Verify Commits signed by User with x509 certificate
What does this MR do and why?
Related: https://gitlab.com/gitlab-org/gitlab/-/issues/498188#top+
For x509 certificate, signed_by_user comes from User.find_by_any_email(committer_email, confirmed: confirmed). It exposes a risk as committer's email could be forged. It should come from an x509 certificate.
An X509 certificate could have multiple emails, so the primary and secondary emails are collected into an array and resolved if one of them matches the user's verified gitlab email.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
-
Set Up a Valid X509 Certificate Follow the instructions. For example, use the email bugs@example.com for the X509 certificate.
-
Create a new test Repository
-
Create a .mailmap File Add a .mailmap file to the repository.
-
Add an entry to the .mailmap File Use the following format:
user-name <canonical-email> <your-email>
For example:
Jane Doe <jane@example.com> <bugs@example.com>
This maps commits made with the email <bugs@example.com> to the canonical name and email Jane Doe <jane@example.com>.-
Push the .mailmap file Commit and push the .mailmap file to the repository.
-
Push a new commit Create a new commit using the X509 certificate email bugs@example.com and push it to the repository.
-
Test with mailmap enabled You should see a verified label with a yellow color. This indicates that the X509 certificate email bugs@example.com doesn’t match the canonical email in the .mailmap (jane@example.com). Test with Mailmap Disabled
-
Test with mailmap disabled Comment out the line in the mailmap. You should see a verified label with a green color. This indicates that the X509 certificate email bugs@example.com matches the commit email bugs@example.com.