nl.php « l10n « settings - nextcloud-server.git - Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

class="w"> else { return commitVerification } } } return &CommitVerification{ //Default at this stage CommittingUser: committer, Verified: false, Warning: defaultReason != NoKeyFound, Reason: defaultReason, SigningKey: &GPGKey{ KeyID: keyID, }, } } func verifyWithGPGSettings(gpgSettings *git.GPGSettings, sig *packet.Signature, payload string, committer *User, keyID string) *CommitVerification { // First try to find the key in the db if commitVerification := hashAndVerifyForKeyID(sig, payload, committer, gpgSettings.KeyID, gpgSettings.Name, gpgSettings.Email); commitVerification != nil { return commitVerification } // Otherwise we have to parse the key ekey, err := checkArmoredGPGKeyString(gpgSettings.PublicKeyContent) if err != nil { log.Error("Unable to get default signing key: %v", err) return &CommitVerification{ CommittingUser: committer, Verified: false, Reason: "gpg.error.generate_hash", } } pubkey := ekey.PrimaryKey content, err := base64EncPubKey(pubkey) if err != nil { return &CommitVerification{ CommittingUser: committer, Verified: false, Reason: "gpg.error.generate_hash", } } k := &GPGKey{ Content: content, CanSign: pubkey.CanSign(), KeyID: pubkey.KeyIdString(), } for _, subKey := range ekey.Subkeys { content, err := base64EncPubKey(subKey.PublicKey) if err != nil { return &CommitVerification{ CommittingUser: committer, Verified: false, Reason: "gpg.error.generate_hash", } } k.SubsKey = append(k.SubsKey, &GPGKey{ Content: content, CanSign: subKey.PublicKey.CanSign(), KeyID: subKey.PublicKey.KeyIdString(), }) } if commitVerification := hashAndVerifyWithSubKeys(sig, payload, k, committer, &User{ Name: gpgSettings.Name, Email: gpgSettings.Email, }, gpgSettings.Email); commitVerification != nil { return commitVerification } if keyID == k.KeyID { // This is a bad situation ... We have a key id that matches our default key but the signature doesn't match. return &CommitVerification{ CommittingUser: committer, Verified: false, Warning: true, Reason: BadSignature, } } return nil } // ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys. func ParseCommitsWithSignature(oldCommits *list.List, repository *Repository) *list.List { var ( newCommits = list.New() e = oldCommits.Front() ) memberMap := map[int64]bool{} for e != nil { c := e.Value.(UserCommit) signCommit := SignCommit{ UserCommit: &c, Verification: ParseCommitWithSignature(c.Commit), } _ = CalculateTrustStatus(signCommit.Verification, repository, &memberMap) newCommits.PushBack(signCommit) e = e.Next() } return newCommits } // CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository func CalculateTrustStatus(verification *CommitVerification, repository *Repository, memberMap *map[int64]bool) (err error) { if verification.Verified { verification.TrustStatus = "trusted" if verification.SigningUser.ID != 0 { var isMember bool if memberMap != nil { var has bool isMember, has = (*memberMap)[verification.SigningUser.ID] if !has { isMember, err = repository.IsOwnerMemberCollaborator(verification.SigningUser.ID) (*memberMap)[verification.SigningUser.ID] = isMember } } else { isMember, err = repository.IsOwnerMemberCollaborator(verification.SigningUser.ID) } if !isMember { verification.TrustStatus = "untrusted" if verification.CommittingUser.ID != verification.SigningUser.ID { // The committing user and the signing user are not the same and are not the default key // This should be marked as questionable unless the signing user is a collaborator/team member etc. verification.TrustStatus = "unmatched" } } } } return }