kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
65592 commits 1 branch 0 tags 899 MiB
Commit graph

31 commits

Author SHA1 Message Date
Rubén Dávila
4aa2deb478 Fix error with GPG signature updater when commit was deleted 2017-10-07 10:47:53 -05:00
Rubén Dávila
2577cc9981 Address some feedback from last code review 2017-10-05 08:26:02 -05:00
Rubén Dávila
c50725fecf Address feedback from last code review 2017-10-05 08:25:27 -05:00
Rubén Dávila
c2c35ae797 Consider GPG subkeys when trying to update invalid GPG signatures 2017-10-05 08:25:27 -05:00
Rubén Dávila
9b4990a4d7 Associate GgpSignature with GpgKeySubkey if comes from a subkey 
Additionally we're delegating missing method calls on GpgKeySubkey to
GpgKey since most of the info required when verifying a signature is
found on GpgKey which is the parent of GpgKeySubkey
 2017-10-05 08:25:27 -05:00
Rubén Dávila
a41e7e0105 Add ability to include subkeys when finding by fingerprint 2017-10-05 08:25:27 -05:00
Alexis Reigel
b62c1620ea drop backwards compatibility for valid_signature 2017-09-05 12:18:33 +02:00
Alexis Reigel
978252a3fa use new #verification_status 2017-09-05 12:18:33 +02:00
Alexis Reigel
d6c58a51e5 only use symbols instead of enum hash accessor 2017-09-05 12:18:32 +02:00
Alexis Reigel
7ad7222a5f simplify if/else with guards 2017-09-05 12:18:32 +02:00
Alexis Reigel
00392d929b add verification_status: same_user_different_email 
this is used to make a difference between a committer email that belongs
to user, where the user used a different email for the gpg key. this
means that the user is the same, but a different, unverified email is
used for the signature.
 2017-09-05 12:18:32 +02:00
Alexis Reigel
64855c8e30 match the committer's email against the gpg key 
the updated verification of a gpg signature requires the committer's
email to also match the user's and the key's emails.
 2017-09-05 12:18:31 +02:00
Alexis Reigel
508ff17b34 pass whole commit to Gitlab::Gpg::Commit again 
we need the commit object for the updated verification that also checks
the committer's email to match the gpg key and user's emails.
 2017-09-05 12:18:31 +02:00
Douwe Maan
ba7251fefd Only create commit GPG signature when necessary 2017-08-16 18:57:50 +02:00
Alexis Reigel
9488b7780e optimize query, only select relevant db columns 2017-07-27 15:46:04 +02:00
Alexis Reigel
cd01e82873 store gpg user name and email on the signature 2017-07-27 15:44:39 +02:00
Alexis Reigel
b66e3726dc also update gpg_signatures when gpg_key is null 2017-07-27 15:43:37 +02:00
Alexis Reigel
7f03282f0f remove duplicate statement 2017-07-27 15:43:37 +02:00
Alexis Reigel
a7d2ebe508 simplify fetching of commit 2017-07-27 15:43:37 +02:00
Alexis Reigel
4f7ba8f286 fix memoization 2017-07-27 15:43:37 +02:00
Alexis Reigel
ee7468e786 we need to update the gpg_key as well 2017-07-27 15:43:36 +02:00
Alexis Reigel
028ecb081b need to wrap the raw commit in a commit model 2017-07-27 15:42:53 +02:00
Alexis Reigel
d7f4264368 no need for passing parameter 
we introduced memoizing, so it's safe to call the method multiple times.
 2017-07-27 15:42:53 +02:00
Alexis Reigel
24671cd601 update invalid gpg signatures when key is created 2017-07-27 15:42:53 +02:00
Alexis Reigel
d48eb77a96 allow updating of gpg signature through gpg commit 2017-07-27 15:42:53 +02:00
Alexis Reigel
502e31bec9 memoize verified_signature call 2017-07-27 15:42:53 +02:00
Alexis Reigel
5d5fd4babe store gpg_key_primary_keyid for unknown gpg keys 
we need to store the keyid to be able to update the signature later in
case the missing key is added later.
 2017-07-27 15:42:53 +02:00
Alexis Reigel
34810acd6c move signature cache read to Gpg::Commit 
as we write the cache in the gpg commit class already the read should
also happen there.

This also removes all logic from the main commit class, which just
proxies the call to the Gpg::Commit now.
 2017-07-27 15:42:53 +02:00
Alexis Reigel
7b616d39ef gpg signature is only valid when key is verified 2017-07-27 15:42:53 +02:00
Alexis Reigel
8c4b6a32fc bail if the commit has no signature 2017-07-27 15:42:53 +02:00
Alexis Reigel
69e511c4c2 cache the gpg commit signature 
we store the result of the gpg commit verification in the db because the
gpg verification is an expensive operation.
 2017-07-27 15:42:53 +02:00