kvazar
/
kevacoin
mirror of https://github.com/kvazar-network/kevacoin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #6875 

6e800c2 Add Pieter's new PGP key to verify-commits/trusted-keys (Matt Corallo)
1d94b72 Whitelist commits signed with Pieter's now-revoked key (Matt Corallo)
27252b7 Fix pre-push-hook regexes (Matt Corallo)
0.13
Pieter Wuille 9 years ago
parent
d0badb916e 6e800c2b41
commit
93521a4f56
No known key found for this signature in database
GPG Key ID: DBA1A67379A1A931
5 changed files with 36 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      contrib/verify-commits/allow-revsig-commits
  2. 20
      contrib/verify-commits/gpg.sh
  3. 2
      contrib/verify-commits/pre-push-hook.sh
  4. 1
      contrib/verify-commits/trusted-keys
  5. 12
      contrib/verify-commits/verify-commits.sh

2
contrib/verify-commits/allow-revsig-commits
Unescape View File

@ -0,0 +1,2 @@ @@ -0,0 +1,2 @@
586a29253dabec3ca0f1ccba9091daabd16b8411
eddaba7b5692288087a926da5733e86b47274e4e

20
contrib/verify-commits/gpg.sh
Unescape View File

@ -1,15 +1,33 @@ @@ -1,15 +1,33 @@
#!/bin/sh
INPUT=$(</dev/stdin)
VALID=false
REVSIG=false
IFS=$'\n'
for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do
case "$LINE" in "[GNUPG:] VALIDSIG"*)
case "$LINE" in
"[GNUPG:] VALIDSIG "*)
while read KEY; do
case "$LINE" in "[GNUPG:] VALIDSIG $KEY "*) VALID=true;; esac
done < ./contrib/verify-commits/trusted-keys
;;
"[GNUPG:] REVKEYSIG "*)
[ "$BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG" != 1 ] && exit 1
while read KEY; do
case "$LINE" in "[GNUPG:] REVKEYSIG ${KEY:24:40} "*)
REVSIG=true
GOODREVSIG="[GNUPG:] GOODSIG ${KEY:24:40} "
;;
esac
done < ./contrib/verify-commits/trusted-keys
;;
esac
done
if ! $VALID; then
exit 1
fi
if $VALID && $REVSIG; then
echo "$INPUT" | gpg --trust-model always "$@" | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null
echo "$GOODREVSIG"
else
echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
fi

2
contrib/verify-commits/pre-push-hook.sh
Unescape View File

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
#!/bin/bash
if ! [[ "$2" =~ [git@]?[www.]?github.com[:|/]bitcoin/bitcoin[.git]? ]]; then
if ! [[ "$2" =~ ^(git@)?(www.)?github.com(:|/)bitcoin/bitcoin(.git)?$ ]]; then
exit 0
fi

1
contrib/verify-commits/trusted-keys
Unescape View File

@ -3,3 +3,4 @@ @@ -3,3 +3,4 @@
01CDF4627A3B88AAE4A571C87588242FBE38D3A8
AF8BE07C7049F3A26B239D5325B3083201782B2F
81291FA67D2C379A006A053FEAB5AF94D9E9ABE7
133EAC179436F14A5CF1B794860FEB804E669320

12
contrib/verify-commits/verify-commits.sh
Unescape View File

@ -7,11 +7,23 @@ git log "$DIR" @@ -7,11 +7,23 @@ git log "$DIR"
VERIFIED_ROOT=$(cat "${DIR}/trusted-git-root")
IS_REVSIG_ALLOWED () {
while read LINE; do
[ "$LINE" = "$1" ] && return 0
done < "${DIR}/allow-revsig-commits"
return 1
}
HAVE_FAILED=false
IS_SIGNED () {
if [ $1 = $VERIFIED_ROOT ]; then
return 0;
fi
if IS_REVSIG_ALLOWED "$1"; then
export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=1
else
export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0
fi
if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then
return 1;
fi

Write Preview
Loading…
Cancel
Save