kvazar
/
kevacoin
mirror of https://github.com/kvazar-network/kevacoin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge #7713: Fixes for verify-commits script 

1e9aab0 Remove sipa's old revoked key from verify-commits (Peter Todd)
966151e Add README for verify-commits (Peter Todd)
11164ec Remove keys that are no longer used for merging (Peter Todd)
22421fa Remove pointless warning (Peter Todd)
9523e8a Make verify-commits path-independent (Matt Corallo)
f7d4a25 Make verify-commits POSIX-compliant (Matt Corallo)
0.13
Wladimir J. van der Laan 9 years ago
parent
a6ddb19bd9 1e9aab0dbf
commit
f6598df765
No known key found for this signature in database
GPG Key ID: 74810B012346C9A6
6 changed files with 39 additions and 24 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      contrib/verify-commits/README.md
  2. 2
      contrib/verify-commits/allow-revsig-commits
  3. 10
      contrib/verify-commits/gpg.sh
  4. 2
      contrib/verify-commits/trusted-git-root
  5. 4
      contrib/verify-commits/trusted-keys
  6. 19
      contrib/verify-commits/verify-commits.sh

26
contrib/verify-commits/README.md
Unescape View File

@ -0,0 +1,26 @@
Tooling for verification of PGP signed commits
----------------------------------------------
This is an incomplete work in progress, but currently includes a pre-push hook
script (`pre-push-hook.sh`) for maintainers to ensure that their own commits
are PGP signed (nearly always merge commits), as well as a script to verify
commits against a trusted keys list.
Using verify-commits.sh safely
------------------------------
Remember that you can't use an untrusted script to verify itself. This means
that checking out code, then running `verify-commits.sh` against `HEAD` is
_not_ safe, because the version of `verify-commits.sh` that you just ran could
be backdoored. Instead, you need to use a trusted version of verify-commits
prior to checkout to make sure you're checking out only code signed by trusted
keys:
git fetch origin && \
./contrib/verify-commits/verify-commits.sh origin/master && \
git checkout origin/master
Note that the above isn't a good UI/UX yet, and needs significant improvements
to make it more convenient and reduce the chance of errors; pull-reqs
improving this process would be much appreciated.

2
contrib/verify-commits/allow-revsig-commits
Unescape View File

@ -1,2 +0,0 @@
586a29253dabec3ca0f1ccba9091daabd16b8411
eddaba7b5692288087a926da5733e86b47274e4e

10
contrib/verify-commits/gpg.sh
Unescape View File

@ -1,8 +1,9 @@
#!/bin/sh #!/bin/sh
INPUT=$(</dev/stdin) INPUT=$(cat /dev/stdin)
VALID=false VALID=false
REVSIG=false REVSIG=false
IFS=$'\n' IFS='
'
for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do
case "$LINE" in case "$LINE" in
"[GNUPG:] VALIDSIG "*) "[GNUPG:] VALIDSIG "*)
@ -13,10 +14,9 @@ for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do
"[GNUPG:] REVKEYSIG "*) "[GNUPG:] REVKEYSIG "*)
[ "$BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG" != 1 ] && exit 1 [ "$BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG" != 1 ] && exit 1
while read KEY; do while read KEY; do
case "$LINE" in "[GNUPG:] REVKEYSIG ${KEY:24:40} "*) case "$LINE" in "[GNUPG:] REVKEYSIG ${KEY#????????????????????????} "*)
REVSIG=true REVSIG=true
GOODREVSIG="[GNUPG:] GOODSIG ${KEY:24:40} " GOODREVSIG="[GNUPG:] GOODSIG ${KEY#????????????????????????} "
;;
esac esac
done < ./contrib/verify-commits/trusted-keys done < ./contrib/verify-commits/trusted-keys
;; ;;

2
contrib/verify-commits/trusted-git-root
Unescape View File

@ -1 +1 @@
165e323d851cc87213c7673c6f278e87a6f2e752 82bcf405f6db1d55b684a1f63a4aabad376cdad7

4
contrib/verify-commits/trusted-keys
Unescape View File

@ -1,8 +1,4 @@
71A3B16735405025D447E8F274810B012346C9A6 71A3B16735405025D447E8F274810B012346C9A6
1F4410F6A89268CE3197A84C57896D2FF8F0B657
01CDF4627A3B88AAE4A571C87588242FBE38D3A8
AF8BE07C7049F3A26B239D5325B3083201782B2F
81291FA67D2C379A006A053FEAB5AF94D9E9ABE7
3F1888C6DCA92A6499C4911FDBA1A67379A1A931 3F1888C6DCA92A6499C4911FDBA1A67379A1A931
32EE5C4C3FA15CCADB46ABE529D4BCB6416F53EC 32EE5C4C3FA15CCADB46ABE529D4BCB6416F53EC
FE09B823E6D83A3BC7983EAA2D7F2372E50FE137 FE09B823E6D83A3BC7983EAA2D7F2372E50FE137

19
contrib/verify-commits/verify-commits.sh
Unescape View File

@ -1,25 +1,19 @@
#!/bin/sh #!/bin/sh
# Not technically POSIX-compliant due to use of "local", but almost every
# shell anyone uses today supports it, so its probably fine
DIR=$(dirname "$0") DIR=$(dirname "$0")
[ "/${DIR#/}" != "$DIR" ] && DIR=$(dirname "$(pwd)/$0")
echo "Please verify all commits in the following list are not evil:"
git log "$DIR"
VERIFIED_ROOT=$(cat "${DIR}/trusted-git-root") VERIFIED_ROOT=$(cat "${DIR}/trusted-git-root")
REVSIG_ALLOWED=$(cat "${DIR}/allow-revsig-commits")
IS_REVSIG_ALLOWED () {
while read LINE; do
[ "$LINE" = "$1" ] && return 0
done < "${DIR}/allow-revsig-commits"
return 1
}
HAVE_FAILED=false HAVE_FAILED=false
IS_SIGNED () { IS_SIGNED () {
if [ $1 = $VERIFIED_ROOT ]; then if [ $1 = $VERIFIED_ROOT ]; then
return 0; return 0;
fi fi
if IS_REVSIG_ALLOWED "$1"; then if [ "${REVSIG_ALLOWED#*$1}" != "$REVSIG_ALLOWED" ]; then
export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=1 export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=1
else else
export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0 export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0
@ -27,7 +21,8 @@ IS_SIGNED () {
if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then
return 1; return 1;
fi fi
local PARENTS=$(git show -s --format=format:%P $1) local PARENTS
PARENTS=$(git show -s --format=format:%P $1)
for PARENT in $PARENTS; do for PARENT in $PARENTS; do
if IS_SIGNED $PARENT > /dev/null; then if IS_SIGNED $PARENT > /dev/null; then
return 0; return 0;

Write Preview
Loading…
Cancel
Save