Update signatures also for the whole gpg key fingerprint
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.
What does this MR do and why?
When commits with gpg signatures are pushed and the used gpg key is not known to gitlab it creates records in gpg_signatures with gpg_key_primary_keyid set to the whole fingerprint. Then after uploading gpg key the gitlab does not update the relevant records in gpg_signatures because it searches for short keyid only. This fixes the where clause so these preexisting verification records are also updated after gpg key upload.
References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
- Push a gpg signed commit
- Upload gpg key to gitlab
- Push another gpg signed commit
- Before this change only the second commit will get marked as verified.
- After this change both commits should be marked as verified.
Related to #349505 (closed)