summaryrefslogtreecommitdiff
path: root/app/models/commit.rb
diff options
context:
space:
mode:
authorAlexis Reigel <mail@koffeinfrei.org>2017-06-13 14:26:42 +0200
committerAlexis Reigel <mail@koffeinfrei.org>2017-07-27 15:42:53 +0200
commit2f956fae0399f6f2eb370ed186c7bb4a9486178b (patch)
tree17586eca89b12af582e25a7b645deff0d25c8572 /app/models/commit.rb
parent3c42d730986222d891c9b7985edf3942021afcef (diff)
downloadgitlab-ce-2f956fae0399f6f2eb370ed186c7bb4a9486178b.tar.gz
verify gpg commit using tmp keyring and db query
Diffstat (limited to 'app/models/commit.rb')
-rw-r--r--app/models/commit.rb17
1 files changed, 16 insertions, 1 deletions
diff --git a/app/models/commit.rb b/app/models/commit.rb
index 9c8edbb097d..a6a11a2d3a5 100644
--- a/app/models/commit.rb
+++ b/app/models/commit.rb
@@ -240,7 +240,22 @@ class Commit
@signature = nil
signature, signed_text = @raw.signature(project.repository)
- if signature && signed_text
+
+ return unless signature && signed_text
+
+ Gitlab::Gpg.using_tmp_keychain do
+ # first we need to get the keyid from the signature...
+ GPGME::Crypto.new.verify(signature, signed_text: signed_text) do |verified_signature|
+ @signature = verified_signature
+ end
+
+ # ... then we query the gpg key belonging to the keyid.
+ gpg_key = GpgKey.find_by(primary_keyid: @signature.fingerprint)
+
+ return @signature unless gpg_key
+
+ Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key)
+
GPGME::Crypto.new.verify(signature, signed_text: signed_text) do |verified_signature|
@signature = verified_signature
end