Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-11-21 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-23 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-17 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-09-29 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-08-30 | Replace rails_helper.rb with spec_helper.rb | Ash McKenzie | |
rails_helper.rb's only logic was to require spec_helper.rb. | |||
2019-06-17 | Fix GPG signature verification with recent versions of GnuPG | David Palubin | |
2018-12-05 | Gracefully handle unknown/invalid GPG keys | Stan Hu | |
An unknown public GPG key will result in a GPGME::Error thrown from gpg, which would cause an Error 500 on the signatures endpoint. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54729 | |||
2018-07-09 | Updates from `rubocop -a` | Lin Jen-Shin | |
2018-03-01 | Fetch commit signatures from Gitaly in batches | Ahmad Sherif | |
Closes gitaly#1046 | |||
2018-02-19 | Fix Error 500 when viewing a commit with a GPG signature in Geo | Stan Hu | |
Closes gitlab-org/gitlab-ee#4825 | |||
2018-01-18 | Retrieve commit signatures with Gitaly | Jacob Vosmaer (GitLab) | |
2017-10-06 | Add more specs. | Rubén Dávila | |
2017-10-05 | Add more specs to cover subkeys scenarios | Rubén Dávila | |
2017-09-05 | use new #verification_status | Alexis Reigel | |
2017-09-05 | add verification_status: same_user_different_email | Alexis Reigel | |
this is used to make a difference between a committer email that belongs to user, where the user used a different email for the gpg key. this means that the user is the same, but a different, unverified email is used for the signature. | |||
2017-09-05 | extract shared example | Alexis Reigel | |
2017-09-05 | match the committer's email against the gpg key | Alexis Reigel | |
the updated verification of a gpg signature requires the committer's email to also match the user's and the key's emails. | |||
2017-09-05 | pass whole commit to Gitlab::Gpg::Commit again | Alexis Reigel | |
we need the commit object for the updated verification that also checks the committer's email to match the gpg key and user's emails. | |||
2017-08-16 | Only create commit GPG signature when necessary | Douwe Maan | |
2017-07-27 | optimize query, only select relevant db columns | Alexis Reigel | |
2017-07-27 | store gpg user name and email on the signature | Alexis Reigel | |
2017-07-27 | also update gpg_signatures when gpg_key is null | Alexis Reigel | |
2017-07-27 | simplify fetching of commit | Alexis Reigel | |
2017-07-27 | extract variable | Alexis Reigel | |
2017-07-27 | need to wrap the raw commit in a commit model | Alexis Reigel | |
2017-07-27 | update invalid gpg signatures when email changes | Alexis Reigel | |
2017-07-27 | update invalid gpg signatures when key is created | Alexis Reigel | |
2017-07-27 | memoize verified_signature call | Alexis Reigel | |
2017-07-27 | store gpg_key_primary_keyid for unknown gpg keys | Alexis Reigel | |
we need to store the keyid to be able to update the signature later in case the missing key is added later. | |||
2017-07-27 | move signature cache read to Gpg::Commit | Alexis Reigel | |
as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. | |||
2017-07-27 | gpg signature is only valid when key is verified | Alexis Reigel | |
2017-07-27 | bail if the commit has no signature | Alexis Reigel | |
2017-07-27 | cache the gpg commit signature | Alexis Reigel | |
we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. |