Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-10-17 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-09-18 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-06-17 | Fix GPG signature verification with recent versions of GnuPG | David Palubin | |
2019-02-06 | Avoid race conditions when creating GpgSignature | Bob Van Landuyt | |
This avoids race conditions when creating GpgSignature. | |||
2018-12-05 | Gracefully handle unknown/invalid GPG keys | Stan Hu | |
An unknown public GPG key will result in a GPGME::Error thrown from gpg, which would cause an Error 500 on the signatures endpoint. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54729 | |||
2018-11-13 | Enable even more frozen string in lib/gitlab | gfyoung | |
Enables frozen string for the following: * lib/gitlab/fogbugz_import/**/*.rb * lib/gitlab/gfm/**/*.rb * lib/gitlab/git/**/*.rb * lib/gitlab/gitaly_client/**/*.rb * lib/gitlab/gitlab_import/**/*.rb * lib/gitlab/google_code_import/**/*.rb * lib/gitlab/gpg/**/*.rb * lib/gitlab/grape_logging/**/*.rb * lib/gitlab/graphql/**/*.rb * lib/gitlab/graphs/**/*.rb * lib/gitlab/hashed_storage/**/*.rb * lib/gitlab/health_checks/**/*.rb Partially address gitlab-org/gitlab-ce#47424. | |||
2018-09-11 | Disable existing offenses for the CodeReuse cops | Yorick Peterse | |
This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. | |||
2018-07-09 | Updates from `rubocop -a` | Lin Jen-Shin | |
2018-03-01 | Fetch commit signatures from Gitaly in batches | Ahmad Sherif | |
Closes gitaly#1046 | |||
2018-02-19 | Fix Error 500 when viewing a commit with a GPG signature in Geo | Stan Hu | |
Closes gitlab-org/gitlab-ee#4825 | |||
2018-01-18 | Retrieve commit signatures with Gitaly | Jacob Vosmaer (GitLab) | |
2017-10-07 | Fix error with GPG signature updater when commit was deleted | Rubén Dávila | |
2017-10-05 | Address some feedback from last code review | Rubén Dávila | |
2017-10-05 | Address feedback from last code review | Rubén Dávila | |
2017-10-05 | Consider GPG subkeys when trying to update invalid GPG signatures | Rubén Dávila | |
2017-10-05 | Associate GgpSignature with GpgKeySubkey if comes from a subkey | Rubén Dávila | |
Additionally we're delegating missing method calls on GpgKeySubkey to GpgKey since most of the info required when verifying a signature is found on GpgKey which is the parent of GpgKeySubkey | |||
2017-10-05 | Add ability to include subkeys when finding by fingerprint | Rubén Dávila | |
2017-09-05 | drop backwards compatibility for valid_signature | Alexis Reigel | |
2017-09-05 | use new #verification_status | Alexis Reigel | |
2017-09-05 | only use symbols instead of enum hash accessor | Alexis Reigel | |
2017-09-05 | simplify if/else with guards | Alexis Reigel | |
2017-09-05 | add verification_status: same_user_different_email | Alexis Reigel | |
this is used to make a difference between a committer email that belongs to user, where the user used a different email for the gpg key. this means that the user is the same, but a different, unverified email is used for the signature. | |||
2017-09-05 | match the committer's email against the gpg key | Alexis Reigel | |
the updated verification of a gpg signature requires the committer's email to also match the user's and the key's emails. | |||
2017-09-05 | pass whole commit to Gitlab::Gpg::Commit again | Alexis Reigel | |
we need the commit object for the updated verification that also checks the committer's email to match the gpg key and user's emails. | |||
2017-08-16 | Only create commit GPG signature when necessary | Douwe Maan | |
2017-07-27 | optimize query, only select relevant db columns | Alexis Reigel | |
2017-07-27 | store gpg user name and email on the signature | Alexis Reigel | |
2017-07-27 | also update gpg_signatures when gpg_key is null | Alexis Reigel | |
2017-07-27 | remove duplicate statement | Alexis Reigel | |
2017-07-27 | simplify fetching of commit | Alexis Reigel | |
2017-07-27 | fix memoization | Alexis Reigel | |
2017-07-27 | we need to update the gpg_key as well | Alexis Reigel | |
2017-07-27 | need to wrap the raw commit in a commit model | Alexis Reigel | |
2017-07-27 | no need for passing parameter | Alexis Reigel | |
we introduced memoizing, so it's safe to call the method multiple times. | |||
2017-07-27 | update invalid gpg signatures when key is created | Alexis Reigel | |
2017-07-27 | allow updating of gpg signature through gpg commit | Alexis Reigel | |
2017-07-27 | memoize verified_signature call | Alexis Reigel | |
2017-07-27 | store gpg_key_primary_keyid for unknown gpg keys | Alexis Reigel | |
we need to store the keyid to be able to update the signature later in case the missing key is added later. | |||
2017-07-27 | move signature cache read to Gpg::Commit | Alexis Reigel | |
as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. | |||
2017-07-27 | gpg signature is only valid when key is verified | Alexis Reigel | |
2017-07-27 | bail if the commit has no signature | Alexis Reigel | |
2017-07-27 | cache the gpg commit signature | Alexis Reigel | |
we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. |