Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
2f956fae
Commit
2f956fae
authored
Jun 13, 2017
by
Alexis Reigel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
verify gpg commit using tmp keyring and db query
parent
3c42d730
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
43 additions
and
3 deletions
+43
-3
app/models/commit.rb
app/models/commit.rb
+16
-1
lib/gitlab/gpg.rb
lib/gitlab/gpg.rb
+8
-0
spec/lib/gitlab/gpg_spec.rb
spec/lib/gitlab/gpg_spec.rb
+17
-0
spec/models/commit_spec.rb
spec/models/commit_spec.rb
+2
-2
No files found.
app/models/commit.rb
View file @
2f956fae
...
@@ -240,7 +240,22 @@ class Commit
...
@@ -240,7 +240,22 @@ class Commit
@signature
=
nil
@signature
=
nil
signature
,
signed_text
=
@raw
.
signature
(
project
.
repository
)
signature
,
signed_text
=
@raw
.
signature
(
project
.
repository
)
if
signature
&&
signed_text
return
unless
signature
&&
signed_text
Gitlab
::
Gpg
.
using_tmp_keychain
do
# first we need to get the keyid from the signature...
GPGME
::
Crypto
.
new
.
verify
(
signature
,
signed_text:
signed_text
)
do
|
verified_signature
|
@signature
=
verified_signature
end
# ... then we query the gpg key belonging to the keyid.
gpg_key
=
GpgKey
.
find_by
(
primary_keyid:
@signature
.
fingerprint
)
return
@signature
unless
gpg_key
Gitlab
::
Gpg
::
CurrentKeyChain
.
add
(
gpg_key
.
key
)
GPGME
::
Crypto
.
new
.
verify
(
signature
,
signed_text:
signed_text
)
do
|
verified_signature
|
GPGME
::
Crypto
.
new
.
verify
(
signature
,
signed_text:
signed_text
)
do
|
verified_signature
|
@signature
=
verified_signature
@signature
=
verified_signature
end
end
...
...
lib/gitlab/gpg.rb
View file @
2f956fae
...
@@ -2,6 +2,14 @@ module Gitlab
...
@@ -2,6 +2,14 @@ module Gitlab
module
Gpg
module
Gpg
extend
self
extend
self
module
CurrentKeyChain
extend
self
def
add
(
key
)
GPGME
::
Key
.
import
(
key
)
end
end
def
fingerprints_from_key
(
key
)
def
fingerprints_from_key
(
key
)
using_tmp_keychain
do
using_tmp_keychain
do
import
=
GPGME
::
Key
.
import
(
key
)
import
=
GPGME
::
Key
.
import
(
key
)
...
...
spec/lib/gitlab/gpg_spec.rb
View file @
2f956fae
...
@@ -43,3 +43,20 @@ describe Gitlab::Gpg do
...
@@ -43,3 +43,20 @@ describe Gitlab::Gpg do
end
end
end
end
end
end
describe
Gitlab
::
Gpg
::
CurrentKeyChain
,
:gpg
do
describe
'.add'
,
:gpg
do
it
'stores the key in the keychain'
do
expect
(
GPGME
::
Key
.
find
(
:public
,
GpgHelpers
::
User1
.
fingerprint
)).
to
eq
[]
described_class
.
add
(
GpgHelpers
::
User1
.
public_key
)
keys
=
GPGME
::
Key
.
find
(
:public
,
GpgHelpers
::
User1
.
fingerprint
)
expect
(
keys
.
count
).
to
eq
1
expect
(
keys
.
first
).
to
have_attributes
(
email:
GpgHelpers
::
User1
.
emails
.
first
,
fingerprint:
GpgHelpers
::
User1
.
fingerprint
)
end
end
end
spec/models/commit_spec.rb
View file @
2f956fae
...
@@ -422,7 +422,7 @@ eos
...
@@ -422,7 +422,7 @@ eos
context
'signed commit'
,
:gpg
do
context
'signed commit'
,
:gpg
do
it
'returns a valid signature if the public key is known'
do
it
'returns a valid signature if the public key is known'
do
GPGME
::
Key
.
import
(
GpgHelpers
::
User1
.
public_key
)
create
:gpg_key
,
key:
GpgHelpers
::
User1
.
public_key
raw_commit
=
double
(
:raw_commit
,
signature:
[
raw_commit
=
double
(
:raw_commit
,
signature:
[
GpgHelpers
::
User1
.
signed_commit_signature
,
GpgHelpers
::
User1
.
signed_commit_signature
,
...
@@ -438,7 +438,7 @@ eos
...
@@ -438,7 +438,7 @@ eos
expect
(
commit
.
signature
.
valid?
).
to
be_truthy
expect
(
commit
.
signature
.
valid?
).
to
be_truthy
end
end
it
'returns an invalid signature if the public
commit
is unknown'
,
:gpg
do
it
'returns an invalid signature if the public
key
is unknown'
,
:gpg
do
raw_commit
=
double
(
:raw_commit
,
signature:
[
raw_commit
=
double
(
:raw_commit
,
signature:
[
GpgHelpers
::
User1
.
signed_commit_signature
,
GpgHelpers
::
User1
.
signed_commit_signature
,
GpgHelpers
::
User1
.
signed_commit_base_data
GpgHelpers
::
User1
.
signed_commit_base_data
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment