Add support for GPG subkeys in signature verification
What does this MR do?
Add support to extract the GPG subkeys when a new public key is uploaded. This subkeys are used when we verify the signature of a Commit.
Are there points in the code the reviewer needs to double check?
Why was this MR needed?
Commits signed with a GPG subkey were being flagged as unverified due to the lack of support to read GPG subkeys when performing the verification.
Screenshots (if relevant)
This is how the GPG keys index page looks now
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
API support added -
Tests added for this feature/bug - Review
-
Has been reviewed by UX -
Has been reviewed by Frontend -
Has been reviewed by Backend -
Has been reviewed by Database
-
-
Conform by the merge request performance guides -
Conform by the style guides -
Squashed related commits together
What are the relevant issue numbers?
Closes #36829 (closed)
Edited by Rubén Dávila