aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Corallo <git@bluematt.me>2014-10-27 00:07:25 -0700
committerMatt Corallo <git@bluematt.me>2014-12-20 00:39:42 -0500
commitadaa568722e59cde510c5fe1997c49cbb9d7db12 (patch)
treed392d4c3467c229e54d19c835c9bd497e6917aff
parent13c077c7cfe9f367c721f3d99924b3d568afb4d0 (diff)
Add script to verify all merge commits are signed
-rw-r--r--contrib/README.md3
-rwxr-xr-xcontrib/verify-commits/gpg.sh15
-rwxr-xr-xcontrib/verify-commits/pre-push-hook.sh16
-rw-r--r--contrib/verify-commits/trusted-git-root1
-rw-r--r--contrib/verify-commits/trusted-keys5
-rwxr-xr-xcontrib/verify-commits/verify-commits.sh51
6 files changed, 91 insertions, 0 deletions
diff --git a/contrib/README.md b/contrib/README.md
index dae975e9ef..7d4b91e887 100644
--- a/contrib/README.md
+++ b/contrib/README.md
@@ -16,6 +16,9 @@ Repository Tools
Specific tools for developers working on this repository.
Contains the script `github-merge.sh` for merging github pull requests securely and signing them using GPG.
+### [Verify-Commits](/contrib/verify-commits) ###
+Tool to verify that every merge commit was signed by a developer using the above `github-merge.sh` script.
+
### [Linearize](/contrib/linearize) ###
Construct a linear, no-fork, best version of the blockchain.
diff --git a/contrib/verify-commits/gpg.sh b/contrib/verify-commits/gpg.sh
new file mode 100755
index 0000000000..6b5137e7b5
--- /dev/null
+++ b/contrib/verify-commits/gpg.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+INPUT=$(</dev/stdin)
+VALID=false
+IFS=$'\n'
+for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do
+ case "$LINE" in "[GNUPG:] VALIDSIG"*)
+ while read KEY; do
+ case "$LINE" in "[GNUPG:] VALIDSIG $KEY "*) VALID=true;; esac
+ done < ./contrib/verify-commits/trusted-keys
+ esac
+done
+if ! $VALID; then
+ exit 1
+fi
+echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
diff --git a/contrib/verify-commits/pre-push-hook.sh b/contrib/verify-commits/pre-push-hook.sh
new file mode 100755
index 0000000000..607c0cac45
--- /dev/null
+++ b/contrib/verify-commits/pre-push-hook.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+if ! [[ "$2" =~ [git@]?[www.]?github.com[:|/]bitcoin/bitcoin[.git]? ]]; then
+ exit 0
+fi
+
+while read LINE; do
+ set -- A $LINE
+ if [ "$4" != "refs/heads/master" ]; then
+ continue
+ fi
+ if ! ./contrib/verify-commits/verify-commits.sh $3 > /dev/null 2>&1; then
+ echo "ERROR: A commit is not signed, can't push"
+ ./contrib/verify-commits/verify-commits.sh
+ exit 1
+ fi
+done < /dev/stdin
diff --git a/contrib/verify-commits/trusted-git-root b/contrib/verify-commits/trusted-git-root
new file mode 100644
index 0000000000..eb13f8762e
--- /dev/null
+++ b/contrib/verify-commits/trusted-git-root
@@ -0,0 +1 @@
+053038e5ba116cb319fb85f3cb3e062cf1b3df15
diff --git a/contrib/verify-commits/trusted-keys b/contrib/verify-commits/trusted-keys
new file mode 100644
index 0000000000..658ad0375b
--- /dev/null
+++ b/contrib/verify-commits/trusted-keys
@@ -0,0 +1,5 @@
+71A3B16735405025D447E8F274810B012346C9A6
+1F4410F6A89268CE3197A84C57896D2FF8F0B657
+01CDF4627A3B88AAE4A571C87588242FBE38D3A8
+AF8BE07C7049F3A26B239D5325B3083201782B2F
+81291FA67D2C379A006A053FEAB5AF94D9E9ABE7
diff --git a/contrib/verify-commits/verify-commits.sh b/contrib/verify-commits/verify-commits.sh
new file mode 100755
index 0000000000..5841fa2077
--- /dev/null
+++ b/contrib/verify-commits/verify-commits.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+DIR=$(dirname "$0")
+
+echo "Please verify all commits in the following list are not evil:"
+git log "$DIR"
+
+VERIFIED_ROOT=$(cat "${DIR}/trusted-git-root")
+
+HAVE_FAILED=false
+IS_SIGNED () {
+ if [ $1 = $VERIFIED_ROOT ]; then
+ return 0;
+ fi
+ if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then
+ return 1;
+ fi
+ local PARENTS=$(git show -s --format=format:%P $1)
+ for PARENT in $PARENTS; do
+ if IS_SIGNED $PARENT > /dev/null; then
+ return 0;
+ fi
+ done
+ if ! "$HAVE_FAILED"; then
+ echo "No parent of $1 was signed with a trusted key!" > /dev/stderr
+ echo "Parents are:" > /dev/stderr
+ for PARENT in $PARENTS; do
+ git show -s $PARENT > /dev/stderr
+ done
+ HAVE_FAILED=true
+ fi
+ return 1;
+}
+
+if [ x"$1" = "x" ]; then
+ TEST_COMMIT="HEAD"
+else
+ TEST_COMMIT="$1"
+fi
+
+IS_SIGNED "$TEST_COMMIT"
+RES=$?
+if [ "$RES" = 1 ]; then
+ if ! "$HAVE_FAILED"; then
+ echo "$TEST_COMMIT was not signed with a trusted key!"
+ fi
+else
+ echo "There is a valid path from $TEST_COMMIT to $VERIFIED_ROOT where all commits are signed!"
+fi
+
+exit $RES