diff --git a/models/gpg_key.go b/models/gpg_key.go index 49e510839f163..309d914bbc753 100644 --- a/models/gpg_key.go +++ b/models/gpg_key.go @@ -509,6 +509,18 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *Use return nil } for _, key := range keys { + var primaryKeys []*GPGKey + if key.PrimaryKeyID != "" { + primaryKeys, err = GetGPGKeysByKeyID(key.PrimaryKeyID) + if err != nil { + log.Error("GetGPGKeysByKeyID: %v", err) + return &CommitVerification{ + CommittingUser: committer, + Verified: false, + Reason: "gpg.error.failed_retrieval_gpg_keys", + } + } + } activated := false if len(email) != 0 { for _, e := range key.Emails { @@ -518,6 +530,20 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *Use break } } + if !activated { + for _, pkey := range primaryKeys { + for _, e := range pkey.Emails { + if e.IsActivated && strings.EqualFold(e.Email, email) { + activated = true + email = e.Email + break + } + } + if activated { + break + } + } + } } else { for _, e := range key.Emails { if e.IsActivated { @@ -526,7 +552,22 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *Use break } } + if !activated { + for _, pkey := range primaryKeys { + for _, e := range pkey.Emails { + if e.IsActivated { + activated = true + email = e.Email + break + } + } + if activated { + break + } + } + } } + if !activated { continue } @@ -614,7 +655,6 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification { if keyID == "" && sig.IssuerFingerprint != nil && len(sig.IssuerFingerprint) > 0 { keyID = fmt.Sprintf("%X", sig.IssuerFingerprint[12:20]) } - defaultReason := NoKeyFound // First check if the sig has a keyID and if so just look at that