summaryrefslogtreecommitdiffstats
path: root/models/gpg_key.go
diff options
context:
space:
mode:
Diffstat (limited to 'models/gpg_key.go')
-rw-r--r--models/gpg_key.go42
1 files changed, 41 insertions, 1 deletions
diff --git a/models/gpg_key.go b/models/gpg_key.go
index 49e510839f..309d914bbc 100644
--- a/models/gpg_key.go
+++ b/models/gpg_key.go
@@ -509,6 +509,18 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *Use
return nil
}
for _, key := range keys {
+ var primaryKeys []*GPGKey
+ if key.PrimaryKeyID != "" {
+ primaryKeys, err = GetGPGKeysByKeyID(key.PrimaryKeyID)
+ if err != nil {
+ log.Error("GetGPGKeysByKeyID: %v", err)
+ return &CommitVerification{
+ CommittingUser: committer,
+ Verified: false,
+ Reason: "gpg.error.failed_retrieval_gpg_keys",
+ }
+ }
+ }
activated := false
if len(email) != 0 {
for _, e := range key.Emails {
@@ -518,6 +530,20 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *Use
break
}
}
+ if !activated {
+ for _, pkey := range primaryKeys {
+ for _, e := range pkey.Emails {
+ if e.IsActivated && strings.EqualFold(e.Email, email) {
+ activated = true
+ email = e.Email
+ break
+ }
+ }
+ if activated {
+ break
+ }
+ }
+ }
} else {
for _, e := range key.Emails {
if e.IsActivated {
@@ -526,7 +552,22 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *Use
break
}
}
+ if !activated {
+ for _, pkey := range primaryKeys {
+ for _, e := range pkey.Emails {
+ if e.IsActivated {
+ activated = true
+ email = e.Email
+ break
+ }
+ }
+ if activated {
+ break
+ }
+ }
+ }
}
+
if !activated {
continue
}
@@ -614,7 +655,6 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification {
if keyID == "" && sig.IssuerFingerprint != nil && len(sig.IssuerFingerprint) > 0 {
keyID = fmt.Sprintf("%X", sig.IssuerFingerprint[12:20])
}
-
defaultReason := NoKeyFound
// First check if the sig has a keyID and if so just look at that
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-14 08:18:01 +0000