starwels
/
starwels
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14887 Commits
3 Branches
Branch: 0.15
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0.15'
${ noResults }
starwels/contrib/verify-commits/gpg.sh

gpg.sh 2.3KB
Raw Permalink Blame History

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. #!/bin/sh

  2. # Copyright (c) 2014-2016 The Starwels developers

  3. # Distributed under the MIT software license, see the accompanying

  4. # file COPYING or http://www.opensource.org/licenses/mit-license.php.

  5. 

  6. INPUT=$(cat /dev/stdin)

  7. VALID=false

  8. REVSIG=false

  9. IFS='

  10. '

  11. if [ "$STARWELS_VERIFY_COMMITS_ALLOW_SHA1" = 1 ]; then

  12. 	GPG_RES="$(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null)"

  13. else

  14. 	# Note how we've disabled SHA1 with the --weak-digest option, disabling

  15. 	# signatures - including selfsigs - that use SHA1. While you might think that

  16. 	# collision attacks shouldn't be an issue as they'd be an attack on yourself,

  17. 	# in fact because what's being signed is a commit object that's

  18. 	# semi-deterministically generated by untrusted input (the pull-req) in theory

  19. 	# an attacker could construct a pull-req that results in a commit object that

  20. 	# they've created a collision for. Not the most likely attack, but preventing

  21. 	# it is pretty easy so we do so as a "belt-and-suspenders" measure.

  22. 	GPG_RES=""

  23. 	for LINE in "$(gpg --version)"; do

  24. 		case "$LINE" in

  25. 			"gpg (GnuPG) 1.4.1"*|"gpg (GnuPG) 2.0."*)

  26. 				echo "Please upgrade to at least gpg 2.1.10 to check for weak signatures" > /dev/stderr

  27. 				GPG_RES="$(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null)"

  28. 				;;

  29. 			# We assume if you're running 2.1+, you're probably running 2.1.10+

  30. 			# gpg will fail otherwise

  31. 			# We assume if you're running 1.X, it is either 1.4.1X or 1.4.20+

  32. 			# gpg will fail otherwise

  33. 		esac

  34. 	done

  35. 	[ "$GPG_RES" = "" ] && GPG_RES="$(echo "$INPUT" | gpg --trust-model always --weak-digest sha1 "$@" 2>/dev/null)"

  36. fi

  37. for LINE in $(echo "$GPG_RES"); do

  38. 	case "$LINE" in

  39. 	"[GNUPG:] VALIDSIG "*)

  40. 		while read KEY; do

  41. 			[ "${LINE#?GNUPG:? VALIDSIG * * * * * * * * * }" = "$KEY" ] && VALID=true

  42. 		done < ./contrib/verify-commits/trusted-keys

  43. 		;;

  44. 	"[GNUPG:] REVKEYSIG "*)

  45. 		[ "$STARWELS_VERIFY_COMMITS_ALLOW_REVSIG" != 1 ] && exit 1

  46. 		REVSIG=true

  47. 		GOODREVSIG="[GNUPG:] GOODSIG ${LINE#* * *}"

  48. 		;;

  49. 	"[GNUPG:] EXPKEYSIG "*)

  50. 		[ "$STARWELS_VERIFY_COMMITS_ALLOW_REVSIG" != 1 ] && exit 1

  51. 		REVSIG=true

  52. 		GOODREVSIG="[GNUPG:] GOODSIG ${LINE#* * *}"

  53. 		;;

  54. 	esac

  55. done

  56. if ! $VALID; then

  57. 	exit 1

  58. fi

  59. if $VALID && $REVSIG; then

  60. 	echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)"

  61. 	echo "$GOODREVSIG"

  62. else

  63. 	echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null

  64. fi