You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

verify-commits.sh 1.4KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061
  1. #!/bin/sh
  2. # Not technically POSIX-compliant due to use of "local", but almost every
  3. # shell anyone uses today supports it, so its probably fine
  4. DIR=$(dirname "$0")
  5. [ "/${DIR#/}" != "$DIR" ] && DIR=$(dirname "$(pwd)/$0")
  6. echo "Please verify all commits in the following list are not evil:"
  7. git log "$DIR"
  8. VERIFIED_ROOT=$(cat "${DIR}/trusted-git-root")
  9. REVSIG_ALLOWED=$(cat "${DIR}/allow-revsig-commits")
  10. HAVE_FAILED=false
  11. IS_SIGNED () {
  12. if [ $1 = $VERIFIED_ROOT ]; then
  13. return 0;
  14. fi
  15. if [ "${REVSIG_ALLOWED#*$1}" != "$REVSIG_ALLOWED" ]; then
  16. export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=1
  17. else
  18. export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0
  19. fi
  20. if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then
  21. return 1;
  22. fi
  23. local PARENTS
  24. PARENTS=$(git show -s --format=format:%P $1)
  25. for PARENT in $PARENTS; do
  26. if IS_SIGNED $PARENT > /dev/null; then
  27. return 0;
  28. fi
  29. done
  30. if ! "$HAVE_FAILED"; then
  31. echo "No parent of $1 was signed with a trusted key!" > /dev/stderr
  32. echo "Parents are:" > /dev/stderr
  33. for PARENT in $PARENTS; do
  34. git show -s $PARENT > /dev/stderr
  35. done
  36. HAVE_FAILED=true
  37. fi
  38. return 1;
  39. }
  40. if [ x"$1" = "x" ]; then
  41. TEST_COMMIT="HEAD"
  42. else
  43. TEST_COMMIT="$1"
  44. fi
  45. IS_SIGNED "$TEST_COMMIT"
  46. RES=$?
  47. if [ "$RES" = 1 ]; then
  48. if ! "$HAVE_FAILED"; then
  49. echo "$TEST_COMMIT was not signed with a trusted key!"
  50. fi
  51. else
  52. echo "There is a valid path from $TEST_COMMIT to $VERIFIED_ROOT where all commits are signed!"
  53. fi
  54. exit $RES