Project

General

Profile

Actions

tickets #169426

open

Commit signing for Weblate

Added by juliogonzalezgil about 2 months ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Category:
Weblate
Target version:
-
Start date:
2024-11-06
Due date:
% Done:

100%

Estimated time:

Description

Hello,

https://l10n.opensuse.org/ is not signing the Git commits as of today, which is considered a good practice to ensure that the commit author can be verified (in this case it would be the automation).

This would allow repositories with translations coming from weblate, to enforce commit signing, which is now possible right now. Otherwise it can't be enforced as it's only allowed for everyone or for nobody (otherwise people can't prepare ports that include commits that are not signed, as those from weblate are).

Weblate has this functionality: https://docs.weblate.org/en/latest/admin/config.html#std-setting-WEBLATE_GPG_IDENTITY

It means providing a private key, and adding it to the configuration, and of course then adding the public part to the user submitting to GitHub, Gitlab, etc.

While I understand l10n.opensuse.org is now not managed by openSUSE, maybe you can talk to their administrators?

I sent them a message 3-4 weeks ago via https://l10n.opensuse.org/contact/, but so far I didn't receive feedback (no clue if the form even works, it didn't send me a copy of the message).

Thanks!


Related issues 1 (0 open1 closed)

Related to openSUSE admin - tickets #169993: I need to verify weblate-noreply@opensuse.orgResolved2024-11-15

Actions
Actions #1

Updated by crameleon about 2 months ago

  • Category set to Weblate
  • Assignee set to weblate-admins
  • Private changed from Yes to No
Actions #2

Updated by sbrabec about 2 months ago

The form worked and I read the message.

I read the documentation and checked the options available to the Weblate Hosted admin. It seems that the turning it on needs a higher level of admin privileges that we don't have (edit weblate configuration file).

I just contacted Benjamin Alan Jamie | Weblate benjamin@weblate.org and waiting for the response.

Actions #3

Updated by sbrabec about 2 months ago ยท Edited

Alice Visek via Weblate Care care@weblate.org

Hello Stanislav,

yes, we can change this configuration for you. In order to do this, we need to know, which keys you would like to use. There are two options:

  1. We can generate new keys and share them with you.
  2. We can use your existing key. In such case, you may share the keys into file on this link: https://nextcloud.weblate.org/s/xxxxxxxxxxxxxx Password: xxxxxxxxxx

Which option do you prefer?

Once you let us know, we will be able to change the configuration for you.

Kind regards

Alice
--
Weblate

From: Stanislav Brabec

openSUSE Weblate has never used GPG signing yet for any purpose, so we
don't have any. Please generate a new pair.

Thank you.

Actions #4

Updated by sbrabec about 1 month ago

  • % Done changed from 0 to 60

Benjamin Alan Jamie via Weblate Care
13:23 (3 hours ago)
to: me

Hello Standa,

We have set it up with the e-mail weblate-noreply@opensuse.org, you can find the keys at https://l10n.opensuse.org/keys/.

Kind regards,
Benjamin


Note: I contacted openSUSE mail admin and try to verify this e-mail address at GitHub, so it will be associated with https://github.com/opensuse-i18n

Actions #5

Updated by crameleon about 1 month ago

  • Related to tickets #169993: I need to verify weblate-noreply@opensuse.org added
Actions #6

Updated by sbrabec about 1 month ago

  • % Done changed from 60 to 80

And now weblate-noreply@opensuse.org is a verified e-mail for https://github.com/opensuse-i18n (see https://progress.opensuse.org/issues/169993), so it is properly associated with the GitHub account.

Please test whether it works as expected or there is still some work needed to be done.

Actions #7

Updated by sbrabec about 1 month ago

  • % Done changed from 80 to 100

The key is now deployed to GitHub and commits are verified.

Example: https://github.com/openSUSE/libzypp/commit/9f04c4a7185d9316010f92e9d24ad161c417dea1

Actions

Also available in: Atom PDF