comments · Source: go-gitea/gitea

Gitea version (or commit ref): dde0052 (via docker image)
Git version: 2.13.3
Operating system: Archlinux
Database (use [x]):
- [ ] PostgreSQL
- [X] MySQL (mariadb)
- [ ] MSSQL
- [ ] SQLite
Can you reproduce the bug at https://try.gitea.io:
- [X] Yes (provide example URL)
- [ ] No
- [ ] Not relevant
Log gist: (couldn't see anything interesting in the log)

Description

I have a self hosted copy of gitea running, and can't add my gpg key to it - I get the following error (emails redacted):

The email attached to the GPG key couldn't be found or is not confirmed yet: [email protected]

My gpg key lists multiple email addresses (eg. [email protected] and [email protected]), and only my primary email address is registered with my gitea account ([email protected]).

I would expect the behaviour should be that it can add the key no worries, since the primary email address in my account is included in that gpg key.

kinbug

Source

swalladge

All 6 comments

Add your other email addresses on profile settings?

lunny on 21 Jul 2017

@lunny I guess, but I was hoping I wouldn't have to do that... :\

swalladge on 21 Jul 2017

From security point of view all email addresses need to be verified to be able to add GPG key with multiple email addresses as otherwise one could create GPG with his own and other users email address and sign commits in his name and they will be shown as verified.

lafriks on 21 Jul 2017

@lafriks why does Github allow that though? Maybe Gitea should at least allow adding the GPG key, but only display verified if the commit email address is both on the key and verified with your gitea account?

swalladge on 22 Jul 2017

👍1

I will have a look at it and do improvement on GPG part this week-end.