add primary keyid attribute to gpg keys

3c42d730 · Alexis Reigel · 7e13d967 · 3c42d730 · 3c42d730 · 3c42d730
8 changed file
--- a/app/models/gpg_key.rb
+++ b/app/models/gpg_key.rb
@@ -20,7 +20,14 @@ class GpgKey < ActiveRecord::Base
    # the error about the fingerprint
    unless: -> { errors.has_key?(:key) }

-  before_validation :extract_fingerprint
+  validates :primary_keyid,
+    presence: true,
+    uniqueness: true,
+    # only validate when the `key` is valid, as we don't want the user to show
+    # the error about the fingerprint
+    unless: -> { errors.has_key?(:key) }
+
+  before_validation :extract_fingerprint, :extract_primary_keyid
  after_create :notify_user

  def key=(value)
@@ -49,6 +56,12 @@ class GpgKey < ActiveRecord::Base
    self.fingerprint = Gitlab::Gpg.fingerprints_from_key(key).first
  end

+  def extract_primary_keyid
+    # we can assume that the result only contains one item as the validation
+    # only allows one key
+    self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first
+  end
+
  def notify_user
    run_after_commit { NotificationService.new.new_gpg_key(self) }
  end

--- a/db/migrate/20170613103429_add_primary_keyid_to_gpg_keys.rb
+++ b/db/migrate/20170613103429_add_primary_keyid_to_gpg_keys.rb
+class AddPrimaryKeyidToGpgKeys < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_column :gpg_keys, :primary_keyid, :string
+    add_concurrent_index :gpg_keys, :primary_keyid
+  end
+
+  def down
+    remove_concurrent_index :gpg_keys, :primary_keyid if index_exists?(:gpg_keys, :primary_keyid)
+    remove_column :gpg_keys, :primary_keyid, :string
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -546,8 +546,10 @@ ActiveRecord::Schema.define(version: 20170725145659) do
    t.integer "user_id"
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
+    t.string "primary_keyid"
  end

+  add_index "gpg_keys", ["primary_keyid"], name: "index_gpg_keys_on_primary_keyid", using: :btree
  add_index "gpg_keys", ["user_id"], name: "index_gpg_keys_on_user_id", using: :btree

  create_table "identities", force: :cascade do |t|

--- a/lib/gitlab/gpg.rb
+++ b/lib/gitlab/gpg.rb
@@ -12,6 +12,18 @@ module Gitlab
      end
    end

+    def primary_keyids_from_key(key)
+      using_tmp_keychain do
+        import = GPGME::Key.import(key)
+
+        return [] if import.imported == 0
+
+        fingerprints = import.imports.map(&:fingerprint)
+
+        GPGME::Key.find(:public, fingerprints).map { |raw_key| raw_key.primary_subkey.keyid }
+      end
+    end
+
    def emails_from_key(key)
      using_tmp_keychain do
        import = GPGME::Key.import(key)

--- a/spec/features/commits_spec.rb
+++ b/spec/features/commits_spec.rb
@@ -220,8 +220,8 @@ describe 'Commits' do
      Dir.mktmpdir do |dir|
        FileUtils.cd dir do
          `git clone --quiet #{remote_path} .`
-          `git commit --quiet -S#{GpgHelpers::User1.key_id} --allow-empty -m "signed commit, verified key/email"`
-          `git commit --quiet -S#{GpgHelpers::User2.key_id} --allow-empty -m "signed commit, unverified key/email"`
+          `git commit --quiet -S#{GpgHelpers::User1.primary_keyid} --allow-empty -m "signed commit, verified key/email"`
+          `git commit --quiet -S#{GpgHelpers::User2.primary_keyid} --allow-empty -m "signed commit, unverified key/email"`
          `git push --quiet`
        end
      end

--- a/spec/lib/gitlab/gpg_spec.rb
+++ b/spec/lib/gitlab/gpg_spec.rb
@@ -15,6 +15,20 @@ describe Gitlab::Gpg do
    end
  end

+  describe '.primary_keyids_from_key' do
+    it 'returns the keyid' do
+      expect(
+        described_class.primary_keyids_from_key(GpgHelpers::User1.public_key)
+      ).to eq [GpgHelpers::User1.primary_keyid]
+    end
+
+    it 'returns an empty array when the key is invalid' do
+      expect(
+        described_class.primary_keyids_from_key('bogus')
+      ).to eq []
+    end
+  end
+
  describe '.emails_from_key' do
    it 'returns the emails' do
      expect(

--- a/spec/models/gpg_key_spec.rb
+++ b/spec/models/gpg_key_spec.rb
@@ -21,6 +21,14 @@ describe GpgKey do
        expect(gpg_key.fingerprint).to eq GpgHelpers::User1.fingerprint
      end
    end
+
+    describe 'extract_primary_keyid' do
+      it 'extracts the primary keyid from the gpg key' do
+        gpg_key = described_class.new(key: GpgHelpers::User1.public_key)
+        gpg_key.valid?
+        expect(gpg_key.primary_keyid).to eq GpgHelpers::User1.primary_keyid
+      end
+    end
  end

  describe '#key=' do

--- a/spec/support/gpg_helpers.rb
+++ b/spec/support/gpg_helpers.rb
@@ -90,8 +90,8 @@ module GpgHelpers
      KEY
    end

-    def key_id
-      '00AC8B1D'
+    def primary_keyid
+      fingerprint[-16..-1]
    end

    def fingerprint
@@ -179,8 +179,8 @@ module GpgHelpers
      KEY
    end

-    def key_id
-      '911EFD65'
+    def primary_keyid
+      fingerprint[-16..-1]
    end

    def fingerprint