diff options
author | Wladimir J. van der Laan <laanwj@gmail.com> | 2017-03-07 10:51:38 +0100 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2017-03-07 10:51:52 +0100 |
commit | 00c13ea637d652e0a59eb53309fab915c8da95f9 (patch) | |
tree | 4211d1ba47968dad4bdee33ce74874c1da05f9ac | |
parent | 19be26afe3d04783a92d032b55bf3fb1e2ae63cc (diff) | |
parent | b3ec305f8e298b86507100cf28f9c240a0d2139f (diff) |
Merge #9932: Fix verify-commits on travis and always check top commit's tree
b3ec305 Fix bashisms in verify-commits and always check top commit's tree (Matt Corallo)
f20e664 Check gpg version before setting --weak-digest (Matt Corallo)
Tree-SHA512: f87247008ae6a265e3fd371f00aec0e84f1feb713bf5859eab139a88a4e205e1f26de7b510bcc2c3ab538d5443978a48ec920d25b52b9601e625d198fa2d725f
-rwxr-xr-x | contrib/verify-commits/gpg.sh | 18 | ||||
-rw-r--r-- | contrib/verify-commits/trusted-sha512-root-commit | 2 | ||||
-rwxr-xr-x | contrib/verify-commits/verify-commits.sh | 15 |
3 files changed, 24 insertions, 11 deletions
diff --git a/contrib/verify-commits/gpg.sh b/contrib/verify-commits/gpg.sh index 4342d7bd0f..b01e2a6d39 100755 --- a/contrib/verify-commits/gpg.sh +++ b/contrib/verify-commits/gpg.sh @@ -19,8 +19,20 @@ else # an attacker could construct a pull-req that results in a commit object that # they've created a collision for. Not the most likely attack, but preventing # it is pretty easy so we do so as a "belt-and-suspenders" measure. - - GPG_RES="$(echo "$INPUT" | gpg --trust-model always --weak-digest sha1 "$@" 2>/dev/null)" + GPG_RES="" + for LINE in "$(gpg --version)"; do + case "$LINE" in + "gpg (GnuPG) 1.4.1"*|"gpg (GnuPG) 2.0."*) + echo "Please upgrade to at least gpg 2.1.10 to check for weak signatures" > /dev/stderr + GPG_RES="$(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null)" + ;; + # We assume if you're running 2.1+, you're probably running 2.1.10+ + # gpg will fail otherwise + # We assume if you're running 1.X, it is either 1.4.1X or 1.4.20+ + # gpg will fail otherwise + esac + done + [ "$GPG_RES" = "" ] && GPG_RES="$(echo "$INPUT" | gpg --trust-model always --weak-digest sha1 "$@" 2>/dev/null)" fi for LINE in $(echo "$GPG_RES"); do case "$LINE" in @@ -40,7 +52,7 @@ if ! $VALID; then exit 1 fi if $VALID && $REVSIG; then - echo "$INPUT" | gpg --trust-model always "$@" | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null + echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" echo "$GOODREVSIG" else echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null diff --git a/contrib/verify-commits/trusted-sha512-root-commit b/contrib/verify-commits/trusted-sha512-root-commit index 189dc215e3..c28f50ff78 100644 --- a/contrib/verify-commits/trusted-sha512-root-commit +++ b/contrib/verify-commits/trusted-sha512-root-commit @@ -1 +1 @@ -b00ba6251f71fa1edaabdf809514e1bc3c67862e +f7ec7cfd38b543ba81ac7bed5b77f9a19739460b diff --git a/contrib/verify-commits/verify-commits.sh b/contrib/verify-commits/verify-commits.sh index 55eccf588a..40c9341445 100755 --- a/contrib/verify-commits/verify-commits.sh +++ b/contrib/verify-commits/verify-commits.sh @@ -43,11 +43,12 @@ IS_SIGNED () { export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0 fi - if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then + if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null; then return 1; fi - if [ "$VERIFY_TREE" = 1 ]; then + # We set $4 to 1 on the first call, always verifying the top of the tree + if [ "$VERIFY_TREE" = 1 -o "$4" = "1" ]; then IFS_CACHE="$IFS" IFS=' ' @@ -63,9 +64,10 @@ IS_SIGNED () { IFS="$IFS_CACHE" FILE_HASHES="" - for FILE in $(git ls-tree --full-tree -r --name-only $1 | LANG=C sort); do + for FILE in $(git ls-tree --full-tree -r --name-only $1 | LC_ALL=C sort); do HASH=$(git cat-file blob $1:"$FILE" | sha512sum | { read FIRST OTHER; echo $FIRST; } ) - [ "$FILE_HASHES" != "" ] && FILE_HASHES="$FILE_HASHES"$'\n' + [ "$FILE_HASHES" != "" ] && FILE_HASHES="$FILE_HASHES"' +' FILE_HASHES="$FILE_HASHES$HASH $FILE" done HASH_MATCHES=0 @@ -86,7 +88,7 @@ IS_SIGNED () { local PARENTS PARENTS=$(git show -s --format=format:%P $1) for PARENT in $PARENTS; do - if IS_SIGNED $PARENT $VERIFY_TREE $NO_SHA1; then + if IS_SIGNED $PARENT $VERIFY_TREE $NO_SHA1 0; then return 0; fi break @@ -111,10 +113,9 @@ fi DO_CHECKOUT_TEST=0 if [ x"$2" = "x--tree-checks" ]; then DO_CHECKOUT_TEST=1 - fi -IS_SIGNED "$TEST_COMMIT" "$DO_CHECKOUT_TEST" 1 +IS_SIGNED "$TEST_COMMIT" "$DO_CHECKOUT_TEST" 1 1 RES=$? if [ "$RES" = 1 ]; then if ! "$HAVE_FAILED"; then |