From 418529b3167a2a0c922266daabcb1b8c3b237123 Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Fri, 22 May 2020 19:52:56 +0200
Subject: httpdocs/index.php: git verify-tag should look for subkeys, too

---
 httpdocs/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httpdocs/index.php b/httpdocs/index.php
index 01188a7..b433bd1 100644
--- a/httpdocs/index.php
+++ b/httpdocs/index.php
@@ -77,7 +77,7 @@ if (isset($_GET['r'])) {
       if ($_GET['t']=='git') {
         if (trim(shell_exec(
           'GNUPGHOME="' . $work_dir . 'gnupg" git -C "' . $work_dir . 'repositories/' . $_GET['t'] . '/' . $_GET['r'] . '" verify-tag --raw "' . $commit_identifier . '" 2>&1 | ' .
-          'grep -c "\[GNUPG:\] VALIDSIG ' . $key_regex . ' "'
+          'grep -c "\[GNUPG:\] VALIDSIG\( ' . $key_regex . ' \| .* ' . $key_regex . '\$\)"'
         )) == '0')
           throw_http_error(409, 'Commit ' . $commit_identifier . ' is not signed by ' . $_GET['valid_keys']);
       } else
-- 
cgit v1.2.3