aboutsummaryrefslogtreecommitdiffstats
path: root/models/gpg_key.go
diff options
context:
space:
mode:
Diffstat (limited to 'models/gpg_key.go')
-rw-r--r--models/gpg_key.go43
1 files changed, 40 insertions, 3 deletions
diff --git a/models/gpg_key.go b/models/gpg_key.go
index 643aa6822c..a32312a12d 100644
--- a/models/gpg_key.go
+++ b/models/gpg_key.go
@@ -374,6 +374,7 @@ type CommitVerification struct {
CommittingUser *User
SigningEmail string
SigningKey *GPGKey
+ TrustStatus string
}
// SignCommit represents a commit with validation of signature.
@@ -759,18 +760,54 @@ func verifyWithGPGSettings(gpgSettings *git.GPGSettings, sig *packet.Signature,
}
// ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.
-func ParseCommitsWithSignature(oldCommits *list.List) *list.List {
+func ParseCommitsWithSignature(oldCommits *list.List, repository *Repository) *list.List {
var (
newCommits = list.New()
e = oldCommits.Front()
)
+ memberMap := map[int64]bool{}
+
for e != nil {
c := e.Value.(UserCommit)
- newCommits.PushBack(SignCommit{
+ signCommit := SignCommit{
UserCommit: &c,
Verification: ParseCommitWithSignature(c.Commit),
- })
+ }
+
+ _ = CalculateTrustStatus(signCommit.Verification, repository, &memberMap)
+
+ newCommits.PushBack(signCommit)
e = e.Next()
}
return newCommits
}
+
+// CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository
+func CalculateTrustStatus(verification *CommitVerification, repository *Repository, memberMap *map[int64]bool) (err error) {
+ if verification.Verified {
+ verification.TrustStatus = "trusted"
+ if verification.SigningUser.ID != 0 {
+ var isMember bool
+ if memberMap != nil {
+ var has bool
+ isMember, has = (*memberMap)[verification.SigningUser.ID]
+ if !has {
+ isMember, err = repository.IsOwnerMemberCollaborator(verification.SigningUser.ID)
+ (*memberMap)[verification.SigningUser.ID] = isMember
+ }
+ } else {
+ isMember, err = repository.IsOwnerMemberCollaborator(verification.SigningUser.ID)
+ }
+
+ if !isMember {
+ verification.TrustStatus = "untrusted"
+ if verification.CommittingUser.ID != verification.SigningUser.ID {
+ // The committing user and the signing user are not the same and are not the default key
+ // This should be marked as questionable unless the signing user is a collaborator/team member etc.
+ verification.TrustStatus = "unmatched"
+ }
+ }
+ }
+ }
+ return
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-29 09:34:14 +0000