6d6df5b256
Add latest changes from gitlab-org/gitlab@master
2025-05-22 21:07:49 +00:00
41b9792e65
Add latest changes from gitlab-org/gitlab@master
2025-04-11 15:09:56 +00:00
bbc7c5d1d9
Add latest changes from gitlab-org/gitlab@master
2024-11-07 15:20:35 +00:00
2b2299ea5f
Add latest changes from gitlab-org/gitlab@master
2023-07-05 18:09:16 +00:00
e3a138e3b9
Add latest changes from gitlab-org/gitlab@master
2022-07-11 21:08:18 +00:00
5d0c43f60d
Add latest changes from gitlab-org/gitlab@master
2022-01-13 09:15:32 +00:00
b0891151f1
Add latest changes from gitlab-org/gitlab@master
2021-12-13 12:12:59 +00:00
6fd750c192
Add latest changes from gitlab-org/gitlab@master
2021-11-10 18:12:35 +00:00
1930898566
Add latest changes from gitlab-org/gitlab@master
2021-08-02 09:10:09 +00:00
f4d51a9f71
Add latest changes from gitlab-org/gitlab@master
2021-07-29 15:09:48 +00:00
6168721025
Add latest changes from gitlab-org/gitlab@master
2020-02-07 00:09:12 +00:00
6b833f1e03
Add latest changes from gitlab-org/gitlab@master
2020-02-04 15:08:40 +00:00
e4ea43b2b8
Add latest changes from gitlab-org/gitlab@master
2020-01-27 21:08:47 +00:00
6b75320f52
Add latest changes from gitlab-org/gitlab@master
2019-10-17 12:07:33 +00:00
80f61b4035
Add latest changes from gitlab-org/gitlab@master
2019-09-18 14:02:45 +00:00
bab76f7637
Fix GPG signature verification with recent versions of GnuPG
2019-06-17 13:33:39 +00:00
c982edfa19
Avoid race conditions when creating GpgSignature
...
This avoids race conditions when creating GpgSignature.
2019-02-06 15:24:46 +01:00
184240e86a
Gracefully handle unknown/invalid GPG keys
...
An unknown public GPG key will result in a GPGME::Error thrown from gpg,
which would cause an Error 500 on the signatures endpoint.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54729
2018-12-05 10:55:30 -08:00
ebf98f27c4
Enable even more frozen string in lib/gitlab
...
Enables frozen string for the following:
* lib/gitlab/fogbugz_import/**/*.rb
* lib/gitlab/gfm/**/*.rb
* lib/gitlab/git/**/*.rb
* lib/gitlab/gitaly_client/**/*.rb
* lib/gitlab/gitlab_import/**/*.rb
* lib/gitlab/google_code_import/**/*.rb
* lib/gitlab/gpg/**/*.rb
* lib/gitlab/grape_logging/**/*.rb
* lib/gitlab/graphql/**/*.rb
* lib/gitlab/graphs/**/*.rb
* lib/gitlab/hashed_storage/**/*.rb
* lib/gitlab/health_checks/**/*.rb
Partially address gitlab-org/gitlab-ce#47424 .
2018-11-13 11:42:15 -08:00
2039c8280d
Disable existing offenses for the CodeReuse cops
...
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
2018-09-11 17:32:00 +02:00
4ee08b77bc
Updates from `rubocop -a`
2018-07-09 21:13:08 +08:00
03f3350f3f
Fetch commit signatures from Gitaly in batches
...
Closes gitaly#1046
2018-03-01 18:31:31 +01:00
fdad576838
Fix Error 500 when viewing a commit with a GPG signature in Geo
...
Closes gitlab-org/gitlab-ee#4825
2018-02-19 00:22:13 -08:00
4d87f3bb37
Retrieve commit signatures with Gitaly
2018-01-18 14:10:17 +00:00
4aa2deb478
Fix error with GPG signature updater when commit was deleted
2017-10-07 10:47:53 -05:00
2577cc9981
Address some feedback from last code review
2017-10-05 08:26:02 -05:00
c50725fecf
Address feedback from last code review
2017-10-05 08:25:27 -05:00
c2c35ae797
Consider GPG subkeys when trying to update invalid GPG signatures
2017-10-05 08:25:27 -05:00
9b4990a4d7
Associate GgpSignature with GpgKeySubkey if comes from a subkey
...
Additionally we're delegating missing method calls on GpgKeySubkey to
GpgKey since most of the info required when verifying a signature is
found on GpgKey which is the parent of GpgKeySubkey
2017-10-05 08:25:27 -05:00
a41e7e0105
Add ability to include subkeys when finding by fingerprint
2017-10-05 08:25:27 -05:00
b62c1620ea
drop backwards compatibility for valid_signature
2017-09-05 12:18:33 +02:00
978252a3fa
use new #verification_status
2017-09-05 12:18:33 +02:00
d6c58a51e5
only use symbols instead of enum hash accessor
2017-09-05 12:18:32 +02:00
7ad7222a5f
simplify if/else with guards
2017-09-05 12:18:32 +02:00
00392d929b
add verification_status: same_user_different_email
...
this is used to make a difference between a committer email that belongs
to user, where the user used a different email for the gpg key. this
means that the user is the same, but a different, unverified email is
used for the signature.
2017-09-05 12:18:32 +02:00
64855c8e30
match the committer's email against the gpg key
...
the updated verification of a gpg signature requires the committer's
email to also match the user's and the key's emails.
2017-09-05 12:18:31 +02:00
508ff17b34
pass whole commit to Gitlab::Gpg::Commit again
...
we need the commit object for the updated verification that also checks
the committer's email to match the gpg key and user's emails.
2017-09-05 12:18:31 +02:00
ba7251fefd
Only create commit GPG signature when necessary
2017-08-16 18:57:50 +02:00
9488b7780e
optimize query, only select relevant db columns
2017-07-27 15:46:04 +02:00
cd01e82873
store gpg user name and email on the signature
2017-07-27 15:44:39 +02:00
b66e3726dc
also update gpg_signatures when gpg_key is null
2017-07-27 15:43:37 +02:00
7f03282f0f
remove duplicate statement
2017-07-27 15:43:37 +02:00
a7d2ebe508
simplify fetching of commit
2017-07-27 15:43:37 +02:00
4f7ba8f286
fix memoization
2017-07-27 15:43:37 +02:00
ee7468e786
we need to update the gpg_key as well
2017-07-27 15:43:36 +02:00
028ecb081b
need to wrap the raw commit in a commit model
2017-07-27 15:42:53 +02:00
d7f4264368
no need for passing parameter
...
we introduced memoizing, so it's safe to call the method multiple times.
2017-07-27 15:42:53 +02:00
24671cd601
update invalid gpg signatures when key is created
2017-07-27 15:42:53 +02:00
d48eb77a96
allow updating of gpg signature through gpg commit
2017-07-27 15:42:53 +02:00
502e31bec9
memoize verified_signature call
2017-07-27 15:42:53 +02:00
GitLab Bot
David Palubin
Bob Van Landuyt
Stan Hu
gfyoung
Yorick Peterse
Lin Jen-Shin
Ahmad Sherif
Jacob Vosmaer (GitLab)
Rubén Dávila
Alexis Reigel
Douwe Maan