Skip to content

Extend GetCommitSignatures to return Signer

Igor Drozdov requested to merge id-verify-signature into master

Related issue: Automated/web commits (merge or web IDE commits... (gitlab#19185 - closed)

This MR depends on this preparational MR: Move SSH signing function to library (!5960 - merged).

This MR extends GetCommitSignatures RPC to return signer. The signer indicates whether a commit has been signed by Gitaly or by a user. It implements the following idea: gitlab!124218 (comment 1440760387)

In this case, we won't need to share public/private key with Gitlab in order to identify the commits that were signed by Gitaly.

After some modifications on the local Gitaly gem, the following response is returned:

[14] pry(main)> a = response.to_a
=> [<Gitaly::GetCommitSignaturesResponse: commit_id: "ad3cac9eb012b67e2821fae8ed6c11d41d87bf98", signature: "-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgCZpNLju9GawrIvIrWOUgUmf+Lz
B0ZDcnj0tjIhgnaG8AAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQEsWFOUlXlBJeJa6l7dNvQe42caV3y/OAHPm0nBKQrF5JmfiQyLlewqJH270VBWTzm
xuherf4LRAl+0RL8pu1gA=
-----END SSH SIGNATURE-----", signed_text: "", signer: :SIGNER_USER>,
 <Gitaly::GetCommitSignaturesResponse: commit_id: "", signature: "", signed_text: "tree 1c7d7f5a375ef34553a0d746034959bd3d641da6
parent bd7e52b24bd633f59c2f37415ab07f60b77de575
author Igor Drozdov <idrozdov@gitlab.com> 1687293056 +0200
committer Igor Drozdov <idrozdov@gitlab.com> 1687293056 +0200

New commit
", signer: :SIGNER_UNSPECIFIED>,
 <Gitaly::GetCommitSignaturesResponse: commit_id: "d5a14f9e27a8146c9f0092af0fb2cdd9b6c5b23d", signature: "-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgVzKQNpRPvHihfJQJ+Com
F8BdFuG2wuXh+LjXjbOs8IgAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3Nz
aC1lZDI1NTE5AAAAQIoPrmWfZuRnqGdOa/kSJU+hEMhoshbOa8YPe/wR0vcLu6ih
ml2bVMUIowkSVyLDU45mYtnli9Xuqa+RE/BAmQ8=
-----END SSH SIGNATURE-----
", signed_text: "", signer: :SIGNER_SYSTEM>,
 <Gitaly::GetCommitSignaturesResponse: commit_id: "", signature: "", signed_text: "tree 21f90db9715a5b7e6404554a88b15fa56fc2d876
parent 64779bc0609e42bd450a8072bd1a94776c77974e
author Administrator <admin@example.com> 1687292264 +0000
committer Administrator <admin@example.com> 1687292264 +0000

Update index.js", signer: :SIGNER_UNSPECIFIED>]```

`SIGNER_USER` is returned for a commit that has been signed by a user, `SIGNER_SYSTEM` is returned for a commit signed by Gitaly
Edited by Igor Drozdov

Merge request reports