Add support for ssh commit signing (#17743)

* Add support for ssh commit signing * Split out ssh verification to separate file * Show ssh key fingerprint on commit page * Update sshsig lib * Make sure we verify against correct namespace * Add ssh public key verification via ssh signatures When adding a public ssh key also validate that this user actually owns the key by signing a token with the private key. * Remove some gpg references and make verify key optional * Fix spaces indentation * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update templates/user/settings/keys_ssh.tmpl Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update models/ssh_key_commit_verification.go Co-authored-by: Gusted <williamzijl7@hotmail.com> * Reword ssh/gpg_key_success message * Change Badsignature to NoKeyFound * Add sign/verify tests * Fix upstream api changes to user_model User * Match exact on SSH signature * Fix code review remarks Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-19 06:37:18 +01:00
parent f1e85622da
commit 6fe756dc93
182 changed files with 17554 additions and 15288 deletions
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -90,9 +90,10 @@ func archInit() {
 		osSupportsAVX = isSet(1, eax) && isSet(2, eax)

 		if runtime.GOOS == "darwin" {
-			// Check darwin commpage for AVX512 support. Necessary because:
-			// https://github.com/apple/darwin-xnu/blob/0a798f6738bc1db01281fc08ae024145e84df927/osfmk/i386/fpu.c#L175-L201
-			osSupportsAVX512 = osSupportsAVX && darwinSupportsAVX512()
+			// Darwin doesn't save/restore AVX-512 mask registers correctly across signal handlers.
+			// Since users can't rely on mask register contents, let's not advertise AVX-512 support.
+			// See issue 49233.
+			osSupportsAVX512 = false
 		} else {
 			// Check if OPMASK and ZMM registers have OS support.
 			osSupportsAVX512 = osSupportsAVX && isSet(5, eax) && isSet(6, eax) && isSet(7, eax)
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -26,27 +26,3 @@ TEXT ·xgetbv(SB),NOSPLIT,$0-8
 	MOVL AX, eax+0(FP)
 	MOVL DX, edx+4(FP)
 	RET
-
-// func darwinSupportsAVX512() bool
-TEXT ·darwinSupportsAVX512(SB), NOSPLIT, $0-1
-    MOVB    $0, ret+0(FP) // default to false
-#ifdef GOOS_darwin   // return if not darwin
-#ifdef GOARCH_amd64  // return if not amd64
-// These values from:
-// https://github.com/apple/darwin-xnu/blob/xnu-4570.1.46/osfmk/i386/cpu_capabilities.h
-#define commpage64_base_address         0x00007fffffe00000
-#define commpage64_cpu_capabilities64   (commpage64_base_address+0x010)
-#define commpage64_version              (commpage64_base_address+0x01E)
-#define hasAVX512F                      0x0000004000000000
-    MOVQ    $commpage64_version, BX
-    CMPW    (BX), $13  // cpu_capabilities64 undefined in versions < 13
-    JL      no_avx512
-    MOVQ    $commpage64_cpu_capabilities64, BX
-    MOVQ    $hasAVX512F, CX
-    TESTQ   (BX), CX
-    JZ      no_avx512
-    MOVB    $1, ret+0(FP)
-no_avx512:
-#endif
-#endif
-    RET