Jacob Vosmaer (GitLab)
4d87f3bb37
Retrieve commit signatures with Gitaly
2018-01-18 14:10:17 +00:00
Rubén Dávila
555f50b3e6
Add more specs.
2017-10-05 22:43:44 -05:00
Rubén Dávila
866ef2bb2e
Add more specs to cover subkeys scenarios
2017-10-05 08:25:27 -05:00
Alexis Reigel
978252a3fa
use new #verification_status
2017-09-05 12:18:33 +02:00
Alexis Reigel
00392d929b
add verification_status: same_user_different_email
...
this is used to make a difference between a committer email that belongs
to user, where the user used a different email for the gpg key. this
means that the user is the same, but a different, unverified email is
used for the signature.
2017-09-05 12:18:32 +02:00
Alexis Reigel
c5e0bd56fb
extract shared example
2017-09-05 12:18:31 +02:00
Alexis Reigel
64855c8e30
match the committer's email against the gpg key
...
the updated verification of a gpg signature requires the committer's
email to also match the user's and the key's emails.
2017-09-05 12:18:31 +02:00
Alexis Reigel
508ff17b34
pass whole commit to Gitlab::Gpg::Commit again
...
we need the commit object for the updated verification that also checks
the committer's email to match the gpg key and user's emails.
2017-09-05 12:18:31 +02:00
Douwe Maan
ba7251fefd
Only create commit GPG signature when necessary
2017-08-16 18:57:50 +02:00
Alexis Reigel
9488b7780e
optimize query, only select relevant db columns
2017-07-27 15:46:04 +02:00
Alexis Reigel
cd01e82873
store gpg user name and email on the signature
2017-07-27 15:44:39 +02:00
Alexis Reigel
b66e3726dc
also update gpg_signatures when gpg_key is null
2017-07-27 15:43:37 +02:00
Alexis Reigel
a7d2ebe508
simplify fetching of commit
2017-07-27 15:43:37 +02:00
Alexis Reigel
afd7582af6
extract variable
2017-07-27 15:43:36 +02:00
Alexis Reigel
028ecb081b
need to wrap the raw commit in a commit model
2017-07-27 15:42:53 +02:00
Alexis Reigel
e75ab06430
update invalid gpg signatures when email changes
2017-07-27 15:42:53 +02:00
Alexis Reigel
24671cd601
update invalid gpg signatures when key is created
2017-07-27 15:42:53 +02:00
Alexis Reigel
502e31bec9
memoize verified_signature call
2017-07-27 15:42:53 +02:00
Alexis Reigel
5d5fd4babe
store gpg_key_primary_keyid for unknown gpg keys
...
we need to store the keyid to be able to update the signature later in
case the missing key is added later.
2017-07-27 15:42:53 +02:00
Alexis Reigel
34810acd6c
move signature cache read to Gpg::Commit
...
as we write the cache in the gpg commit class already the read should
also happen there.
This also removes all logic from the main commit class, which just
proxies the call to the Gpg::Commit now.
2017-07-27 15:42:53 +02:00
Alexis Reigel
7b616d39ef
gpg signature is only valid when key is verified
2017-07-27 15:42:53 +02:00
Alexis Reigel
8c4b6a32fc
bail if the commit has no signature
2017-07-27 15:42:53 +02:00
Alexis Reigel
69e511c4c2
cache the gpg commit signature
...
we store the result of the gpg commit verification in the db because the
gpg verification is an expensive operation.
2017-07-27 15:42:53 +02:00