BigW Consortium Gitlab

Commit 87c0fd34 by Alexis Reigel

add / remove gpg keys to / from system keychain

parent e34cef0c
...@@ -19,6 +19,8 @@ class GpgKey < ActiveRecord::Base ...@@ -19,6 +19,8 @@ class GpgKey < ActiveRecord::Base
unless: -> { errors.has_key?(:key) } unless: -> { errors.has_key?(:key) }
before_validation :extract_fingerprint before_validation :extract_fingerprint
after_create :add_to_keychain
after_destroy :remove_from_keychain
def key=(value) def key=(value)
value.strip! unless value.blank? value.strip! unless value.blank?
...@@ -37,4 +39,12 @@ class GpgKey < ActiveRecord::Base ...@@ -37,4 +39,12 @@ class GpgKey < ActiveRecord::Base
# only allows one key # only allows one key
self.fingerprint = Gitlab::Gpg.fingerprints_from_key(key).first self.fingerprint = Gitlab::Gpg.fingerprints_from_key(key).first
end end
def add_to_keychain
Gitlab::Gpg.add_to_keychain(key)
end
def remove_from_keychain
Gitlab::Gpg.remove_from_keychain(fingerprint)
end
end end
...@@ -12,6 +12,14 @@ module Gitlab ...@@ -12,6 +12,14 @@ module Gitlab
end end
end end
def add_to_keychain(key)
GPGME::Key.import(key)
end
def remove_from_keychain(fingerprint)
GPGME::Key.get(fingerprint).delete!
end
def using_tmp_keychain def using_tmp_keychain
Dir.mktmpdir do |dir| Dir.mktmpdir do |dir|
@original_dirs ||= [GPGME::Engine.dirinfo('homedir')] @original_dirs ||= [GPGME::Engine.dirinfo('homedir')]
......
...@@ -15,6 +15,24 @@ describe Gitlab::Gpg do ...@@ -15,6 +15,24 @@ describe Gitlab::Gpg do
end end
end end
describe '.add_to_keychain' do describe '.add_to_keychain', :gpg do
it 'stores the key in the keychain' do
expect(GPGME::Key.find(:public, '4F4840A503964251CF7D7F5DC728AF10972E97C0')).to eq []
Gitlab::Gpg.add_to_keychain(GpgHelpers.public_key)
expect(GPGME::Key.find(:public, '4F4840A503964251CF7D7F5DC728AF10972E97C0')).not_to eq []
end
end
describe '.remove_from_keychain', :gpg do
it 'removes the key from the keychain' do
Gitlab::Gpg.add_to_keychain(GpgHelpers.public_key)
expect(GPGME::Key.find(:public, '4F4840A503964251CF7D7F5DC728AF10972E97C0')).not_to eq []
Gitlab::Gpg.remove_from_keychain('4F4840A503964251CF7D7F5DC728AF10972E97C0')
expect(GPGME::Key.find(:public, '4F4840A503964251CF7D7F5DC728AF10972E97C0')).to eq []
end
end end
end end
...@@ -13,14 +13,32 @@ describe GpgKey do ...@@ -13,14 +13,32 @@ describe GpgKey do
it { is_expected.not_to allow_value('BEGIN PGP').for(:key) } it { is_expected.not_to allow_value('BEGIN PGP').for(:key) }
end end
context 'callbacks' do context 'callbacks', :gpg do
describe 'extract_fingerprint' do describe 'extract_fingerprint' do
it 'extracts the fingerprint from the gpg key', :gpg do it 'extracts the fingerprint from the gpg key' do
gpg_key = described_class.new(key: GpgHelpers.public_key) gpg_key = described_class.new(key: GpgHelpers.public_key)
gpg_key.valid? gpg_key.valid?
expect(gpg_key.fingerprint).to eq '4F4840A503964251CF7D7F5DC728AF10972E97C0' expect(gpg_key.fingerprint).to eq '4F4840A503964251CF7D7F5DC728AF10972E97C0'
end end
end end
describe 'add_to_keychain' do
it 'calls add_to_keychain after create' do
expect(Gitlab::Gpg).to receive(:add_to_keychain).with(GpgHelpers.public_key)
create :gpg_key
end
end
describe 'remove_from_keychain' do
it 'calls remove_from_keychain after destroy' do
allow(Gitlab::Gpg).to receive :add_to_keychain
gpg_key = create :gpg_key
expect(Gitlab::Gpg).to receive(:remove_from_keychain).with('4F4840A503964251CF7D7F5DC728AF10972E97C0')
gpg_key.destroy!
end
end
end end
describe '#key=' do describe '#key=' do
...@@ -37,7 +55,7 @@ describe GpgKey do ...@@ -37,7 +55,7 @@ describe GpgKey do
end end
end end
describe '#emails' do describe '#emails', :gpg do
it 'returns the emails from the gpg key' do it 'returns the emails from the gpg key' do
gpg_key = create :gpg_key gpg_key = create :gpg_key
......
...@@ -29,7 +29,7 @@ module GpgHelpers ...@@ -29,7 +29,7 @@ module GpgHelpers
end end
def public_key def public_key
<<~PUBLICKEY <<~PUBLICKEY.strip
-----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1 Version: GnuPG v1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment