Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Support `--valid_pgpkeys` option in Git module #55396
Make Git module support
Signed-off-by: Jelle van der Waa firstname.lastname@example.org
Add an option to specify allows PGP fingerprints from which signed commits are excepted this adds an extra verification requirement when verify_commit is set. Basically this prevents a trusted repository with a malicious signed commit to be seen as a valid commit. This is comparable with Arch Linux's pacman's PKGBUILD which allows the same sort of syntax to specify valid PGP keys.
Adds a new option to the Git module called valid_pgpkeys with an array of valid PGP keys to be used to verify the signed commit.