Consider GPG subkeys when trying to update invalid GPG signatures

author: Rubén Dávila <ruben@gitlab.com> 2017-09-29 00:24:03 -0500
committer: Rubén Dávila <ruben@gitlab.com> 2017-10-05 08:25:27 -0500
commit: c2c35ae7971d19396078bdec6474fdd58f66000c (patch)
tree: 8ac7ab834eea62ba26e3d3daad61957b49d42f76 /lib/gitlab/gpg
parent: 59f813998237a3840fd019ef7c552e86f2753dff (diff)
download: gitlab-ce-c2c35ae7971d19396078bdec6474fdd58f66000c.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/gitlab/gpg/invalid_gpg_signature_updater.rb b/lib/gitlab/gpg/invalid_gpg_signature_updater.rb
index e085eab26c9..9bad914848d 100644
--- a/lib/gitlab/gpg/invalid_gpg_signature_updater.rb
+++ b/lib/gitlab/gpg/invalid_gpg_signature_updater.rb
@@ -3,13 +3,14 @@ module Gitlab
     class InvalidGpgSignatureUpdater
       def initialize(gpg_key)
         @gpg_key = gpg_key
+        @gpg_keyids = gpg_key.subkeys.map(&:keyid).push(gpg_key.primary_keyid)
       end
 
       def run
         GpgSignature
           .select(:id, :commit_sha, :project_id)
           .where('gpg_key_id IS NULL OR verification_status <> ?', GpgSignature.verification_statuses[:verified])
-          .where(gpg_key_primary_keyid: @gpg_key.primary_keyid)
+          .where(gpg_key_primary_keyid: @gpg_keyids)
           .find_each { |sig| sig.gpg_commit.update_signature!(sig) }
       end
     end
author	Rubén Dávila <ruben@gitlab.com>	2017-09-29 00:24:03 -0500
committer	Rubén Dávila <ruben@gitlab.com>	2017-10-05 08:25:27 -0500
commit	c2c35ae7971d19396078bdec6474fdd58f66000c (patch)
tree	8ac7ab834eea62ba26e3d3daad61957b49d42f76 /lib/gitlab/gpg
parent	59f813998237a3840fd019ef7c552e86f2753dff (diff)
download	gitlab-ce-c2c35ae7971d19396078bdec6474fdd58f66000c.tar.gz