Merge pull request #5149

adaa568 Add script to verify all merge commits are signed (Matt Corallo)
10 years ago · c7abfa595d
6 changed files with 91 additions and 0 deletions
--- a/contrib/README.md
+++ b/contrib/README.md
@ -16,6 +16,9 @@ Repository Tools
				@@ -16,6 +16,9 @@ Repository Tools
 Specific tools for developers working on this repository.
 Contains the script `github-merge.sh` for merging github pull requests securely and signing them using GPG.

+### [Verify-Commits](/contrib/verify-commits) ###
+Tool to verify that every merge commit was signed by a developer using the above `github-merge.sh` script.
+
 ### [Linearize](/contrib/linearize) ###
 Construct a linear, no-fork, best version of the blockchain.

--- a/contrib/verify-commits/gpg.sh
+++ b/contrib/verify-commits/gpg.sh
@ -0,0 +1,15 @@
				@@ -0,0 +1,15 @@
+#!/bin/sh
+INPUT=$(</dev/stdin)
+VALID=false
+IFS=$'\n'
+for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do
+	case "$LINE" in "[GNUPG:] VALIDSIG"*)
+		while read KEY; do
+			case "$LINE" in "[GNUPG:] VALIDSIG $KEY "*) VALID=true;; esac
+		done < ./contrib/verify-commits/trusted-keys
+	esac
+done
+if ! $VALID; then
+	exit 1
+fi
+echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
--- a/contrib/verify-commits/pre-push-hook.sh
+++ b/contrib/verify-commits/pre-push-hook.sh
@ -0,0 +1,16 @@
				@@ -0,0 +1,16 @@
+#!/bin/bash
+if ! [[ "$2" =~ [git@]?[www.]?github.com[:|/]bitcoin/bitcoin[.git]? ]]; then
+    exit 0
+fi
+
+while read LINE; do
+    set -- A $LINE
+    if [ "$4" != "refs/heads/master" ]; then
+        continue
+    fi
+    if ! ./contrib/verify-commits/verify-commits.sh $3 > /dev/null 2>&1; then
+        echo "ERROR: A commit is not signed, can't push"
+        ./contrib/verify-commits/verify-commits.sh
+        exit 1
+    fi
+done < /dev/stdin
--- a/contrib/verify-commits/trusted-git-root
+++ b/contrib/verify-commits/trusted-git-root
@ -0,0 +1 @@
				@@ -0,0 +1 @@
+053038e5ba116cb319fb85f3cb3e062cf1b3df15
--- a/contrib/verify-commits/trusted-keys
+++ b/contrib/verify-commits/trusted-keys
@ -0,0 +1,5 @@
				@@ -0,0 +1,5 @@
+71A3B16735405025D447E8F274810B012346C9A6
+1F4410F6A89268CE3197A84C57896D2FF8F0B657
+01CDF4627A3B88AAE4A571C87588242FBE38D3A8
+AF8BE07C7049F3A26B239D5325B3083201782B2F
+81291FA67D2C379A006A053FEAB5AF94D9E9ABE7
--- a/contrib/verify-commits/verify-commits.sh
+++ b/contrib/verify-commits/verify-commits.sh
@ -0,0 +1,51 @@
				@@ -0,0 +1,51 @@
+#!/bin/sh
+
+DIR=$(dirname "$0")
+
+echo "Please verify all commits in the following list are not evil:"
+git log "$DIR"
+
+VERIFIED_ROOT=$(cat "${DIR}/trusted-git-root")
+
+HAVE_FAILED=false
+IS_SIGNED () {
+	if [ $1 = $VERIFIED_ROOT ]; then
+		return 0;
+	fi
+	if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then
+		return 1;
+	fi
+	local PARENTS=$(git show -s --format=format:%P $1)
+	for PARENT in $PARENTS; do
+		if IS_SIGNED $PARENT > /dev/null; then
+			return 0;
+		fi
+	done
+	if ! "$HAVE_FAILED"; then
+		echo "No parent of $1 was signed with a trusted key!" > /dev/stderr
+		echo "Parents are:" > /dev/stderr
+		for PARENT in $PARENTS; do
+			git show -s $PARENT > /dev/stderr
+		done
+		HAVE_FAILED=true
+	fi
+	return 1;
+}
+
+if [ x"$1" = "x" ]; then
+	TEST_COMMIT="HEAD"
+else
+	TEST_COMMIT="$1"
+fi
+
+IS_SIGNED "$TEST_COMMIT"
+RES=$?
+if [ "$RES" = 1 ]; then
+	if ! "$HAVE_FAILED"; then
+		echo "$TEST_COMMIT was not signed with a trusted key!"
+	fi
+else
+	echo "There is a valid path from $TEST_COMMIT to $VERIFIED_ROOT where all commits are signed!"
+fi
+
+exit $RES
				`@ -0,0 +1 @@` @@ -0,0 +1 @@
				`053038e5ba116cb319fb85f3cb3e062cf1b3df15`