diff --git a/app/models/gpg_signature.rb b/app/models/gpg_signature.rb index d3cca19cea86fdb04a78b04f41960e2fb1632286..e783c3b24e4b6fa05c3c080c58480d6feb1b9b68 100644 --- a/app/models/gpg_signature.rb +++ b/app/models/gpg_signature.rb @@ -23,8 +23,13 @@ class GpgSignature < ActiveRecord::Base def gpg_key=(model) case model - when GpgKey then super - when GpgKeySubkey then self.gpg_key_subkey = model + when GpgKey + super + when GpgKeySubkey + self.gpg_key_subkey = model + when NilClass + super + self.gpg_key_subkey = nil end end diff --git a/changelogs/unreleased/36829-add-ability-to-verify-gpg-subkeys b/changelogs/unreleased/36829-add-ability-to-verify-gpg-subkeys.yml similarity index 100% rename from changelogs/unreleased/36829-add-ability-to-verify-gpg-subkeys rename to changelogs/unreleased/36829-add-ability-to-verify-gpg-subkeys.yml diff --git a/db/migrate/20170927161718_create_gpg_key_subkeys.rb b/db/migrate/20170927161718_create_gpg_key_subkeys.rb index ffe06ce12310be11f4126a2a5728ec73f9322f70..c03c40416a8f236a885ebbb6f776509441458ea3 100644 --- a/db/migrate/20170927161718_create_gpg_key_subkeys.rb +++ b/db/migrate/20170927161718_create_gpg_key_subkeys.rb @@ -3,11 +3,11 @@ class CreateGpgKeySubkeys < ActiveRecord::Migration def up create_table :gpg_key_subkeys do |t| + t.references :gpg_key, null: false, index: true, foreign_key: { on_delete: :cascade } + t.binary :keyid t.binary :fingerprint - t.references :gpg_key, null: false, index: true, foreign_key: { on_delete: :cascade } - t.index :keyid, unique: true, length: Gitlab::Database.mysql? ? 20 : nil t.index :fingerprint, unique: true, length: Gitlab::Database.mysql? ? 20 : nil end diff --git a/db/post_migrate/20171002161539_create_gpg_key_subkeys_for_existing_gpg_keys.rb b/db/post_migrate/20171002161539_create_gpg_key_subkeys_for_existing_gpg_keys.rb index 355fbfbbeded40cfe623c73be003aa38b5ab0134..346dfb1a4b6e7d03d53f5607ab95174b04795197 100644 --- a/db/post_migrate/20171002161539_create_gpg_key_subkeys_for_existing_gpg_keys.rb +++ b/db/post_migrate/20171002161539_create_gpg_key_subkeys_for_existing_gpg_keys.rb @@ -28,8 +28,10 @@ class CreateGpgKeySubkeysForExistingGpgKeys < ActiveRecord::Migration end def up - GpgKey.each_batch do |batch| + GpgKey.with_subkeys.each_batch do |batch| batch.each do |gpg_key| + return if gpg_key.subkeys.any? + create_subkeys(gpg_key) && update_signatures(gpg_key) end end diff --git a/db/schema.rb b/db/schema.rb index b9de70b742afa4ecc248bf07a5880398319f62f7..3bcfbcc3fd1edbfa9533e8c4392ae1f245053e14 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -580,9 +580,9 @@ ActiveRecord::Schema.define(version: 20171004121444) do add_index "forked_project_links", ["forked_to_project_id"], name: "index_forked_project_links_on_forked_to_project_id", unique: true, using: :btree create_table "gpg_key_subkeys", force: :cascade do |t| + t.integer "gpg_key_id", null: false t.binary "keyid" t.binary "fingerprint" - t.integer "gpg_key_id", null: false end add_index "gpg_key_subkeys", ["fingerprint"], name: "index_gpg_key_subkeys_on_fingerprint", unique: true, using: :btree diff --git a/lib/gitlab/gpg/commit.rb b/lib/gitlab/gpg/commit.rb index 961c57ec0e68fe3c998a11d24d37d503fd45c049..0f4ba6f83fc0428d688a172ffd9edf094eb8c0d7 100644 --- a/lib/gitlab/gpg/commit.rb +++ b/lib/gitlab/gpg/commit.rb @@ -43,6 +43,8 @@ module Gitlab # key belonging to the keyid. # This way we can add the key to the temporary keychain and extract # the proper signature. + # NOTE: the invoked method is #fingerprint but it's only returning + # 16 characters (the format used by keyid) instead of 40. gpg_key = find_gpg_key(verified_signature.fingerprint) if gpg_key