kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
77,630 Commits 1 Branch 0 Tags 899 MiB
Commit Graph

25 Commits

Author SHA1 Message Date
Ahmad Sherif 03f3350f3f Fetch commit signatures from Gitaly in batches 
Closes gitaly#1046
 2018-03-01 18:31:31 +01:00
Stan Hu fdad576838 Fix Error 500 when viewing a commit with a GPG signature in Geo 
Closes gitlab-org/gitlab-ee#4825
 2018-02-19 00:22:13 -08:00
Jacob Vosmaer (GitLab) 4d87f3bb37 Retrieve commit signatures with Gitaly 2018-01-18 14:10:17 +00:00
Rubén Dávila 555f50b3e6 Add more specs. 2017-10-05 22:43:44 -05:00
Rubén Dávila 866ef2bb2e Add more specs to cover subkeys scenarios 2017-10-05 08:25:27 -05:00
Alexis Reigel 978252a3fa use new #verification_status 2017-09-05 12:18:33 +02:00
Alexis Reigel 00392d929b add verification_status: same_user_different_email 
this is used to make a difference between a committer email that belongs
to user, where the user used a different email for the gpg key. this
means that the user is the same, but a different, unverified email is
used for the signature.
 2017-09-05 12:18:32 +02:00
Alexis Reigel c5e0bd56fb extract shared example 2017-09-05 12:18:31 +02:00
Alexis Reigel 64855c8e30 match the committer's email against the gpg key 
the updated verification of a gpg signature requires the committer's
email to also match the user's and the key's emails.
 2017-09-05 12:18:31 +02:00
Alexis Reigel 508ff17b34 pass whole commit to Gitlab::Gpg::Commit again 
we need the commit object for the updated verification that also checks
the committer's email to match the gpg key and user's emails.
 2017-09-05 12:18:31 +02:00
Douwe Maan ba7251fefd Only create commit GPG signature when necessary 2017-08-16 18:57:50 +02:00
Alexis Reigel 9488b7780e optimize query, only select relevant db columns 2017-07-27 15:46:04 +02:00
Alexis Reigel cd01e82873 store gpg user name and email on the signature 2017-07-27 15:44:39 +02:00
Alexis Reigel b66e3726dc also update gpg_signatures when gpg_key is null 2017-07-27 15:43:37 +02:00
Alexis Reigel a7d2ebe508 simplify fetching of commit 2017-07-27 15:43:37 +02:00
Alexis Reigel afd7582af6 extract variable 2017-07-27 15:43:36 +02:00
Alexis Reigel 028ecb081b need to wrap the raw commit in a commit model 2017-07-27 15:42:53 +02:00
Alexis Reigel e75ab06430 update invalid gpg signatures when email changes 2017-07-27 15:42:53 +02:00
Alexis Reigel 24671cd601 update invalid gpg signatures when key is created 2017-07-27 15:42:53 +02:00
Alexis Reigel 502e31bec9 memoize verified_signature call 2017-07-27 15:42:53 +02:00
Alexis Reigel 5d5fd4babe store gpg_key_primary_keyid for unknown gpg keys 
we need to store the keyid to be able to update the signature later in
case the missing key is added later.
 2017-07-27 15:42:53 +02:00
Alexis Reigel 34810acd6c move signature cache read to Gpg::Commit 
as we write the cache in the gpg commit class already the read should
also happen there.

This also removes all logic from the main commit class, which just
proxies the call to the Gpg::Commit now.
 2017-07-27 15:42:53 +02:00
Alexis Reigel 7b616d39ef gpg signature is only valid when key is verified 2017-07-27 15:42:53 +02:00
Alexis Reigel 8c4b6a32fc bail if the commit has no signature 2017-07-27 15:42:53 +02:00
Alexis Reigel 69e511c4c2 cache the gpg commit signature 
we store the result of the gpg commit verification in the db because the
gpg verification is an expensive operation.
 2017-07-27 15:42:53 +02:00