From 357d5a5a3d3b95ccbf01c8b7118d5f350509cf8f Mon Sep 17 00:00:00 2001
From: Antoine GIRARD <sapk@users.noreply.github.com>
Date: Fri, 27 Oct 2017 06:36:14 +0200
Subject: [PATCH] Backport to v1.2 of PR 2266 2467 2663 (#2788)

* Only check at least one email gpg key (#2266)

* Only require one email (possibly not yet validated)

* Update message error and check validation of commit

* Add integrations tests

* Complete integration for import

* Add pre-check/optimization

* Add some test (not finished)

* Finish

* Fix fixtures

* Fix typo

* Don't guess key ID

* Make repo private to no interfere with other tests (#2467)

* GPG key email verification no longer case sensitive (#2661) (#2663)

* GPG key email verification no longer case sensitive (#2661)

* case insensitive GPG key email verification now cached (#2661)

Signed-off-by: Julian Scholle <julian.scholle@googlemail.com>
---
 integrations/api_gpg_keys_test.go             | 260 ++++++++++++++++++
 .../gitea-repositories/user2/repo16.git/HEAD  |   1 +
 .../user2/repo16.git/config                   |   4 +
 .../user2/repo16.git/description              |   1 +
 .../repo16.git/hooks/applypatch-msg.sample    |  15 +
 .../user2/repo16.git/hooks/commit-msg.sample  |  24 ++
 .../user2/repo16.git/hooks/post-update.sample |   8 +
 .../repo16.git/hooks/pre-applypatch.sample    |  14 +
 .../user2/repo16.git/hooks/pre-commit.sample  |  49 ++++
 .../user2/repo16.git/hooks/pre-push.sample    |  53 ++++
 .../user2/repo16.git/hooks/pre-rebase.sample  | 169 ++++++++++++
 .../user2/repo16.git/hooks/pre-receive.sample |  24 ++
 .../hooks/prepare-commit-msg.sample           |  36 +++
 .../user2/repo16.git/hooks/update.sample      | 128 +++++++++
 .../user2/repo16.git/info/exclude             |   6 +
 .../0c/3d59dea27b97aa3cb66072745d7a2c51a7a8b1 | Bin 0 -> 54 bytes
 .../24/f83a471f77579fea57bac7255d6e64e70fce1c | Bin 0 -> 54 bytes
 .../27/566bd5738fc8b4e3fef3c5e72cce608537bd95 | Bin 0 -> 575 bytes
 .../3b/2b54fe3d9a8279d5b926124dccdf279b8eff2f |   1 +
 .../45/8121ce9a6b855c9733bae62093caf3f39685de | Bin 0 -> 26 bytes
 .../50/99b81332712fe655e34e8dd63574f503f61811 |   2 +
 .../69/554a64c1e6030f051e5c3f94bfbd773cd6a324 | Bin 0 -> 158 bytes
 .../a4/3476a501516e065c5a82f05fd58fd319598bc1 | Bin 0 -> 57 bytes
 .../e9/4083fcdf1f10c545e9253a23c5e44a2ff68aac | Bin 0 -> 524 bytes
 .../f2/7c2b2b03dcab38beaf89b0ab4ff61f6de63441 | Bin 0 -> 522 bytes
 .../f9/0451c72ef61a7645293d17b47be7a8e983da57 | Bin 0 -> 27 bytes
 .../user2/repo16.git/refs/heads/good-sign     |   1 +
 .../refs/heads/good-sign-not-yet-validated    |   1 +
 .../user2/repo16.git/refs/heads/master        |   1 +
 .../user2/repo16.git/refs/heads/not-signed    |   1 +
 models/error.go                               |  20 +-
 models/fixtures/repository.yml                |  12 +
 models/fixtures/user.yml                      |   2 +-
 models/gpg_key.go                             |  37 ++-
 options/locale/locale_en-US.ini               |   2 +-
 routers/user/setting.go                       |   4 +-
 36 files changed, 852 insertions(+), 24 deletions(-)
 create mode 100644 integrations/api_gpg_keys_test.go
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/HEAD
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/config
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/description
 create mode 100755 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/applypatch-msg.sample
 create mode 100755 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/commit-msg.sample
 create mode 100755 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/post-update.sample
 create mode 100755 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-applypatch.sample
 create mode 100755 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-commit.sample
 create mode 100755 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-push.sample
 create mode 100755 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-rebase.sample
 create mode 100755 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-receive.sample
 create mode 100755 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/prepare-commit-msg.sample
 create mode 100755 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/update.sample
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/info/exclude
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/0c/3d59dea27b97aa3cb66072745d7a2c51a7a8b1
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/24/f83a471f77579fea57bac7255d6e64e70fce1c
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/27/566bd5738fc8b4e3fef3c5e72cce608537bd95
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/3b/2b54fe3d9a8279d5b926124dccdf279b8eff2f
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/45/8121ce9a6b855c9733bae62093caf3f39685de
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/50/99b81332712fe655e34e8dd63574f503f61811
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/69/554a64c1e6030f051e5c3f94bfbd773cd6a324
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/a4/3476a501516e065c5a82f05fd58fd319598bc1
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/e9/4083fcdf1f10c545e9253a23c5e44a2ff68aac
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/f2/7c2b2b03dcab38beaf89b0ab4ff61f6de63441
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/f9/0451c72ef61a7645293d17b47be7a8e983da57
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/good-sign
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/good-sign-not-yet-validated
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/master
 create mode 100644 integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/not-signed

diff --git a/integrations/api_gpg_keys_test.go b/integrations/api_gpg_keys_test.go
new file mode 100644
index 000000000..51dc7843c
--- /dev/null
+++ b/integrations/api_gpg_keys_test.go
@@ -0,0 +1,260 @@
+// Copyright 2017 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"net/http"
+	"strconv"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	api "code.gitea.io/sdk/gitea"
+)
+
+func TestGPGKeys(t *testing.T) {
+	prepareTestEnv(t)
+	session := loginUser(t, "user2")
+
+	tt := []struct {
+		name       string
+		reqBuilder func(testing.TB, *http.Request, int) *TestResponse
+		results    []int
+	}{
+		{name: "NoLogin", reqBuilder: MakeRequest,
+			results: []int{http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized},
+		},
+		{name: "LoggedAsUser2", reqBuilder: session.MakeRequest,
+			results: []int{http.StatusOK, http.StatusOK, http.StatusNotFound, http.StatusNoContent, http.StatusInternalServerError, http.StatusInternalServerError, http.StatusCreated, http.StatusCreated}},
+	}
+
+	for _, tc := range tt {
+
+		//Basic test on result code
+		t.Run(tc.name, func(t *testing.T) {
+			t.Run("ViewOwnGPGKeys", func(t *testing.T) {
+				testViewOwnGPGKeys(t, tc.reqBuilder, tc.results[0])
+			})
+			t.Run("ViewGPGKeys", func(t *testing.T) {
+				testViewGPGKeys(t, tc.reqBuilder, tc.results[1])
+			})
+			t.Run("GetGPGKey", func(t *testing.T) {
+				testGetGPGKey(t, tc.reqBuilder, tc.results[2])
+			})
+			t.Run("DeleteGPGKey", func(t *testing.T) {
+				testDeleteGPGKey(t, tc.reqBuilder, tc.results[3])
+			})
+
+			t.Run("CreateInvalidGPGKey", func(t *testing.T) {
+				testCreateInvalidGPGKey(t, tc.reqBuilder, tc.results[4])
+			})
+			t.Run("CreateNoneRegistredEmailGPGKey", func(t *testing.T) {
+				testCreateNoneRegistredEmailGPGKey(t, tc.reqBuilder, tc.results[5])
+			})
+			t.Run("CreateValidGPGKey", func(t *testing.T) {
+				testCreateValidGPGKey(t, tc.reqBuilder, tc.results[6])
+			})
+			t.Run("CreateValidSecondaryEmailGPGKey", func(t *testing.T) {
+				testCreateValidSecondaryEmailGPGKey(t, tc.reqBuilder, tc.results[7])
+			})
+		})
+	}
+
+	//Check state after basic add
+	t.Run("CheckState", func(t *testing.T) {
+
+		var keys []*api.GPGKey
+
+		req := NewRequest(t, "GET", "/api/v1/user/gpg_keys") //GET all keys
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &keys)
+
+		primaryKey1 := keys[0] //Primary key 1
+		assert.EqualValues(t, "38EA3BCED732982C", primaryKey1.KeyID)
+		assert.EqualValues(t, 1, len(primaryKey1.Emails))
+		assert.EqualValues(t, "user2@example.com", primaryKey1.Emails[0].Email)
+		assert.EqualValues(t, true, primaryKey1.Emails[0].Verified)
+
+		subKey := primaryKey1.SubsKey[0] //Subkey of 38EA3BCED732982C
+		assert.EqualValues(t, "70D7C694D17D03AD", subKey.KeyID)
+		assert.EqualValues(t, 0, len(subKey.Emails))
+
+		primaryKey2 := keys[1] //Primary key 2
+		assert.EqualValues(t, "FABF39739FE1E927", primaryKey2.KeyID)
+		assert.EqualValues(t, 1, len(primaryKey2.Emails))
+		assert.EqualValues(t, "user21@example.com", primaryKey2.Emails[0].Email)
+		assert.EqualValues(t, false, primaryKey2.Emails[0].Verified)
+
+		var key api.GPGKey
+		req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey1.ID, 10)) //Primary key 1
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &key)
+		assert.EqualValues(t, "38EA3BCED732982C", key.KeyID)
+		assert.EqualValues(t, 1, len(key.Emails))
+		assert.EqualValues(t, "user2@example.com", key.Emails[0].Email)
+		assert.EqualValues(t, true, key.Emails[0].Verified)
+
+		req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(subKey.ID, 10)) //Subkey of 38EA3BCED732982C
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &key)
+		assert.EqualValues(t, "70D7C694D17D03AD", key.KeyID)
+		assert.EqualValues(t, 0, len(key.Emails))
+
+		req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey2.ID, 10)) //Primary key 2
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &key)
+		assert.EqualValues(t, "FABF39739FE1E927", key.KeyID)
+		assert.EqualValues(t, 1, len(key.Emails))
+		assert.EqualValues(t, "user21@example.com", key.Emails[0].Email)
+		assert.EqualValues(t, false, key.Emails[0].Verified)
+
+	})
+
+	//Check state after basic add
+	t.Run("CheckCommits", func(t *testing.T) {
+		t.Run("NotSigned", func(t *testing.T) {
+			var branch api.Branch
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/not-signed")
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &branch)
+			assert.EqualValues(t, false, branch.Commit.Verification.Verified)
+		})
+
+		t.Run("SignedWithNotValidatedEmail", func(t *testing.T) {
+			var branch api.Branch
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign-not-yet-validated")
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &branch)
+			assert.EqualValues(t, false, branch.Commit.Verification.Verified)
+		})
+
+		t.Run("SignedWithValidEmail", func(t *testing.T) {
+			var branch api.Branch
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign")
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &branch)
+			assert.EqualValues(t, true, branch.Commit.Verification.Verified)
+		})
+	})
+}
+
+func testViewOwnGPGKeys(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) {
+	req := NewRequest(t, "GET", "/api/v1/user/gpg_keys")
+	reqBuilder(t, req, expected)
+}
+
+func testViewGPGKeys(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) {
+	req := NewRequest(t, "GET", "/api/v1/users/user2/gpg_keys")
+	reqBuilder(t, req, expected)
+}
+
+func testGetGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) {
+	req := NewRequest(t, "GET", "/api/v1/user/gpg_keys/1")
+	reqBuilder(t, req, expected)
+}
+
+func testDeleteGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) {
+	req := NewRequest(t, "DELETE", "/api/v1/user/gpg_keys/1")
+	reqBuilder(t, req, expected)
+}
+
+func testCreateGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int, publicKey string) {
+	req := NewRequestWithJSON(t, "POST", "/api/v1/user/gpg_keys", api.CreateGPGKeyOption{
+		ArmoredKey: publicKey,
+	})
+	reqBuilder(t, req, expected)
+}
+
+func testCreateInvalidGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) {
+	testCreateGPGKey(t, reqBuilder, expected, "invalid_key")
+}
+
+func testCreateNoneRegistredEmailGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) {
+	testCreateGPGKey(t, reqBuilder, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFmGUygBCACjCNbKvMGgp0fd5vyFW9olE1CLCSyyF9gQN2hSuzmZLuAZF2Kh
+dCMCG2T1UwzUB/yWUFWJ2BtCwSjuaRv+cGohqEy6bhEBV90peGA33lHfjx7wP25O
+7moAphDOTZtDj1AZfCh/PTcJut8Lc0eRDMhNyp/bYtO7SHNT1Hr6rrCV/xEtSAvR
+3b148/tmIBiSadaLwc558KU3ucjnW5RVGins3AjBZ+TuT4XXVH/oeLSeXPSJ5rt1
+rHwaseslMqZ4AbvwFLx5qn1OC9rEQv/F548QsA8m0IntLjoPon+6wcubA9Gra21c
+Fp6aRYl9x7fiqXDLg8i3s2nKdV7+e6as6Tp9ABEBAAG0FG5vdGtub3duQGV4YW1w
+bGUuY29tiQEcBBABAgAGBQJZhlMoAAoJEC8+pvYULDtte/wH/2JNrhmHwDY+hMj0
+batIK4HICnkKxjIgbha80P2Ao08NkzSge58fsxiKDFYAQjHui+ZAw4dq79Ax9AOO
+Iv2GS9+DUfWhrb6RF+vNuJldFzcI0rTW/z2q+XGKrUCwN3khJY5XngHfQQrdBtMK
+qsoUXz/5B8g422RTbo/SdPsyYAV6HeLLeV3rdgjI1fpaW0seZKHeTXQb/HvNeuPg
+qz+XV1g6Gdqa1RjDOaX7A8elVKxrYq3LBtc93FW+grBde8n7JL0zPM3DY+vJ0IJZ
+INx/MmBfmtCq05FqNclvU+sj2R3N1JJOtBOjZrJHQbJhzoILou8AkxeX1A+q9OAz
+1geiY5E=
+=TkP3
+-----END PGP PUBLIC KEY BLOCK-----`)
+}
+
+func testCreateValidGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) {
+	//User2 <user2@example.com> //primary & activated
+	testCreateGPGKey(t, reqBuilder, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFmGVsMBCACuxgZ7W7rI9xN08Y4M7B8yx/6/I4Slm94+wXf8YNRvAyqj30dW
+VJhyBcnfNRDLKSQp5o/hhfDkCgdqBjLa1PnHlGS3PXJc0hP/FyYPD2BFvNMPpCYS
+eu3T1qKSNXm6X0XOWD2LIrdiDC8HaI9FqZVMI/srMK2CF8XCL2m67W1FuoPlWzod
+5ORy0IZB7spoF0xihmcgnEGElRmdo5w/vkGH8U7Zyn9Eb57UVFeafgeskf4wqB23
+BjbMdW2YaB+yzMRwYgOnD5lnBD4uqSmvjaV9C0kxn7x+oJkkiRV8/z1cNcO+BaeQ
+Akh/yTTeTzYGSc/ZOqCX1O+NOPgSeixVlqenABEBAAG0GVVzZXIyIDx1c2VyMkBl
+eGFtcGxlLmNvbT6JAVQEEwEIAD4WIQRXgbSh0TtGbgRd7XI46jvO1zKYLAUCWYZW
+wwIbAwUJA8JnAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRA46jvO1zKYLF/e
+B/91wm2KLMIQBZBA9WA2/+9rQWTo9EqgYrXN60rEzX3cYJWXZiE4DrKR1oWDGNLi
+KXOCW62snvJldolBqq0ZqaKvPKzl0Y5TRqbYEc9AjUSqgRin1b+G2DevLGT4ibq+
+7ocQvz0XkASEUAgHahp0Ubiiib1521WwT/duL+AG8Gg0+DK09RfV3eX5/EOkQCKv
+8cutqgsd2Smz40A8wXuJkRcipZBtrB/GkUaZ/eJdwEeSYZjEA9GWF61LJT2stvRN
+HCk7C3z3pVEek1PluiFs/4VN8BG8yDzW4c0tLty4Fj3VwPqwIbB5AJbquVfhQCb4
+Eep2lm3Lc9b1OwO5N3coPJkouQENBFmGVsMBCADAGba2L6NCOE1i3WIP6CPzbdOo
+N3gdTfTgccAx9fNeon9jor+3tgEjlo9/6cXiRoksOV6W4wFab/ZwWgwN6JO4CGvZ
+Wi7EQwMMMp1E36YTojKQJrcA9UvMnTHulqQQ88F5E845DhzFQM3erv42QZZMBAX3
+kXCgy1GNFocl6tLUvJdEqs+VcJGGANMpmzE4WLa8KhSYnxipwuQ62JBy9R+cHyKT
+OARk8znRqSu5bT3LtlrZ/HXu+6Oy4+2uCdNzZIh5J5tPS7CPA6ptl88iGVBte/CJ
+7cjgJWSQqeYp2Y5QvsWAivkQ4Ww9plHbbwV0A2eaHsjjWzlUl3HoJ/snMOhBABEB
+AAGJATwEGAEIACYWIQRXgbSh0TtGbgRd7XI46jvO1zKYLAUCWYZWwwIbDAUJA8Jn
+AAAKCRA46jvO1zKYLBwLCACQOpeRVrwIKVaWcPMYjVHHJsGscaLKpgpARAUgbiG6
+Cbc2WI8Sm3fRwrY0VAfN+u9QwrtvxANcyB3vTgTzw7FimfhOimxiTSO8HQCfjDZF
+Xly8rq+Fua7+ClWUpy21IekW41VvZYjH2sL6EVP+UcEOaGAyN53XfhaRVZPhNtZN
+NKAE9N5EG3rbsZ33LzJj40rEKlzFSseAAPft8qA3IXjzFBx+PQXHMpNCagL79he6
+lqockTJ+oPmta4CF/J0U5LUr1tOZXheL3TP6m8d08gDrtn0YuGOPk87i9sJz+jR9
+uy6MA3VSB99SK9ducGmE1Jv8mcziREroz2TEGr0zPs6h
+=J59D
+-----END PGP PUBLIC KEY BLOCK-----`)
+}
+
+func testCreateValidSecondaryEmailGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) {
+	//User2 <user21@example.com> //secondary and not activated
+	testCreateGPGKey(t, reqBuilder, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFmGWN4BCAC18V4tVGO65VLCV7p14FuXJlUtZ5CuYMvgEkcOqrvRaBSW9ao4
+PGESOhJpfWpnW3QgJniYndLzPpsmdHEclEER6aZjiNgReWPOjHD5tykWocZAJqXD
+eY1ym59gvVMLcfbV2yQsyR2hbJlc+dJsl16tigSEe3nwxZSw2IsW92pgEzT9JNUr
+Q+mC8dw4dqY0tYmFazYUGNxufUc/twgQT/Or1aNs0az5Q6Jft4rrTRsh/S7We0VB
+COKGkdcQyYgAls7HJBuPjQRi6DM9VhgBSHLAgSLyaUcZvhZBJr8Qe/q4PP3/kYDJ
+wm4RMnjOLz2pFZPgtRqgcAwpmFtLrACbEB3JABEBAAG0GlVzZXIyIDx1c2VyMjFA
+ZXhhbXBsZS5jb20+iQFUBBMBCAA+FiEEPOLHOjPSO42DWM57+r85c5/h6ScFAlmG
+WN4CGwMFCQPCZwAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ+r85c5/h6Sfx
+Lgf/dq64NBV8+X9an3seaLxePRviva48e4K67/wV/JxtXNO5Z/DhMGz5kHXCsG9D
+CXuWYO8ehlTjEnMZ6qqdDnY+H6bQsb2OS5oPn4RwpPXslAjEKtojPAr0dDsMS2DB
+dUuIm1AoOnewOVO0OFRf1EqX1bivxnN0FVMcO0m8AczfnKDaGb0y/qg/Y9JAsKqp
+j5pZNMWUkntRtGySeJ4CVJMmkVKJAHsa1Qj6MKdFeid4h4y94cBJ4ZdyBxNdpQOx
+ydf0doicovfeqGNO4oWzsGP4RBK2CqGPCUT+EFl20jPvMkKwOjxgqc8p0z3b2UT9
++9bnmCGHgF/fW1HJ3iKmfFPqnLkBDQRZhljeAQgA5AirU/NJGgm19ZJYFOiHftjS
+azbrPxGeD3cSqmvDPIMc1DNZGfQV5D4EVumnVbQBtL6xHFoGKz9KisUMbe4a/X2J
+S8JmIphQWG0vMJX1DaZIzr2gT71MnPD7JMGsSUCh5dIKpTNTZX4w+oGPGOu0/UlL
+x0448AryKwp30J2p6D4GeI0nb03n35S2lTOpnHDn1wj7Jl/8LS2fdFOdNaNHXSZe
+twdSwJKhyBEiScgeHBDyKqo8zWkYoSb9eA2HiYlbVaiNtp24KP1mIEpiUdrRjWno
+zauYSZGHZlOFMgF4dKWuetPiuH9m7UYZGKyMLfQ9vYFb+xcPh2bLCQHJ1OEmMQAR
+AQABiQE8BBgBCAAmFiEEPOLHOjPSO42DWM57+r85c5/h6ScFAlmGWN4CGwwFCQPC
+ZwAACgkQ+r85c5/h6Sfjfwf+O4WEjRdvPJLxNy7mfAGoAqDMHIwyH/tVzYgyVhnG
+h/+cfRxJbGc3rpjYdr8dmvghzjEAout8uibPWaIqs63RCAPGPqgWLfxNO5c8+y8V
+LZMVOTV26l2olkkdBWAuhLqKTNh6TiQva03yhOgHWj4XDvFfxICWPFXVd6t5ELpD
+iApGu1OAj8JfhmzbG03Yzx+Ku7bWDxMonx3V/IDEu5LS5zrboHYDKCA53bXXghoi
+Aceqql+PKrDwEjoY4bptwMHLmcjGjdCQ//Qx1neho7nZcS7xjTucY8gQuulwCyXF
+y6wM+wMz8dunIG9gw4+Re6c4Rz9tX1kzxLrU7Pl21tMqfg==
+=0N/9
+-----END PGP PUBLIC KEY BLOCK-----`)
+}
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/HEAD b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/HEAD
new file mode 100644
index 000000000..cb089cd89
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/master
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/config b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/config
new file mode 100644
index 000000000..07d359d07
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/config
@@ -0,0 +1,4 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/description b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/description
new file mode 100644
index 000000000..498b267a8
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/description
@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/applypatch-msg.sample b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/applypatch-msg.sample
new file mode 100755
index 000000000..a5d7b84a6
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/applypatch-msg.sample
@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message taken by
+# applypatch from an e-mail message.
+#
+# The hook should exit with non-zero status after issuing an
+# appropriate message if it wants to stop the commit.  The hook is
+# allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "applypatch-msg".
+
+. git-sh-setup
+commitmsg="$(git rev-parse --git-path hooks/commit-msg)"
+test -x "$commitmsg" && exec "$commitmsg" ${1+"$@"}
+:
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/commit-msg.sample b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/commit-msg.sample
new file mode 100755
index 000000000..b58d1184a
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/commit-msg.sample
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message.
+# Called by "git commit" with one argument, the name of the file
+# that has the commit message.  The hook should exit with non-zero
+# status after issuing an appropriate message if it wants to stop the
+# commit.  The hook is allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "commit-msg".
+
+# Uncomment the below to add a Signed-off-by line to the message.
+# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
+# hook is more suited to it.
+#
+# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
+# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
+
+# This example catches duplicate Signed-off-by lines.
+
+test "" = "$(grep '^Signed-off-by: ' "$1" |
+	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
+	echo >&2 Duplicate Signed-off-by lines.
+	exit 1
+}
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/post-update.sample b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/post-update.sample
new file mode 100755
index 000000000..ec17ec193
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/post-update.sample
@@ -0,0 +1,8 @@
+#!/bin/sh
+#
+# An example hook script to prepare a packed repository for use over
+# dumb transports.
+#
+# To enable this hook, rename this file to "post-update".
+
+exec git update-server-info
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-applypatch.sample b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-applypatch.sample
new file mode 100755
index 000000000..4142082bc
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-applypatch.sample
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed
+# by applypatch from an e-mail message.
+#
+# The hook should exit with non-zero status after issuing an
+# appropriate message if it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-applypatch".
+
+. git-sh-setup
+precommit="$(git rev-parse --git-path hooks/pre-commit)"
+test -x "$precommit" && exec "$precommit" ${1+"$@"}
+:
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-commit.sample b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-commit.sample
new file mode 100755
index 000000000..68d62d544
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-commit.sample
@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed.
+# Called by "git commit" with no arguments.  The hook should
+# exit with non-zero status after issuing an appropriate message if
+# it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-commit".
+
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+	against=HEAD
+else
+	# Initial commit: diff against an empty tree object
+	against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+fi
+
+# If you want to allow non-ASCII filenames set this variable to true.
+allownonascii=$(git config --bool hooks.allownonascii)
+
+# Redirect output to stderr.
+exec 1>&2
+
+# Cross platform projects tend to avoid non-ASCII filenames; prevent
+# them from being added to the repository. We exploit the fact that the
+# printable range starts at the space character and ends with tilde.
+if [ "$allownonascii" != "true" ] &&
+	# Note that the use of brackets around a tr range is ok here, (it's
+	# even required, for portability to Solaris 10's /usr/bin/tr), since
+	# the square bracket bytes happen to fall in the designated range.
+	test $(git diff --cached --name-only --diff-filter=A -z $against |
+	  LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
+then
+	cat <<\EOF
+Error: Attempt to add a non-ASCII file name.
+
+This can cause problems if you want to work with people on other platforms.
+
+To be portable it is advisable to rename the file.
+
+If you know what you are doing you can disable this check using:
+
+  git config hooks.allownonascii true
+EOF
+	exit 1
+fi
+
+# If there are whitespace errors, print the offending file names and fail.
+exec git diff-index --check --cached $against --
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-push.sample b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-push.sample
new file mode 100755
index 000000000..6187dbf43
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-push.sample
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# An example hook script to verify what is about to be pushed.  Called by "git
+# push" after it has checked the remote status, but before anything has been
+# pushed.  If this script exits with a non-zero status nothing will be pushed.
+#
+# This hook is called with the following parameters:
+#
+# $1 -- Name of the remote to which the push is being done
+# $2 -- URL to which the push is being done
+#
+# If pushing without using a named remote those arguments will be equal.
+#
+# Information about the commits which are being pushed is supplied as lines to
+# the standard input in the form:
+#
+#   <local ref> <local sha1> <remote ref> <remote sha1>
+#
+# This sample shows how to prevent push of commits where the log message starts
+# with "WIP" (work in progress).
+
+remote="$1"
+url="$2"
+
+z40=0000000000000000000000000000000000000000
+
+while read local_ref local_sha remote_ref remote_sha
+do
+	if [ "$local_sha" = $z40 ]
+	then
+		# Handle delete
+		:
+	else
+		if [ "$remote_sha" = $z40 ]
+		then
+			# New branch, examine all commits
+			range="$local_sha"
+		else
+			# Update to existing branch, examine new commits
+			range="$remote_sha..$local_sha"
+		fi
+
+		# Check for WIP commit
+		commit=`git rev-list -n 1 --grep '^WIP' "$range"`
+		if [ -n "$commit" ]
+		then
+			echo >&2 "Found WIP commit in $local_ref, not pushing"
+			exit 1
+		fi
+	fi
+done
+
+exit 0
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-rebase.sample b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-rebase.sample
new file mode 100755
index 000000000..9773ed4cb
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-rebase.sample
@@ -0,0 +1,169 @@
+#!/bin/sh
+#
+# Copyright (c) 2006, 2008 Junio C Hamano
+#
+# The "pre-rebase" hook is run just before "git rebase" starts doing
+# its job, and can prevent the command from running by exiting with
+# non-zero status.
+#
+# The hook is called with the following parameters:
+#
+# $1 -- the upstream the series was forked from.
+# $2 -- the branch being rebased (or empty when rebasing the current branch).
+#
+# This sample shows how to prevent topic branches that are already
+# merged to 'next' branch from getting rebased, because allowing it
+# would result in rebasing already published history.
+
+publish=next
+basebranch="$1"
+if test "$#" = 2
+then
+	topic="refs/heads/$2"
+else
+	topic=`git symbolic-ref HEAD` ||
+	exit 0 ;# we do not interrupt rebasing detached HEAD
+fi
+
+case "$topic" in
+refs/heads/??/*)
+	;;
+*)
+	exit 0 ;# we do not interrupt others.
+	;;
+esac
+
+# Now we are dealing with a topic branch being rebased
+# on top of master.  Is it OK to rebase it?
+
+# Does the topic really exist?
+git show-ref -q "$topic" || {
+	echo >&2 "No such branch $topic"
+	exit 1
+}
+
+# Is topic fully merged to master?
+not_in_master=`git rev-list --pretty=oneline ^master "$topic"`
+if test -z "$not_in_master"
+then
+	echo >&2 "$topic is fully merged to master; better remove it."
+	exit 1 ;# we could allow it, but there is no point.
+fi
+
+# Is topic ever merged to next?  If so you should not be rebasing it.
+only_next_1=`git rev-list ^master "^$topic" ${publish} | sort`
+only_next_2=`git rev-list ^master           ${publish} | sort`
+if test "$only_next_1" = "$only_next_2"
+then
+	not_in_topic=`git rev-list "^$topic" master`
+	if test -z "$not_in_topic"
+	then
+		echo >&2 "$topic is already up-to-date with master"
+		exit 1 ;# we could allow it, but there is no point.
+	else
+		exit 0
+	fi
+else
+	not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"`
+	/usr/bin/perl -e '
+		my $topic = $ARGV[0];
+		my $msg = "* $topic has commits already merged to public branch:\n";
+		my (%not_in_next) = map {
+			/^([0-9a-f]+) /;
+			($1 => 1);
+		} split(/\n/, $ARGV[1]);
+		for my $elem (map {
+				/^([0-9a-f]+) (.*)$/;
+				[$1 => $2];
+			} split(/\n/, $ARGV[2])) {
+			if (!exists $not_in_next{$elem->[0]}) {
+				if ($msg) {
+					print STDERR $msg;
+					undef $msg;
+				}
+				print STDERR " $elem->[1]\n";
+			}
+		}
+	' "$topic" "$not_in_next" "$not_in_master"
+	exit 1
+fi
+
+exit 0
+
+################################################################
+
+This sample hook safeguards topic branches that have been
+published from being rewound.
+
+The workflow assumed here is:
+
+ * Once a topic branch forks from "master", "master" is never
+   merged into it again (either directly or indirectly).
+
+ * Once a topic branch is fully cooked and merged into "master",
+   it is deleted.  If you need to build on top of it to correct
+   earlier mistakes, a new topic branch is created by forking at
+   the tip of the "master".  This is not strictly necessary, but
+   it makes it easier to keep your history simple.
+
+ * Whenever you need to test or publish your changes to topic
+   branches, merge them into "next" branch.
+
+The script, being an example, hardcodes the publish branch name
+to be "next", but it is trivial to make it configurable via
+$GIT_DIR/config mechanism.
+
+With this workflow, you would want to know:
+
+(1) ... if a topic branch has ever been merged to "next".  Young
+    topic branches can have stupid mistakes you would rather
+    clean up before publishing, and things that have not been
+    merged into other branches can be easily rebased without
+    affecting other people.  But once it is published, you would
+    not want to rewind it.
+
+(2) ... if a topic branch has been fully merged to "master".
+    Then you can delete it.  More importantly, you should not
+    build on top of it -- other people may already want to
+    change things related to the topic as patches against your
+    "master", so if you need further changes, it is better to
+    fork the topic (perhaps with the same name) afresh from the
+    tip of "master".
+
+Let's look at this example:
+
+		   o---o---o---o---o---o---o---o---o---o "next"
+		  /       /           /           /
+		 /   a---a---b A     /           /
+		/   /               /           /
+	       /   /   c---c---c---c B         /
+	      /   /   /             \         /
+	     /   /   /   b---b C     \       /
+	    /   /   /   /             \     /
+    ---o---o---o---o---o---o---o---o---o---o---o "master"
+
+
+A, B and C are topic branches.
+
+ * A has one fix since it was merged up to "next".
+
+ * B has finished.  It has been fully merged up to "master" and "next",
+   and is ready to be deleted.
+
+ * C has not merged to "next" at all.
+
+We would want to allow C to be rebased, refuse A, and encourage
+B to be deleted.
+
+To compute (1):
+
+	git rev-list ^master ^topic next
+	git rev-list ^master        next
+
+	if these match, topic has not merged in next at all.
+
+To compute (2):
+
+	git rev-list master..topic
+
+	if this is empty, it is fully merged to "master".
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-receive.sample b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-receive.sample
new file mode 100755
index 000000000..a1fd29ec1
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/pre-receive.sample
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# An example hook script to make use of push options.
+# The example simply echoes all push options that start with 'echoback='
+# and rejects all pushes when the "reject" push option is used.
+#
+# To enable this hook, rename this file to "pre-receive".
+
+if test -n "$GIT_PUSH_OPTION_COUNT"
+then
+	i=0
+	while test "$i" -lt "$GIT_PUSH_OPTION_COUNT"
+	do
+		eval "value=\$GIT_PUSH_OPTION_$i"
+		case "$value" in
+		echoback=*)
+			echo "echo from the pre-receive-hook: ${value#*=}" >&2
+			;;
+		reject)
+			exit 1
+		esac
+		i=$((i + 1))
+	done
+fi
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/prepare-commit-msg.sample b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/prepare-commit-msg.sample
new file mode 100755
index 000000000..f093a02ec
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/prepare-commit-msg.sample
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# An example hook script to prepare the commit log message.
+# Called by "git commit" with the name of the file that has the
+# commit message, followed by the description of the commit
+# message's source.  The hook's purpose is to edit the commit
+# message file.  If the hook fails with a non-zero status,
+# the commit is aborted.
+#
+# To enable this hook, rename this file to "prepare-commit-msg".
+
+# This hook includes three examples.  The first comments out the
+# "Conflicts:" part of a merge commit.
+#
+# The second includes the output of "git diff --name-status -r"
+# into the message, just before the "git status" output.  It is
+# commented because it doesn't cope with --amend or with squashed
+# commits.
+#
+# The third example adds a Signed-off-by line to the message, that can
+# still be edited.  This is rarely a good idea.
+
+case "$2,$3" in
+  merge,)
+    /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;;
+
+# ,|template,)
+#   /usr/bin/perl -i.bak -pe '
+#      print "\n" . `git diff --cached --name-status -r`
+#	 if /^#/ && $first++ == 0' "$1" ;;
+
+  *) ;;
+esac
+
+# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
+# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/update.sample b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/update.sample
new file mode 100755
index 000000000..80ba94135
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/hooks/update.sample
@@ -0,0 +1,128 @@
+#!/bin/sh
+#
+# An example hook script to block unannotated tags from entering.
+# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
+#
+# To enable this hook, rename this file to "update".
+#
+# Config
+# ------
+# hooks.allowunannotated
+#   This boolean sets whether unannotated tags will be allowed into the
+#   repository.  By default they won't be.
+# hooks.allowdeletetag
+#   This boolean sets whether deleting tags will be allowed in the
+#   repository.  By default they won't be.
+# hooks.allowmodifytag
+#   This boolean sets whether a tag may be modified after creation. By default
+#   it won't be.
+# hooks.allowdeletebranch
+#   This boolean sets whether deleting branches will be allowed in the
+#   repository.  By default they won't be.
+# hooks.denycreatebranch
+#   This boolean sets whether remotely creating branches will be denied
+#   in the repository.  By default this is allowed.
+#
+
+# --- Command line
+refname="$1"
+oldrev="$2"
+newrev="$3"
+
+# --- Safety check
+if [ -z "$GIT_DIR" ]; then
+	echo "Don't run this script from the command line." >&2
+	echo " (if you want, you could supply GIT_DIR then run" >&2
+	echo "  $0 <ref> <oldrev> <newrev>)" >&2
+	exit 1
+fi
+
+if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
+	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
+	exit 1
+fi
+
+# --- Config
+allowunannotated=$(git config --bool hooks.allowunannotated)
+allowdeletebranch=$(git config --bool hooks.allowdeletebranch)
+denycreatebranch=$(git config --bool hooks.denycreatebranch)
+allowdeletetag=$(git config --bool hooks.allowdeletetag)
+allowmodifytag=$(git config --bool hooks.allowmodifytag)
+
+# check for no description
+projectdesc=$(sed -e '1q' "$GIT_DIR/description")
+case "$projectdesc" in
+"Unnamed repository"* | "")
+	echo "*** Project description file hasn't been set" >&2
+	exit 1
+	;;
+esac
+
+# --- Check types
+# if $newrev is 0000...0000, it's a commit to delete a ref.
+zero="0000000000000000000000000000000000000000"
+if [ "$newrev" = "$zero" ]; then
+	newrev_type=delete
+else
+	newrev_type=$(git cat-file -t $newrev)
+fi
+
+case "$refname","$newrev_type" in
+	refs/tags/*,commit)
+		# un-annotated tag
+		short_refname=${refname##refs/tags/}
+		if [ "$allowunannotated" != "true" ]; then
+			echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
+			echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
+			exit 1
+		fi
+		;;
+	refs/tags/*,delete)
+		# delete tag
+		if [ "$allowdeletetag" != "true" ]; then
+			echo "*** Deleting a tag is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/tags/*,tag)
+		# annotated tag
+		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
+		then
+			echo "*** Tag '$refname' already exists." >&2
+			echo "*** Modifying a tag is not allowed in this repository." >&2
+			exit 1
+		fi
+		;;
+	refs/heads/*,commit)
+		# branch
+		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
+			echo "*** Creating a branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/heads/*,delete)
+		# delete branch
+		if [ "$allowdeletebranch" != "true" ]; then
+			echo "*** Deleting a branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/remotes/*,commit)
+		# tracking branch
+		;;
+	refs/remotes/*,delete)
+		# delete tracking branch
+		if [ "$allowdeletebranch" != "true" ]; then
+			echo "*** Deleting a tracking branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	*)
+		# Anything else (is there anything else?)
+		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
+		exit 1
+		;;
+esac
+
+# --- Finished
+exit 0
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/info/exclude b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/info/exclude
new file mode 100644
index 000000000..a5196d1be
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/info/exclude
@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/0c/3d59dea27b97aa3cb66072745d7a2c51a7a8b1 b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/0c/3d59dea27b97aa3cb66072745d7a2c51a7a8b1
new file mode 100644
index 0000000000000000000000000000000000000000..e62f09ac5f190dd6f4768eca2a5bab42b1b4fb79
GIT binary patch
literal 54
zcmb<m)YkO!4K*-JH!v|UFg6U-@bdLJ>3j9GZ(>1ih>f}SZqu|~AJ?UGP4=(-XS4RJ
K9E0CYp$Gu#L=;E>

literal 0
HcmV?d00001

diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/24/f83a471f77579fea57bac7255d6e64e70fce1c b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/24/f83a471f77579fea57bac7255d6e64e70fce1c
new file mode 100644
index 0000000000000000000000000000000000000000..2558be67ee7ff2c944e868565d1ece9378276f16
GIT binary patch
literal 54
zcmV-60LlM&0V^p=O;s>9XD~D{Ff%bxC`wIC$xYSEO=0-S5_nwin^c*rrmgsv>gOw7
MHs1;d07dE$-5<9WwEzGB

literal 0
HcmV?d00001

diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/27/566bd5738fc8b4e3fef3c5e72cce608537bd95 b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/27/566bd5738fc8b4e3fef3c5e72cce608537bd95
new file mode 100644
index 0000000000000000000000000000000000000000..6042481f4e9127be6666f4d97ab78a5b7df04c6e
GIT binary patch
literal 575
zcmV-F0>J%v0hN+VlbS#ffOF<o%rPk{D-2JovZ;(Rinu6>7K=AvW)KB=IDq);!)7bD
zT+)~B`ntNStG-UkqR2QfH0=v-C<RIkV@+jLA=Ai&#*}FB6zVcmNs<sYg4m>tK_*mD
zLvI{t(sV?!qCi82jOv<36_uKV=!#~jOp_F*%cd*~QOnO|1CDpvK=7meNb)cGh>9ww
zFG*Sa1hOVUNrg~RfjCx@Fw*fhPXBKzt<rmzg6|(O!^_nMcuNoXtK|kAj(hxv3qSzb
z4nJoI&E^P^MTW7reY3Y0&)=%h3S7+)8&gZP$yxW41<DIMuuC*gue-lo0J_f}&z^~n
zO{eF2W3}Yk*J3iE-IEUmI$600t(v|0_%x9?a_Ay_=Hj^s{7XU`R0+U5MfTmgl61!`
zanJN?>6~nuDn{rSdL8b!7dlKDX}IUXLmAgn7}#qiu>1UG=F?6UK*Xg5CcblYBa2y2
zdx3(zdq-Jq)K<WiebKR`S+lpy<kHrbW-}Nh=6Wc%S@7Ntl`jBQb%`N`dUG<d(+zjm
z8`i@iZdQe7dxo>0vpVipdiB7kRGA-Wb&ggN(~g_8L+g481yCtVSKMszbLX!PRXEWX
z)*8PzyN;6>Ir}!;;DVGfcGt6=&B`?F^9x6P&)xQ!;m2`waZPB@5;uR3FUz1SO(eyc
z7^YKpslER7RRFKI2V4lBR`JIAms24vO9DpsH%h?g?|`p;#?RnZaxhR1x+u>`#K$%*
NqAdR={042l?Z;9^8wdaZ

literal 0
HcmV?d00001

diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/3b/2b54fe3d9a8279d5b926124dccdf279b8eff2f b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/3b/2b54fe3d9a8279d5b926124dccdf279b8eff2f
new file mode 100644
index 000000000..13de5951f
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/3b/2b54fe3d9a8279d5b926124dccdf279b8eff2f
@@ -0,0 +1 @@
+x
+)JMU06g040031Q(JML�M��MaXbR��10�-&��C���˒��
=�,
\ No newline at end of file
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/45/8121ce9a6b855c9733bae62093caf3f39685de b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/45/8121ce9a6b855c9733bae62093caf3f39685de
new file mode 100644
index 0000000000000000000000000000000000000000..7db2d33de16b23de695e12f201aee6c49e1c7983
GIT binary patch
literal 26
icmb<m^geacKghr&!Q=dS|3Hm%KIb1ZF_`JFE(HLPND4&&

literal 0
HcmV?d00001

diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/50/99b81332712fe655e34e8dd63574f503f61811 b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/50/99b81332712fe655e34e8dd63574f503f61811
new file mode 100644
index 000000000..30997633f
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/50/99b81332712fe655e34e8dd63574f503f61811
@@ -0,0 +1,2 @@
+x
��Q
+B!E�v���O'!�M��Q�׃�����g������TKY:v���N6����b f�����&��19���ho�V\Wi��yqy��j9�q��F��j���?ٟ��Z3������*S6#
\ No newline at end of file
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/69/554a64c1e6030f051e5c3f94bfbd773cd6a324 b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/69/554a64c1e6030f051e5c3f94bfbd773cd6a324
new file mode 100644
index 0000000000000000000000000000000000000000..77ea95d297ed75139614c714ecc731b884aae216
GIT binary patch
literal 158
zcmV;P0Ac@l0hNwR3IZ_@L|x|;*$a|ir!yepB|JdV>8M~P!%PM|z7bF0svZTeC~CDn
zyENJ#`pPVgE5SyGx*!5hg(F~!ga#mc_Kr~%VohR+E6+nj@IGZg8w!Qw*cL99fYA`K
zR{<=hJb{RNf3#KJHeQW9@87ucJJ#jJCu;Q~H7KK;v1*dXK}w8vT<iRoB<9xT_Po!W
M<!?ZI02BH{-IAb4qW}N^

literal 0
HcmV?d00001

diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/a4/3476a501516e065c5a82f05fd58fd319598bc1 b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/a4/3476a501516e065c5a82f05fd58fd319598bc1
new file mode 100644
index 0000000000000000000000000000000000000000..e021b19eff3babea16f6ea81f81c16eca6b829d3
GIT binary patch
literal 57
zcmV-90LK4#0ZYosPf{>3WJu4?Pf;k&OwUu$D9<d(P{_+KQK(EUQ7B8y$xKNsNlj5m
P%}vbA(c}UEoWBsS+tC@c

literal 0
HcmV?d00001

diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/e9/4083fcdf1f10c545e9253a23c5e44a2ff68aac b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/e9/4083fcdf1f10c545e9253a23c5e44a2ff68aac
new file mode 100644
index 0000000000000000000000000000000000000000..780affc887f959dc773e88777040fceff83837db
GIT binary patch
literal 524
zcmV+n0`vWN0fmxFlbS#jMzii;(R(WanwM5(QUQ6*C@)(S+_iKIC=Y?Q2L1JMGRZDg
zxtn|IRDE?9=gYgMsW{Yh<qIDegJLdIbwL?H`f;HXBIid<6Lq93D%A<fRf*_iev|;Y
z@v<9WGO_`|@3)WjlTD<#*6dr}H9w%FibzzDBua4hyhQM%&sUuNH>640T>cX(uEkgt
z@axBzw)+~u$c-R=bpvCYZ0z40Kme=Qewc<~E)9b^m2F4i+6&JS4i#kWeN~?gb2V3m
zQp34p)Qxxb3S(JZ;=dd~4W9<<{WJ@gcwErQJ!wJDq*ZqICt<uhYE$n@f4N<8)y#Uz
z%XQ#M)V+I2)~!uvaRE@C4%onhINxp*x$Ts<SaEsZ_>Ym&dZgCfO?Un@`S|T%r2Ct5
zz87v{3$=dOd#SQE0X#f%Dyl2?)|VU$=}>#KdMC?@5S^scYm0?KOE1@^wVh)+dcx_Q
zsG1h-iv4hi_n906XcLA9vK}*y)coNqT9EX@ilAbHdh2mRRc3SE?q=0-y=g1|ARiMJ
zNQr_1=h|-&1~ACngf9%%tmLw*u)K}inLIZm!45qgdy+ZUi%_tw<+TkBUOL6j91x=3
zjmOsIoooQSiM61I_G<F-O0xFtc^*q??hWPRyp@ZW7XV)>%0uvJ)efwGIR!=6QTTM<
OG73Md1AYOeztJY^#s$Ct

literal 0
HcmV?d00001

diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/f2/7c2b2b03dcab38beaf89b0ab4ff61f6de63441 b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/f2/7c2b2b03dcab38beaf89b0ab4ff61f6de63441
new file mode 100644
index 0000000000000000000000000000000000000000..7cb8b91898e9baed0332b8736fcb96c57faeecc2
GIT binary patch
literal 522
zcmV+l0`>iP0fmyylA1siMzijx=)ILl15ImHCY2Ui21FDUVcY?Y4F6+`1NiiDGRZDg
zxtn|IRDE?9=S$kU&O4|P^-Cwx6iSK0@tmiTOyW6-A|;76O(HT;F(;9nU=)#P79$Yd
zy4O}f|C$OJe!qRJpXm_QZ&ms&Y3m;lVM&%$8A%9E9+w0j^zo`o{~OX&Ow>Q2>@B<I
z8T|S&3uam_+?rdsw@jBF{2lwv0R%Aj*nL6iLZ_53bH<LUDYcxDU9GY(MdN1El6#ko
zwcamjRX>XvrFvF+e>s4)KE4T>(U#n-`OY2>TAmWkb&j!DD3tVN^1L0^Vv`Q8U)sei
zn_Q~?-8i3{Lg_Ny1<;r##TYF+r7hM<e>N-0vuw$-pUpVtbU(_Kt6w-G+Da+9E?l}Y
za(WboS$atDO{xG4PURrN>(ts?ZBERWPIkq?47ji>cB<ybIV&9#d%b6{;U0_4HOMyw
zMz*VJ@6x1v0g#q@oEJ1&nO3oB8oqDVuI8*xMbpfEL%)cVf+l^n!sao?<C^<b)P`(O
zaflkyDGq?kGr6Un*k1T7lCiTz#J@PBb6*BiS5G2-(`KG_HduCOa-Ux-@)DRsunHPB
ztrsU-0C-<$N#pjpuKL1w^;c+(PaZz9omBg|_w)qd)BT)N@M)E~#=o3`tZg}bxNlMp
MKdS?N0sSn~{146l!T<mO

literal 0
HcmV?d00001

diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/f9/0451c72ef61a7645293d17b47be7a8e983da57 b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/objects/f9/0451c72ef61a7645293d17b47be7a8e983da57
new file mode 100644
index 0000000000000000000000000000000000000000..c7627ad36ad982098110968c0689110e9f2100e3
GIT binary patch
literal 27
jcmb<m^geacKghr&<-}?IK#g-g=e>O&GBMbEV-p7eoVyCI

literal 0
HcmV?d00001

diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/good-sign b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/good-sign
new file mode 100644
index 000000000..4750a7643
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/good-sign
@@ -0,0 +1 @@
+f27c2b2b03dcab38beaf89b0ab4ff61f6de63441
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/good-sign-not-yet-validated b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/good-sign-not-yet-validated
new file mode 100644
index 000000000..f68025f5b
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/good-sign-not-yet-validated
@@ -0,0 +1 @@
+27566bd5738fc8b4e3fef3c5e72cce608537bd95
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/master b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/master
new file mode 100644
index 000000000..65f9a9f71
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/master
@@ -0,0 +1 @@
+69554a64c1e6030f051e5c3f94bfbd773cd6a324
diff --git a/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/not-signed b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/not-signed
new file mode 100644
index 000000000..65f9a9f71
--- /dev/null
+++ b/integrations/gitea-integration-meta/gitea-repositories/user2/repo16.git/refs/heads/not-signed
@@ -0,0 +1 @@
+69554a64c1e6030f051e5c3f94bfbd773cd6a324
diff --git a/models/error.go b/models/error.go
index 74551ad8f..2adb4b45e 100644
--- a/models/error.go
+++ b/models/error.go
@@ -4,9 +4,7 @@
 
 package models
 
-import (
-	"fmt"
-)
+import "fmt"
 
 // ErrNameReserved represents a "reserved name" error.
 type ErrNameReserved struct {
@@ -260,19 +258,19 @@ func (err ErrKeyNameAlreadyUsed) Error() string {
 	return fmt.Sprintf("public key already exists [owner_id: %d, name: %s]", err.OwnerID, err.Name)
 }
 
-// ErrGPGEmailNotFound represents a "ErrGPGEmailNotFound" kind of error.
-type ErrGPGEmailNotFound struct {
-	Email string
+// ErrGPGNoEmailFound represents a "ErrGPGNoEmailFound" kind of error.
+type ErrGPGNoEmailFound struct {
+	FailedEmails []string
 }
 
-// IsErrGPGEmailNotFound checks if an error is a ErrGPGEmailNotFound.
-func IsErrGPGEmailNotFound(err error) bool {
-	_, ok := err.(ErrGPGEmailNotFound)
+// IsErrGPGNoEmailFound checks if an error is a ErrGPGNoEmailFound.
+func IsErrGPGNoEmailFound(err error) bool {
+	_, ok := err.(ErrGPGNoEmailFound)
 	return ok
 }
 
-func (err ErrGPGEmailNotFound) Error() string {
-	return fmt.Sprintf("failed to found email or is not confirmed : %s", err.Email)
+func (err ErrGPGNoEmailFound) Error() string {
+	return fmt.Sprintf("none of the emails attached to the GPG key could be found: %v", err.FailedEmails)
 }
 
 // ErrGPGKeyParsing represents a "ErrGPGKeyParsing" kind of error.
diff --git a/models/fixtures/repository.yml b/models/fixtures/repository.yml
index b10b85cf2..b8f607b2a 100644
--- a/models/fixtures/repository.yml
+++ b/models/fixtures/repository.yml
@@ -176,3 +176,15 @@
   lower_name: repo15
   name: repo15
   is_bare: true
+
+-
+  id: 16
+  owner_id: 2
+  lower_name: repo16
+  name: repo16
+  is_private: true
+  num_issues: 0
+  num_closed_issues: 0
+  num_pulls: 0
+  num_closed_pulls: 0
+  num_watches: 0
diff --git a/models/fixtures/user.yml b/models/fixtures/user.yml
index b3e7864a6..abd72b116 100644
--- a/models/fixtures/user.yml
+++ b/models/fixtures/user.yml
@@ -26,7 +26,7 @@
   is_admin: false
   avatar: avatar2
   avatar_email: user2@example.com
-  num_repos: 3
+  num_repos: 4
   num_stars: 2
   num_followers: 2
   num_following: 1
diff --git a/models/gpg_key.go b/models/gpg_key.go
index 08573c1c7..0e9d80bb9 100644
--- a/models/gpg_key.go
+++ b/models/gpg_key.go
@@ -208,21 +208,27 @@ func parseGPGKey(ownerID int64, e *openpgp.Entity) (*GPGKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	emails := make([]*EmailAddress, len(e.Identities))
-	n := 0
+
+	emails := make([]*EmailAddress, 0, len(e.Identities))
 	for _, ident := range e.Identities {
 		email := strings.ToLower(strings.TrimSpace(ident.UserId.Email))
 		for _, e := range userEmails {
-			if e.Email == email && e.IsActivated {
-				emails[n] = e
+			if e.Email == email {
+				emails = append(emails, e)
 				break
 			}
 		}
-		if emails[n] == nil {
-			return nil, ErrGPGEmailNotFound{ident.UserId.Email}
+	}
+
+	//In the case no email as been found
+	if len(emails) == 0 {
+		failedEmails := make([]string, 0, len(e.Identities))
+		for _, ident := range e.Identities {
+			failedEmails = append(failedEmails, ident.UserId.Email)
 		}
-		n++
+		return nil, ErrGPGNoEmailFound{failedEmails}
 	}
+
 	content, err := base64EncPubKey(pubkey)
 	if err != nil {
 		return nil, err
@@ -376,8 +382,8 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification {
 		}
 
 		//Find Committer account
-		committer, err := GetUserByEmail(c.Committer.Email)
-		if err != nil { //Skipping not user for commiter
+		committer, err := GetUserByEmail(c.Committer.Email) //This find the user by primary email or activated email so commit will not be valid if email is not
+		if err != nil {                                     //Skipping not user for commiter
 			log.Error(3, "NoCommitterAccount: %v", err)
 			return &CommitVerification{
 				Verified: false,
@@ -395,6 +401,19 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification {
 		}
 
 		for _, k := range keys {
+			//Pre-check (& optimization) that emails attached to key can be attached to the commiter email and can validate
+			canValidate := false
+			lowerCommiterEmail := strings.ToLower(c.Committer.Email)
+			for _, e := range k.Emails {
+				if e.IsActivated && strings.ToLower(e.Email) == lowerCommiterEmail {
+					canValidate = true
+					break
+				}
+			}
+			if !canValidate {
+				continue //Skip this key
+			}
+
 			//Generating hash of commit
 			hash, err := populateHash(sig.Hash, []byte(c.Signature.Payload))
 			if err != nil { //Skipping ailed to generate hash
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 9931d9152..67d86f764 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -378,7 +378,7 @@ add_new_gpg_key = Add GPG Key
 ssh_key_been_used = This public key has already been used.
 ssh_key_name_used = A public key with same name already exists.
 gpg_key_id_used = A public GPG key with same id already exists.
-gpg_key_email_not_found = The email attached to the GPG key couldn't be found or is not confirmed yet: %s
+gpg_no_key_email_found = None of the emails attached to the GPG key could be found.
 subkeys = Subkeys
 key_id = Key ID
 key_name = Key Name
diff --git a/routers/user/setting.go b/routers/user/setting.go
index b94f7dfb7..2c951eaf5 100644
--- a/routers/user/setting.go
+++ b/routers/user/setting.go
@@ -378,9 +378,9 @@ func SettingsKeysPost(ctx *context.Context, form auth.AddKeyForm) {
 			case models.IsErrGPGKeyIDAlreadyUsed(err):
 				ctx.Data["Err_Content"] = true
 				ctx.RenderWithErr(ctx.Tr("settings.gpg_key_id_used"), tplSettingsKeys, &form)
-			case models.IsErrGPGEmailNotFound(err):
+			case models.IsErrGPGNoEmailFound(err):
 				ctx.Data["Err_Content"] = true
-				ctx.RenderWithErr(ctx.Tr("settings.gpg_key_email_not_found", err.(models.ErrGPGEmailNotFound).Email), tplSettingsKeys, &form)
+				ctx.RenderWithErr(ctx.Tr("settings.gpg_no_key_email_found"), tplSettingsKeys, &form)
 			default:
 				ctx.Handle(500, "AddPublicKey", err)
 			}