Skip to content

Fix 404 on Commit Signature API when using Rugged

What does this MR do?

There are installations that rely on Rugged for performance reasons, rather than Gitaly. While wrapped in a Gitlab::Git::Commit object, we rely on the raw_commit, which, when it comes from Rugged, doesn't report this information. The code changes to support X509 signatures (!17773 (merged) and more !28590 (merged)) assume that every commit that has a signature can report if its signature A) exists and B) whether its signature is a Gpg or X509. Since we can't pull this from the raw_commit, we do some light detection of the raw_commit source in order to figure out which Entities::[signature type] to pass to, effectively restoring pre-%12.9 behavior.

Screenshots (strongly suggested)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #211357 (closed)

Edited by Kerri Miller

Merge request reports

Loading