From a730dc1419b7e7171da816d5bc727dc5f2edf3ab Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Wed, 3 Jun 2020 16:36:41 +0100
Subject: Fix verification of subkeys of default gpg key (#11713)

* Fix verification of subkeys of default gpg key

Fix #10309

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove debug log

* Update models/gpg_key.go

* As per @6543

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
---
 models/gpg_key.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'models')

diff --git a/models/gpg_key.go b/models/gpg_key.go
index bebd33191a..49e510839f 100644
--- a/models/gpg_key.go
+++ b/models/gpg_key.go
@@ -741,6 +741,21 @@ func verifyWithGPGSettings(gpgSettings *git.GPGSettings, sig *packet.Signature,
 		CanSign: pubkey.CanSign(),
 		KeyID:   pubkey.KeyIdString(),
 	}
+	for _, subKey := range ekey.Subkeys {
+		content, err := base64EncPubKey(subKey.PublicKey)
+		if err != nil {
+			return &CommitVerification{
+				CommittingUser: committer,
+				Verified:       false,
+				Reason:         "gpg.error.generate_hash",
+			}
+		}
+		k.SubsKey = append(k.SubsKey, &GPGKey{
+			Content: content,
+			CanSign: subKey.PublicKey.CanSign(),
+			KeyID:   subKey.PublicKey.KeyIdString(),
+		})
+	}
 	if commitVerification := hashAndVerifyWithSubKeys(sig, payload, k, committer, &User{
 		Name:  gpgSettings.Name,
 		Email: gpgSettings.Email,
-- 
cgit v1.2.3