Skip to content

Add Gitlab::Ssh::Commit class

Brian Williams requested to merge bwill/add-ssh-commits into master

What does this MR do and why?

Describe in detail what your merge request does and why.

In order to add Sign commits with your SSH key (#343879 - closed), this MR adds a new Gitlab::Ssh::Commit class which is responsible for creating CommitSignatures::SshSignature records in the database and returning them. This class mirrors the existing Gitlab::Gpg::Commit and Gitlab::X509::Commit classes, and will be called from Commit#signature

My testing approach differs from the existing Gitlab::Gpg::Commit and Gitlab::X509::Commit commit specs, which I find difficult to maintain due to the sheer amount of bootstrapping they do. The Gitlab::Ssh::Signature spec already thoroughly tests the correctness of signature verification, so there is no need to re-test that in these specs. Instead, we only check that we correctly handle the output of Gitlab::Ssh::Signature.

Since it is expected for signatures with the unknown_key status to not have a key_id available, this MR also removes the NOT NULL constraint from the key_id column on the ssh_signatures table.

Migrations

Up

main: == 20220728114136 MakeSshSignatureKeyNullable: migrating ======================
main: -- change_column_null(:ssh_signatures, :key_id, true)
main:    -> 0.0015s
main: == 20220728114136 MakeSshSignatureKeyNullable: migrated (0.0020s) =============

Down

main: == 20220728114136 MakeSshSignatureKeyNullable: reverting ======================
main: -- change_column_null(:ssh_signatures, :key_id, false)
main:    -> 0.0067s
main: == 20220728114136 MakeSshSignatureKeyNullable: reverted (0.0143s) =============

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Start the rails console:

bundle exec rails c

Run this Ruby code:

project = Project.find_by_path("gitlab-test")
commit = project.commit_by(oid: '7b5160f9bb23a3d58a0accdbe89da13b96b1ece9')
Gitlab::Ssh::Commit.new(commit).signature

This will show the commit signature for gitlab-test@7b5160f9, which should be pre-seeded into your GDK. If it's not there, then you can either re-seed your GDK with gdk reset-data or add it to your local gitlab-test from upstream:

git clone git@gitlab.com:gitlab-org/gitlab-test.git
cd gitlab-test
git remote add gdk ssh://git@gdk.local:2222/gitlab-org/gitlab-test.git
git checkout ssh-signed-commit
git push -u gdk ssh-signed-commit

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Brian Williams

Merge request reports