You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

gpg.sh 2.3KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364
  1. #!/bin/sh
  2. # Copyright (c) 2014-2016 The Starwels developers
  3. # Distributed under the MIT software license, see the accompanying
  4. # file COPYING or http://www.opensource.org/licenses/mit-license.php.
  5. INPUT=$(cat /dev/stdin)
  6. VALID=false
  7. REVSIG=false
  8. IFS='
  9. '
  10. if [ "$STARWELS_VERIFY_COMMITS_ALLOW_SHA1" = 1 ]; then
  11. GPG_RES="$(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null)"
  12. else
  13. # Note how we've disabled SHA1 with the --weak-digest option, disabling
  14. # signatures - including selfsigs - that use SHA1. While you might think that
  15. # collision attacks shouldn't be an issue as they'd be an attack on yourself,
  16. # in fact because what's being signed is a commit object that's
  17. # semi-deterministically generated by untrusted input (the pull-req) in theory
  18. # an attacker could construct a pull-req that results in a commit object that
  19. # they've created a collision for. Not the most likely attack, but preventing
  20. # it is pretty easy so we do so as a "belt-and-suspenders" measure.
  21. GPG_RES=""
  22. for LINE in "$(gpg --version)"; do
  23. case "$LINE" in
  24. "gpg (GnuPG) 1.4.1"*|"gpg (GnuPG) 2.0."*)
  25. echo "Please upgrade to at least gpg 2.1.10 to check for weak signatures" > /dev/stderr
  26. GPG_RES="$(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null)"
  27. ;;
  28. # We assume if you're running 2.1+, you're probably running 2.1.10+
  29. # gpg will fail otherwise
  30. # We assume if you're running 1.X, it is either 1.4.1X or 1.4.20+
  31. # gpg will fail otherwise
  32. esac
  33. done
  34. [ "$GPG_RES" = "" ] && GPG_RES="$(echo "$INPUT" | gpg --trust-model always --weak-digest sha1 "$@" 2>/dev/null)"
  35. fi
  36. for LINE in $(echo "$GPG_RES"); do
  37. case "$LINE" in
  38. "[GNUPG:] VALIDSIG "*)
  39. while read KEY; do
  40. [ "${LINE#?GNUPG:? VALIDSIG * * * * * * * * * }" = "$KEY" ] && VALID=true
  41. done < ./contrib/verify-commits/trusted-keys
  42. ;;
  43. "[GNUPG:] REVKEYSIG "*)
  44. [ "$STARWELS_VERIFY_COMMITS_ALLOW_REVSIG" != 1 ] && exit 1
  45. REVSIG=true
  46. GOODREVSIG="[GNUPG:] GOODSIG ${LINE#* * *}"
  47. ;;
  48. "[GNUPG:] EXPKEYSIG "*)
  49. [ "$STARWELS_VERIFY_COMMITS_ALLOW_REVSIG" != 1 ] && exit 1
  50. REVSIG=true
  51. GOODREVSIG="[GNUPG:] GOODSIG ${LINE#* * *}"
  52. ;;
  53. esac
  54. done
  55. if ! $VALID; then
  56. exit 1
  57. fi
  58. if $VALID && $REVSIG; then
  59. echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)"
  60. echo "$GOODREVSIG"
  61. else
  62. echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
  63. fi