03daf49a1f171ae95c2324753bc736a7b40162cf
howto/Registry-Authentication.md
| ... | ... | @@ -11,13 +11,13 @@ The signature and verification process varies depending on the type of public ke |
| 11 | 11 | *Tip: Add your GPG or SSH key to your account in gitea, doing so enables gitea to automatically check your signature when you sign the commit* |
| 12 | 12 | |
| 13 | 13 | ### When using a GPG/PGP Key |
| 14 | -1) **Sign the commit using git** - this is the best option as the signature is recorded directly in the git log |
|
| 15 | -2) Sign using `gpg --clearsign` and provide the signature in the PR comments - only do this if you absolutely cannot sign the commit in git |
|
| 14 | +1. **Sign the commit using git** - this is the best option as the signature is recorded directly in the git log |
|
| 15 | +2. Sign using `gpg --clearsign` and provide the signature in the PR comments - only do this if you absolutely cannot sign the commit in git |
|
| 16 | 16 | |
| 17 | 17 | ### When using an SSH key |
| 18 | -1) **Sign the commit using git** - git >= 2.34.0 can now sign commits using ssh keys, this is the best option if you able to do so |
|
| 19 | -2) Use the `sign-my-commit` script in the registry - the script adds your signature in a format that allows for automated checking |
|
| 20 | -3) Manually provide a signature in the PR comments using one of the methods detailed below - only do this if you can't sign using git or with the included script |
|
| 18 | +1. **Sign the commit using git** - git >= 2.34.0 can now sign commits using ssh keys, this is the best option if you able to do so |
|
| 19 | +2. Use the `sign-my-commit` script in the registry - the script adds your signature in a format that allows for automated checking |
|
| 20 | +3. Manually provide a signature in the PR comments using one of the methods detailed below - only do this if you can't sign using git or with the included script |
|
| 21 | 21 | |
| 22 | 22 | The sections below provide detailed instructions for each of the auth methods. |
| 23 | 23 | |
| ... | ... | @@ -43,9 +43,9 @@ In this case the full commit hash is `6e2e9ac540e2e4e3c3a135ad90c8575bb8fa1784` |
| 43 | 43 | To verify your key, the registry maintainers need to be able to find your full public key. |
| 44 | 44 | There are three options for doing this. but you only need to do **one** of these: |
| 45 | 45 | |
| 46 | - 1) **Add your public key to your account in gitea** - this is the best option as gitea will automatically check your signature |
|
| 47 | - 2) Upload your key to a public key server |
|
| 48 | - 3) Create a `key-cert` object in the registry containing your public key |
|
| 46 | + 1. **Add your public key to your account in gitea** - this is the best option as gitea will automatically check your signature |
|
| 47 | + 2. Upload your key to a public key server |
|
| 48 | + 3. Create a `key-cert` object in the registry containing your public key |
|
| 49 | 49 | |
| 50 | 50 | ### `auth` attribute format, when your public key is in gitea or a public keyserver |
| 51 | 51 | |
| ... | ... | @@ -94,13 +94,13 @@ Older versions of git and ssh don't support generic ssh signing so there are mul |
| 94 | 94 | |
| 95 | 95 | In preference order: |
| 96 | 96 | |
| 97 | -1) **Sign using git** |
|
| 98 | -2) Sign using the included `sign-my-commit` script |
|
| 97 | +1. **Sign using git** |
|
| 98 | +2. Sign using the included `sign-my-commit` script |
|
| 99 | 99 | |
| 100 | 100 | If you cannot get the above to work you may also: |
| 101 | 101 | |
| 102 | -3) Manually sign using the generic ssh-keygen method |
|
| 103 | -4) Manual sign using specific methods for rsa or ecdsa |
|
| 102 | +3. Manually sign using the generic ssh-keygen method |
|
| 103 | +4. Manual sign using specific methods for rsa or ecdsa |
|
| 104 | 104 | |
| 105 | 105 | ### `auth` attribute format when using an ssh key |
| 106 | 106 |