c5e0bd56fb
extract shared example
2017-09-05 12:18:31 +02:00
64855c8e30
match the committer's email against the gpg key
...
the updated verification of a gpg signature requires the committer's
email to also match the user's and the key's emails.
2017-09-05 12:18:31 +02:00
ba7251fefd
Only create commit GPG signature when necessary
2017-08-16 18:57:50 +02:00
cd01e82873
store gpg user name and email on the signature
2017-07-27 15:44:39 +02:00
afd7582af6
extract variable
2017-07-27 15:43:36 +02:00
502e31bec9
memoize verified_signature call
2017-07-27 15:42:53 +02:00
5d5fd4babe
store gpg_key_primary_keyid for unknown gpg keys
...
we need to store the keyid to be able to update the signature later in
case the missing key is added later.
2017-07-27 15:42:53 +02:00
34810acd6c
move signature cache read to Gpg::Commit
...
as we write the cache in the gpg commit class already the read should
also happen there.
This also removes all logic from the main commit class, which just
proxies the call to the Gpg::Commit now.
2017-07-27 15:42:53 +02:00
7b616d39ef
gpg signature is only valid when key is verified
2017-07-27 15:42:53 +02:00
8c4b6a32fc
bail if the commit has no signature
2017-07-27 15:42:53 +02:00
69e511c4c2
cache the gpg commit signature
...
we store the result of the gpg commit verification in the db because the
gpg verification is an expensive operation.
2017-07-27 15:42:53 +02:00
Alexis Reigel
Douwe Maan