github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-22 06:24:14 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Commits which include encoding header fail to verify when otherwise valid #12743

New Issue
Closed
opened 2025-11-02 10:19:37 -06:00 by GiteaMirror · 1 comment
GiteaMirror commented 2025-11-02 10:19:37 -06:00
Owner
Copy Link

Originally created by @logancollins on GitHub (Mar 26, 2024).

Description

Hello! I'm an engineer on the Nova project, an IDE for the Mac. As a tiny bit of context that becomes important later, we use libgit2 for our Git integration.

We received a report that a user who utilizes SSH keys for commit signing was seeing those made in Nova as invalid in Gitea. After some diagnosis, we found that the Git CLI was showing them as valid, but not once pushed to Gitea. We were then able to replicate this same behavior in our testing instance of Gitea 1.21.8.

After looking deeper, it seems that the only difference between commits made with the Git CLI and Nova is that those from Nova/libgit2 include an encoding header in the commit object, set to UTF-8. As far as I've been able to determine, this is the default value from Git's spec, and presumably the Git CLI just never includes it for succinctness. libgit2, however, is including it always.

If we disable inclusion of that header, Gitea will validate the commits just fine, the same as those from the Git CLI.

I am not versed in Go code at all (so please forgive me!) but I think I've traced the issue to somewhere around this chunk of code. I'm guessing that either it's not considering any header name which it doesn't already handle (and thus is dropping them from the payload that is used for validation) or something similar.

If I've glossed over anything important, just let me know, and thank you to the maintainers for your time!

Gitea Version

1.21.8

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

Screenshot 2024-03-26 at 4 39 59 PM

Git Version

2.44.0

Operating System

Linux / Ubuntu in Docker

How are you running Gitea?

We are running the self-installable Gitea instance running in Docker for testing purposes. I am not sure what our reporting user's instance was running in, or whether it was a self-instance or a Cloud / Enterprise instance. If you need, I can have our support team reach out and ask.

Database

SQLite

Originally created by @logancollins on GitHub (Mar 26, 2024). ### Description Hello! I'm an engineer on the [Nova](https://nova.app) project, an IDE for the Mac. As a tiny bit of context that becomes important later, we use [libgit2](http://libgit2.org) for our Git integration. We received a report that a user who utilizes SSH keys for commit signing was seeing those made in Nova as invalid in Gitea. After some diagnosis, we found that the Git CLI was showing them as valid, but not once pushed to Gitea. We were then able to replicate this same behavior in our testing instance of Gitea 1.21.8. After looking deeper, it seems that the only difference between commits made with the Git CLI and Nova is that those from Nova/libgit2 include an `encoding` header in the commit object, set to `UTF-8`. As far as I've been able to determine, this is the default value from Git's spec, and presumably the Git CLI just never includes it for succinctness. libgit2, however, is including it always. If we disable inclusion of that header, Gitea will validate the commits just fine, the same as those from the Git CLI. I am _not versed_ in Go code at all (so please forgive me!) but I think I've traced the issue to somewhere around [this chunk of code](https://github.com/go-gitea/gitea/blob/f47e00d9d3c3bd58b5944a29c4ff5cec0357520a/modules/git/commit_reader.go#L72). I'm guessing that either it's not considering any header name which it doesn't already handle (and thus is dropping them from the payload that is used for validation) or something similar. If I've glossed over anything important, just let me know, and thank you to the maintainers for your time! ### Gitea Version 1.21.8 ### Can you reproduce the bug on the Gitea demo site? Yes ### Log Gist _No response_ ### Screenshots <img width="1326" alt="Screenshot 2024-03-26 at 4 39 59 PM" src="https://github.com/go-gitea/gitea/assets/714246/d3737118-c309-4934-9732-73cfc1686db4"> ### Git Version 2.44.0 ### Operating System Linux / Ubuntu in Docker ### How are you running Gitea? We are running the self-installable Gitea instance running in Docker for testing purposes. I am not sure what our reporting user's instance was running in, or whether it was a self-instance or a Cloud / Enterprise instance. If you need, I can have our support team reach out and ask. ### Database SQLite
GiteaMirror added the type/bug label 2025-11-02 10:19:37 -06:00
GiteaMirror commented 2025-11-02 10:19:39 -06:00
Author
Owner
Copy Link

@KN4CK3R commented on GitHub (Mar 29, 2024):

Fixed in #30174

@KN4CK3R commented on GitHub (Mar 29, 2024): Fixed in #30174
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#12743
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?