diff options
| author | zeripath <art27@cantab.net> | 2019-12-15 11:06:31 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-12-15 11:06:31 +0000 |
| commit | 3abe17f9e088d24eff4f4e3b98a6c555db334202 (patch) | |
| tree | fdfe7f04e4cb200b7a0a3b93726a85970dc95970 /models/repo_sign.go | |
| parent | e3c3b33ea7a5a223e22688c3f0eb2d3dab9f991c (diff) | |
| download | gitea-3abe17f9e088d24eff4f4e3b98a6c555db334202.tar.gz gitea-3abe17f9e088d24eff4f4e3b98a6c555db334202.zip | |
Sign protected branches (#8993)
* Move SignMerge to PullRequest
* Add approved signing mode
* As per @guillep2k comment
Diffstat (limited to 'models/repo_sign.go')
| -rw-r--r-- | models/repo_sign.go | 98 |
1 files changed, 3 insertions, 95 deletions
diff --git a/models/repo_sign.go b/models/repo_sign.go index a02b027f89..a684efb55f 100644 --- a/models/repo_sign.go +++ b/models/repo_sign.go @@ -24,6 +24,7 @@ const ( baseSigned signingMode = "basesigned" headSigned signingMode = "headsigned" commitsSigned signingMode = "commitssigned" + approved signingMode = "approved" ) func signingModeFromStrings(modeStrings []string) []signingMode { @@ -45,6 +46,8 @@ func signingModeFromStrings(modeStrings []string) []signingMode { fallthrough case headSigned: fallthrough + case approved: + fallthrough case commitsSigned: returnable = append(returnable, signMode) } @@ -211,98 +214,3 @@ func (repo *Repository) SignCRUDAction(u *User, tmpBasePath, parentCommit string } return true, signingKey } - -// SignMerge determines if we should sign a merge commit to this repository -func (repo *Repository) SignMerge(u *User, tmpBasePath, baseCommit, headCommit string) (bool, string) { - rules := signingModeFromStrings(setting.Repository.Signing.Merges) - signingKey := signingKey(repo.RepoPath()) - if signingKey == "" { - return false, "" - } - var gitRepo *git.Repository - var err error - - for _, rule := range rules { - switch rule { - case never: - return false, "" - case always: - break - case pubkey: - keys, err := ListGPGKeys(u.ID) - if err != nil || len(keys) == 0 { - return false, "" - } - case twofa: - twofa, err := GetTwoFactorByUID(u.ID) - if err != nil || twofa == nil { - return false, "" - } - case baseSigned: - if gitRepo == nil { - gitRepo, err = git.OpenRepository(tmpBasePath) - if err != nil { - return false, "" - } - defer gitRepo.Close() - } - commit, err := gitRepo.GetCommit(baseCommit) - if err != nil { - return false, "" - } - verification := ParseCommitWithSignature(commit) - if !verification.Verified { - return false, "" - } - case headSigned: - if gitRepo == nil { - gitRepo, err = git.OpenRepository(tmpBasePath) - if err != nil { - return false, "" - } - defer gitRepo.Close() - } - commit, err := gitRepo.GetCommit(headCommit) - if err != nil { - return false, "" - } - verification := ParseCommitWithSignature(commit) - if !verification.Verified { - return false, "" - } - case commitsSigned: - if gitRepo == nil { - gitRepo, err = git.OpenRepository(tmpBasePath) - if err != nil { - return false, "" - } - defer gitRepo.Close() - } - commit, err := gitRepo.GetCommit(headCommit) - if err != nil { - return false, "" - } - verification := ParseCommitWithSignature(commit) - if !verification.Verified { - return false, "" - } - // need to work out merge-base - mergeBaseCommit, _, err := gitRepo.GetMergeBase("", baseCommit, headCommit) - if err != nil { - return false, "" - } - commitList, err := commit.CommitsBeforeUntil(mergeBaseCommit) - if err != nil { - return false, "" - } - for e := commitList.Front(); e != nil; e = e.Next() { - commit = e.Value.(*git.Commit) - verification := ParseCommitWithSignature(commit) - if !verification.Verified { - return false, "" - } - } - } - } - return true, signingKey -} |