Fix verification of subkeys of default gpg key (#11713) (#11747)

* Fix verification of subkeys of default gpg key Fix #10309 Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove debug log * Update models/gpg_key.go * As per @6543 Signed-off-by: Andrew Thornton <art27@cantab.net>
2025-07-14 22:47:21 +00:00 · 2020-06-03 18:01:32 +01:00
parent f428d40822
commit 7dd9506d06
2 changed files with 64 additions and 2 deletions
--- a/models/gpg_key.go
+++ b/models/gpg_key.go
@ -741,6 +741,21 @@ func verifyWithGPGSettings(gpgSettings *git.GPGSettings, sig *packet.Signature,
 		CanSign: pubkey.CanSign(),
 		KeyID:   pubkey.KeyIdString(),
 	}
+	for _, subKey := range ekey.Subkeys {
+		content, err := base64EncPubKey(subKey.PublicKey)
+		if err != nil {
+			return &CommitVerification{
+				CommittingUser: committer,
+				Verified:       false,
+				Reason:         "gpg.error.generate_hash",
+			}
+		}
+		k.SubsKey = append(k.SubsKey, &GPGKey{
+			Content: content,
+			CanSign: subKey.PublicKey.CanSign(),
+			KeyID:   subKey.PublicKey.KeyIdString(),
+		})
+	}
 	if commitVerification := hashAndVerifyWithSubKeys(sig, payload, k, committer, &User{
 		Name:  gpgSettings.Name,
 		Email: gpgSettings.Email,