Browse Source

Merge pull request #6875

6e800c2 Add Pieter's new PGP key to verify-commits/trusted-keys (Matt Corallo)
1d94b72 Whitelist commits signed with Pieter's now-revoked key (Matt Corallo)
27252b7 Fix pre-push-hook regexes (Matt Corallo)
tags/v0.15.1
Pieter Wuille 4 years ago
parent
commit
93521a4f56
No account linked to committer's email address

+ 2
- 0
contrib/verify-commits/allow-revsig-commits View File

@@ -0,0 +1,2 @@
586a29253dabec3ca0f1ccba9091daabd16b8411
eddaba7b5692288087a926da5733e86b47274e4e

+ 20
- 2
contrib/verify-commits/gpg.sh View File

@@ -1,15 +1,33 @@
#!/bin/sh
INPUT=$(</dev/stdin)
VALID=false
REVSIG=false
IFS=$'\n'
for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do
case "$LINE" in "[GNUPG:] VALIDSIG"*)
case "$LINE" in
"[GNUPG:] VALIDSIG "*)
while read KEY; do
case "$LINE" in "[GNUPG:] VALIDSIG $KEY "*) VALID=true;; esac
done < ./contrib/verify-commits/trusted-keys
;;
"[GNUPG:] REVKEYSIG "*)
[ "$BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG" != 1 ] && exit 1
while read KEY; do
case "$LINE" in "[GNUPG:] REVKEYSIG ${KEY:24:40} "*)
REVSIG=true
GOODREVSIG="[GNUPG:] GOODSIG ${KEY:24:40} "
;;
esac
done < ./contrib/verify-commits/trusted-keys
;;
esac
done
if ! $VALID; then
exit 1
fi
echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
if $VALID && $REVSIG; then
echo "$INPUT" | gpg --trust-model always "$@" | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null
echo "$GOODREVSIG"
else
echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
fi

+ 1
- 1
contrib/verify-commits/pre-push-hook.sh View File

@@ -1,5 +1,5 @@
#!/bin/bash
if ! [[ "$2" =~ [git@]?[www.]?github.com[:|/]bitcoin/bitcoin[.git]? ]]; then
if ! [[ "$2" =~ ^(git@)?(www.)?github.com(:|/)bitcoin/bitcoin(.git)?$ ]]; then
exit 0
fi


+ 1
- 0
contrib/verify-commits/trusted-keys View File

@@ -3,3 +3,4 @@
01CDF4627A3B88AAE4A571C87588242FBE38D3A8
AF8BE07C7049F3A26B239D5325B3083201782B2F
81291FA67D2C379A006A053FEAB5AF94D9E9ABE7
133EAC179436F14A5CF1B794860FEB804E669320

+ 12
- 0
contrib/verify-commits/verify-commits.sh View File

@@ -7,11 +7,23 @@ git log "$DIR"

VERIFIED_ROOT=$(cat "${DIR}/trusted-git-root")

IS_REVSIG_ALLOWED () {
while read LINE; do
[ "$LINE" = "$1" ] && return 0
done < "${DIR}/allow-revsig-commits"
return 1
}

HAVE_FAILED=false
IS_SIGNED () {
if [ $1 = $VERIFIED_ROOT ]; then
return 0;
fi
if IS_REVSIG_ALLOWED "$1"; then
export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=1
else
export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0
fi
if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then
return 1;
fi

Loading…
Cancel
Save