diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-07-31 10:50:10 +0200 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-07-31 10:50:10 +0200 |
commit | 8f1274ae0350590a8a0d8f16558d24a9514b78c1 (patch) | |
tree | 514a6628a0a45dac10608b408cf3f011c893431b /lib/gitlab/gpg/commit.rb | |
parent | 79a7f7b6e59fa1225c440547796331caedabeaab (diff) | |
parent | 9a3b283402b8cc1c86802c526f19a459ce09c2e3 (diff) | |
download | gitlab-ce-8f1274ae0350590a8a0d8f16558d24a9514b78c1.tar.gz |
Merge commit '9a3b283402b8cc1c86802c526f19a459ce09c2e3' into backstage/gb/migrate-stages-statuses
* commit '9a3b283402b8cc1c86802c526f19a459ce09c2e3': (270 commits)
Add a note about EFS and GitLab log files
Projects logo are not centered vertically on projects page
Fix spec/features/projects/branches_spec
Fixup POST /v3/:id/hooks and PUT /v3/:id/hooks/:hook_id
Fix a spec that was assuming to be on the wrong page
Add copy about search terms to ux guide
Update documentation of user creation by replacing the 'confirm' param with 'skip_confirmation'
Fix replying to commit comments on MRs from forks
Fix 500 error when rendering avatar for deleted project creator
Load and process at most 100 commits when pushing into default branch
Ensure Gitlab::Application.routes.default_url_options are set correctly in Capybara + :js specs
Add log messages to clarify log messages about API CSRF token verification failure
Update gitlab_flow.md, Teatro seems to be completely dead, see also https://forum.gitlab.com/t/gitlab-flow-documentation-teatro/7774
Fix diff commenting results just after changing view
Update CHANGELOG.md for 9.4.2
none is not a CSS Value for sizes ;-)
Merge issuable "reopened" state into "opened"
Make access level more compatible with EE
Add link to JIRA article in docs
Expand pipeline_trigger_service_spec by godfat request
...
Diffstat (limited to 'lib/gitlab/gpg/commit.rb')
-rw-r--r-- | lib/gitlab/gpg/commit.rb | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/lib/gitlab/gpg/commit.rb b/lib/gitlab/gpg/commit.rb new file mode 100644 index 00000000000..55428b85207 --- /dev/null +++ b/lib/gitlab/gpg/commit.rb @@ -0,0 +1,85 @@ +module Gitlab + module Gpg + class Commit + attr_reader :commit + + def initialize(commit) + @commit = commit + + @signature_text, @signed_text = commit.raw.signature(commit.project.repository) + end + + def has_signature? + !!(@signature_text && @signed_text) + end + + def signature + return unless has_signature? + + cached_signature = GpgSignature.find_by(commit_sha: commit.sha) + return cached_signature if cached_signature.present? + + using_keychain do |gpg_key| + create_cached_signature!(gpg_key) + end + end + + def update_signature!(cached_signature) + using_keychain do |gpg_key| + cached_signature.update_attributes!(attributes(gpg_key)) + end + end + + private + + def using_keychain + Gitlab::Gpg.using_tmp_keychain do + # first we need to get the keyid from the signature to query the gpg + # key belonging to the keyid. + # This way we can add the key to the temporary keychain and extract + # the proper signature. + gpg_key = GpgKey.find_by(primary_keyid: verified_signature.fingerprint) + + if gpg_key + Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key) + @verified_signature = nil + end + + yield gpg_key + end + end + + def verified_signature + @verified_signature ||= GPGME::Crypto.new.verify(@signature_text, signed_text: @signed_text) do |verified_signature| + break verified_signature + end + end + + def create_cached_signature!(gpg_key) + GpgSignature.create!(attributes(gpg_key)) + end + + def attributes(gpg_key) + user_infos = user_infos(gpg_key) + + { + commit_sha: commit.sha, + project: commit.project, + gpg_key: gpg_key, + gpg_key_primary_keyid: gpg_key&.primary_keyid || verified_signature.fingerprint, + gpg_key_user_name: user_infos[:name], + gpg_key_user_email: user_infos[:email], + valid_signature: gpg_signature_valid_signature_value(gpg_key) + } + end + + def gpg_signature_valid_signature_value(gpg_key) + !!(gpg_key && gpg_key.verified? && verified_signature.valid?) + end + + def user_infos(gpg_key) + gpg_key&.verified_user_infos&.first || gpg_key&.user_infos&.first || {} + end + end + end +end |