Fix 404 on Commit Signature API when using Rugged
What does this MR do?
There are installations that rely on Rugged
for performance reasons, rather than Gitaly
. While wrapped in a Gitlab::Git::Commit
object, we rely on the raw_commit
, which, when it comes from Rugged
, doesn't report this information. The code changes to support X509 signatures (!17773 (merged) and more !28590 (merged)) assume that every commit that has a signature can report if its signature A) exists and B) whether its signature is a Gpg or X509. Since we can't pull this from the raw_commit
, we do some light detection of the raw_commit
source in order to figure out which Entities::[signature type]
to pass to, effectively restoring pre-%12.9 behavior.
Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Related to #211357 (closed)