diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt index 42549c847d..7472820dee 100644 --- a/Documentation/config-gerrit.txt +++ b/Documentation/config-gerrit.txt @@ -1720,6 +1720,16 @@ If unset or empty, the documentation tab will only be shown if `/Documentation/index.html` can be reached by the browser at app load time. +[[gerrit.editGpgKeys]]gerrit.editGpgKeys:: ++ +If enabled and server-side signed push validation is also +link:#receive.enableSignedPush[enabled], enable the +link:rest-api-accounts.html#list-gpg-keys[REST API endpoints] and web UI +for editing GPG keys. If disabled, GPG keys can only be added by +administrators with direct git access to All-Users. ++ +Defaults to true. + [[gerrit.installCommitMsgHookCommand]]gerrit.installCommitMsgHookCommand:: + Optional command to install the `commit-msg` hook. Typically of the diff --git a/Documentation/rest-api-config.txt b/Documentation/rest-api-config.txt index c54f7dbb0e..b1b795cd08 100644 --- a/Documentation/rest-api-config.txt +++ b/Documentation/rest-api-config.txt @@ -1193,6 +1193,8 @@ meta data of all users is stored]. Custom base URL where Gerrit server documentation is located. (Documentation may still be available at /Documentation relative to the Gerrit base path even if this value is unset.) +|`edit_gpg_keys` |not set if `false`| +Whether to enable the web UI for editing GPG keys. |`report_bug_url` |optional| link:config-gerrit.html#gerrit.reportBugUrl[URL to report bugs]. |`report_bug_text` |optional, not set if default| diff --git a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/GpgModule.java b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/GpgModule.java index 3e80e37297..bbf61b81af 100644 --- a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/GpgModule.java +++ b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/GpgModule.java @@ -35,6 +35,8 @@ public class GpgModule extends FactoryModule { protected void configure() { boolean configEnableSignedPush = cfg.getBoolean("receive", null, "enableSignedPush", false); + boolean configEditGpgKeys = + cfg.getBoolean("gerrit", null, "editGpgKeys", true); boolean havePgp = BouncyCastleUtil.havePGP(); boolean enableSignedPush = configEnableSignedPush && havePgp; bindConstant().annotatedWith(EnableSignedPush.class).to(enableSignedPush); @@ -47,6 +49,6 @@ public class GpgModule extends FactoryModule { install(new SignedPushModule()); factory(GerritPushCertificateChecker.Factory.class); } - install(new GpgApiModule(enableSignedPush)); + install(new GpgApiModule(enableSignedPush && configEditGpgKeys)); } } diff --git a/gerrit-gwtui-common/src/main/java/com/google/gerrit/client/info/GerritInfo.java b/gerrit-gwtui-common/src/main/java/com/google/gerrit/client/info/GerritInfo.java index f0f3b66c4c..55ef89245a 100644 --- a/gerrit-gwtui-common/src/main/java/com/google/gerrit/client/info/GerritInfo.java +++ b/gerrit-gwtui-common/src/main/java/com/google/gerrit/client/info/GerritInfo.java @@ -37,6 +37,7 @@ public class GerritInfo extends JavaScriptObject { public final native String allProjects() /*-{ return this.all_projects; }-*/; public final native String allUsers() /*-{ return this.all_users; }-*/; public final native String docUrl() /*-{ return this.doc_url; }-*/; + public final native boolean editGpgKeys() /*-{ return this.edit_gpg_keys || false; }-*/; public final native String reportBugUrl() /*-{ return this.report_bug_url; }-*/; public final native String reportBugText() /*-{ return this.report_bug_text; }-*/; diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java index f78230be9a..1efccf26e9 100644 --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/Dispatcher.java @@ -539,7 +539,8 @@ public class Dispatcher { return new MySshKeysScreen(); } - if (matchExact(SETTINGS_GPGKEYS, token)) { + if (matchExact(SETTINGS_GPGKEYS, token) + && Gerrit.info().gerrit().editGpgKeys()) { return new MyGpgKeysScreen(); } diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/SettingsScreen.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/SettingsScreen.java index 2f3a819c3b..49356925be 100644 --- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/SettingsScreen.java +++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/account/SettingsScreen.java @@ -45,7 +45,7 @@ public abstract class SettingsScreen extends MenuScreen { if (Gerrit.info().auth().isHttpPasswordSettingsEnabled()) { linkByGerrit(Util.C.tabHttpAccess(), PageLinks.SETTINGS_HTTP_PASSWORD); } - if (Gerrit.info().receive().enableSignedPush()) { + if (Gerrit.info().gerrit().editGpgKeys()) { linkByGerrit(Util.C.tabGpgKeys(), PageLinks.SETTINGS_GPGKEYS); } linkByGerrit(Util.C.tabWebIdentities(), PageLinks.SETTINGS_WEBIDENT); diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/GetServerInfo.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/GetServerInfo.java index b75d7750bc..9eca842001 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/config/GetServerInfo.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/GetServerInfo.java @@ -238,6 +238,8 @@ public class GetServerInfo implements RestReadView { info.reportBugUrl = cfg.getString("gerrit", null, "reportBugUrl"); info.reportBugText = cfg.getString("gerrit", null, "reportBugText"); info.docUrl = getDocUrl(cfg); + info.editGpgKeys = toBoolean(enableSignedPush + && cfg.getBoolean("gerrit", null, "editGpgKeys", true)); return info; } @@ -367,6 +369,7 @@ public class GetServerInfo implements RestReadView { public String docUrl; public String reportBugUrl; public String reportBugText; + public Boolean editGpgKeys; } public static class GitwebInfo {