faf316a43f
Marco Falke's old key expired, causing a travis error while verifying
commits 36afd4db4442c45d4078b1a7ad16a1872b5bee0d and before:
gpg: Good signature from "Marco Falke <marco.falke@tum.de>" [unknown]
gpg: aka "Marco Falke <falke.marco@gmail.com>" [unknown]
gpg: Note: This key has expired!
Primary key fingerprint: B8B3 F1C0 E58C 15DB 6A81 D30C 3648 A882 F431 6B9B
Subkey fingerprint: FE09 B823 E6D8 3A3B C798 3EAA 2D7F 2372 E50F E137
Update the trusted root commit to the commit after that, to fix
this issue.
(cherry picked from commit 7deba93bdc76616011a9f493cbc203d60084416f)
Tooling for verification of PGP signed commits
This is an incomplete work in progress, but currently includes a pre-push hook
script (pre-push-hook.sh) for maintainers to ensure that their own commits
are PGP signed (nearly always merge commits), as well as a script to verify
commits against a trusted keys list.
Using verify-commits.sh safely
Remember that you can't use an untrusted script to verify itself. This means
that checking out code, then running verify-commits.sh against HEAD is
not safe, because the version of verify-commits.sh that you just ran could
be backdoored. Instead, you need to use a trusted version of verify-commits
prior to checkout to make sure you're checking out only code signed by trusted
keys:
git fetch origin && \
./contrib/verify-commits/verify-commits.sh origin/master && \
git checkout origin/master
Note that the above isn't a good UI/UX yet, and needs significant improvements to make it more convenient and reduce the chance of errors; pull-reqs improving this process would be much appreciated.