MieuxVoter
/
gitea-fork-majority-judgment
mirror of https://github.com/domi41/gitea.git
4
0
Fork 0
Code Issues 8 Releases Wiki Polls Activity

Ensure Subkeys are verified (#12155)

Browse Source 
When attempting to verify subkeys the email address verification step
requires checking the emails however, these emails are not stored on
subkeys but instead on the primary key.

This PR will obtain the primaryKey and check against these emails too.

Fix #12128

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
mj-v1.14.3
zeripath 4 years ago committed by GitHub
parent 26e931ae34
commit 8a0bb7cd04
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File

42
models/gpg_key.go
Unescape View File

@ -509,6 +509,18 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *Use
return nil return nil
} }
for _, key := range keys { for _, key := range keys {
var primaryKeys []*GPGKey
if key.PrimaryKeyID != "" {
primaryKeys, err = GetGPGKeysByKeyID(key.PrimaryKeyID)
if err != nil {
log.Error("GetGPGKeysByKeyID: %v", err)
return &CommitVerification{
CommittingUser: committer,
Verified: false,
Reason: "gpg.error.failed_retrieval_gpg_keys",
}
}
}
activated := false activated := false
if len(email) != 0 { if len(email) != 0 {
for _, e := range key.Emails { for _, e := range key.Emails {
@ -518,6 +530,20 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *Use
break break
} }
} }
if !activated {
for _, pkey := range primaryKeys {
for _, e := range pkey.Emails {
if e.IsActivated && strings.EqualFold(e.Email, email) {
activated = true
email = e.Email
break
}
}
if activated {
break
}
}
}
} else { } else {
for _, e := range key.Emails { for _, e := range key.Emails {
if e.IsActivated { if e.IsActivated {
@ -526,7 +552,22 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *Use
break break
} }
} }
if !activated {
for _, pkey := range primaryKeys {
for _, e := range pkey.Emails {
if e.IsActivated {
activated = true
email = e.Email
break
}
}
if activated {
break
}
}
}
} }
if !activated { if !activated {
continue continue
} }
@ -614,7 +655,6 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification {
if keyID == "" && sig.IssuerFingerprint != nil && len(sig.IssuerFingerprint) > 0 { if keyID == "" && sig.IssuerFingerprint != nil && len(sig.IssuerFingerprint) > 0 {
keyID = fmt.Sprintf("%X", sig.IssuerFingerprint[12:20]) keyID = fmt.Sprintf("%X", sig.IssuerFingerprint[12:20])
} }
defaultReason := NoKeyFound defaultReason := NoKeyFound
// First check if the sig has a keyID and if so just look at that // First check if the sig has a keyID and if so just look at that

Write Preview
Loading…
Cancel
Save