starwels
/
gitian-builder
mirror of https://github.com/devrandom/gitian-builder
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 2 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
251 Commits
7 Branches
Tree: 31f53d8bb8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '31f53d8bb8'
${ noResults }
gitian-builder/contrib/verify-commits/verify-commits.sh

verify-commits.sh 1.5KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. #!/bin/sh

  2. # Copyright (c) 2014-2016 The Bitcoin Core developers

  3. # Distributed under the MIT software license, see the accompanying

  4. # file COPYING or http://www.opensource.org/licenses/mit-license.php.

  5. 

  6. # Not technically POSIX-compliant due to use of "local", but almost every

  7. # shell anyone uses today supports it, so its probably fine

  8. 

  9. DIR=$(dirname "$0")

  10. [ "/${DIR#/}" != "$DIR" ] && DIR=$(dirname "$(pwd)/$0")

  11. 

  12. VERIFIED_ROOT=$(cat "${DIR}/trusted-git-root")

  13. REVSIG_ALLOWED=$(cat "${DIR}/allow-revsig-commits")

  14. 

  15. HAVE_FAILED=false

  16. IS_SIGNED () {

  17. 	if [ $1 = $VERIFIED_ROOT ]; then

  18. 		return 0;

  19. 	fi

  20. 	if [ "${REVSIG_ALLOWED#*$1}" != "$REVSIG_ALLOWED" ]; then

  21. 		export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=1

  22. 	else

  23. 		export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0

  24. 	fi

  25. 	if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then

  26. 		return 1;

  27. 	fi

  28. 	local PARENTS

  29. 	PARENTS=$(git show -s --format=format:%P $1)

  30. 	for PARENT in $PARENTS; do

  31. 		if IS_SIGNED $PARENT > /dev/null; then

  32. 			return 0;

  33. 		fi

  34. 	done

  35. 	if ! "$HAVE_FAILED"; then

  36. 		echo "No parent of $1 was signed with a trusted key!" > /dev/stderr

  37. 		echo "Parents are:" > /dev/stderr

  38. 		for PARENT in $PARENTS; do

  39. 			git show -s $PARENT > /dev/stderr

  40. 		done

  41. 		HAVE_FAILED=true

  42. 	fi

  43. 	return 1;

  44. }

  45. 

  46. if [ x"$1" = "x" ]; then

  47. 	TEST_COMMIT="HEAD"

  48. else

  49. 	TEST_COMMIT="$1"

  50. fi

  51. 

  52. IS_SIGNED "$TEST_COMMIT"

  53. RES=$?

  54. if [ "$RES" = 1 ]; then

  55. 	if ! "$HAVE_FAILED"; then

  56. 		echo "$TEST_COMMIT was not signed with a trusted key!"

  57. 	fi

  58. else

  59. 	echo "There is a valid path from $TEST_COMMIT to $VERIFIED_ROOT where all commits are signed!"

  60. fi

  61. 

  62. exit $RES