diff options
author | Alexis Reigel <mail@koffeinfrei.org> | 2017-06-13 14:26:42 +0200 |
---|---|---|
committer | Alexis Reigel <mail@koffeinfrei.org> | 2017-07-27 15:42:53 +0200 |
commit | 2f956fae0399f6f2eb370ed186c7bb4a9486178b (patch) | |
tree | 17586eca89b12af582e25a7b645deff0d25c8572 /app/models/commit.rb | |
parent | 3c42d730986222d891c9b7985edf3942021afcef (diff) | |
download | gitlab-ce-2f956fae0399f6f2eb370ed186c7bb4a9486178b.tar.gz |
verify gpg commit using tmp keyring and db query
Diffstat (limited to 'app/models/commit.rb')
-rw-r--r-- | app/models/commit.rb | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/app/models/commit.rb b/app/models/commit.rb index 9c8edbb097d..a6a11a2d3a5 100644 --- a/app/models/commit.rb +++ b/app/models/commit.rb @@ -240,7 +240,22 @@ class Commit @signature = nil signature, signed_text = @raw.signature(project.repository) - if signature && signed_text + + return unless signature && signed_text + + Gitlab::Gpg.using_tmp_keychain do + # first we need to get the keyid from the signature... + GPGME::Crypto.new.verify(signature, signed_text: signed_text) do |verified_signature| + @signature = verified_signature + end + + # ... then we query the gpg key belonging to the keyid. + gpg_key = GpgKey.find_by(primary_keyid: @signature.fingerprint) + + return @signature unless gpg_key + + Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key) + GPGME::Crypto.new.verify(signature, signed_text: signed_text) do |verified_signature| @signature = verified_signature end |