verify gpg commit using tmp keyring and db query

author: Alexis Reigel <mail@koffeinfrei.org> 2017-06-13 15:26:42 +0300
committer: Alexis Reigel <mail@koffeinfrei.org> 2017-07-27 16:42:53 +0300
commit: 2f956fae0399f6f2eb370ed186c7bb4a9486178b (patch)
tree: 17586eca89b12af582e25a7b645deff0d25c8572 /app/models/commit.rb
parent: 3c42d730986222d891c9b7985edf3942021afcef (diff)
1 files changed, 16 insertions, 1 deletions
diff --git a/app/models/commit.rb b/app/models/commit.rb
index 9c8edbb097d..a6a11a2d3a5 100644
--- a/app/models/commit.rb
+++ b/app/models/commit.rb
@@ -240,7 +240,22 @@ class Commit
     @signature = nil
 
     signature, signed_text = @raw.signature(project.repository)
-    if signature && signed_text
+
+    return unless signature && signed_text
+
+    Gitlab::Gpg.using_tmp_keychain do
+      # first we need to get the keyid from the signature...
+      GPGME::Crypto.new.verify(signature, signed_text: signed_text) do |verified_signature|
+        @signature = verified_signature
+      end
+
+      # ... then we query the gpg key belonging to the keyid.
+      gpg_key = GpgKey.find_by(primary_keyid: @signature.fingerprint)
+
+      return @signature unless gpg_key
+
+      Gitlab::Gpg::CurrentKeyChain.add(gpg_key.key)
+
       GPGME::Crypto.new.verify(signature, signed_text: signed_text) do |verified_signature|
         @signature = verified_signature
       end
author	Alexis Reigel <mail@koffeinfrei.org>	2017-06-13 15:26:42 +0300
committer	Alexis Reigel <mail@koffeinfrei.org>	2017-07-27 16:42:53 +0300
commit	2f956fae0399f6f2eb370ed186c7bb4a9486178b (patch)
tree	17586eca89b12af582e25a7b645deff0d25c8572 /app/models/commit.rb
parent	3c42d730986222d891c9b7985edf3942021afcef (diff)