You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

verify-commits.sh 1.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960
  1. #!/bin/sh
  2. # Not technically POSIX-compliant due to use of "local", but almost every
  3. # shell anyone uses today supports it, so its probably fine
  4. DIR=$(dirname "$0")
  5. echo "Please verify all commits in the following list are not evil:"
  6. git log "$DIR"
  7. VERIFIED_ROOT=$(cat "${DIR}/trusted-git-root")
  8. REVSIG_ALLOWED=$(cat "${DIR}/allow-revsig-commits")
  9. HAVE_FAILED=false
  10. IS_SIGNED () {
  11. if [ $1 = $VERIFIED_ROOT ]; then
  12. return 0;
  13. fi
  14. if [ "${REVSIG_ALLOWED#*$1}" != "$REVSIG_ALLOWED" ]; then
  15. export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=1
  16. else
  17. export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0
  18. fi
  19. if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then
  20. return 1;
  21. fi
  22. local PARENTS
  23. PARENTS=$(git show -s --format=format:%P $1)
  24. for PARENT in $PARENTS; do
  25. if IS_SIGNED $PARENT > /dev/null; then
  26. return 0;
  27. fi
  28. done
  29. if ! "$HAVE_FAILED"; then
  30. echo "No parent of $1 was signed with a trusted key!" > /dev/stderr
  31. echo "Parents are:" > /dev/stderr
  32. for PARENT in $PARENTS; do
  33. git show -s $PARENT > /dev/stderr
  34. done
  35. HAVE_FAILED=true
  36. fi
  37. return 1;
  38. }
  39. if [ x"$1" = "x" ]; then
  40. TEST_COMMIT="HEAD"
  41. else
  42. TEST_COMMIT="$1"
  43. fi
  44. IS_SIGNED "$TEST_COMMIT"
  45. RES=$?
  46. if [ "$RES" = 1 ]; then
  47. if ! "$HAVE_FAILED"; then
  48. echo "$TEST_COMMIT was not signed with a trusted key!"
  49. fi
  50. else
  51. echo "There is a valid path from $TEST_COMMIT to $VERIFIED_ROOT where all commits are signed!"
  52. fi
  53. exit $RES