Merge #9880: Verify Tree-SHA512s in merge commits, enforce sigs are not SHA1

bbd7579 Fix regsig checking for subkey sigs in verify-commits (Matt Corallo)
d025bc7 Allow any subkey in verify-commits (Matt Corallo)
eddc77a Add comment re: why SHA1 is disabled (Peter Todd)
d9c450f Verify Tree-SHA512s in merge commits, enforce sigs are not SHA1 (Matt Corallo)
be908a6 Fail merge if there are any symlinks (Matt Corallo)

Tree-SHA512: bb66c59cc1c6b1c86d7d8be7adb0769c6598c0e28ad927409941f30af87d390521e82fc13700ee22e92db1bd571db3e19a152ec7b2c0349c6e06f5de62c0b65f

1 files changed, 14 insertions, 0 deletions

diff --git a/contrib/devtools/github-merge.py b/contrib/devtools/github-merge.py
index bea012d556..933bdc2b9d 100755
--- a/contrib/devtools/github-merge.py
+++ b/contrib/devtools/github-merge.py
@@ -70,6 +70,14 @@ def ask_prompt(text):
     print("",file=stderr)
     return reply
 
+def get_symlink_files():
+    files = sorted(subprocess.check_output([GIT, 'ls-tree', '--full-tree', '-r', 'HEAD']).splitlines())
+    ret = []
+    for f in files:
+        if (int(f.decode('utf-8').split(" ")[0], 8) & 0o170000) == 0o120000:
+            ret.append(f.decode('utf-8').split("\t")[1])
+    return ret
+
 def tree_sha512sum():
     files = sorted(subprocess.check_output([GIT, 'ls-tree', '--full-tree', '-r', '--name-only', 'HEAD']).splitlines())
     overall = hashlib.sha512()
@@ -200,6 +208,12 @@ def main():
             print("ERROR: Creating merge failed (already merged?).",file=stderr)
             exit(4)
 
+        symlink_files = get_symlink_files()
+        for f in symlink_files;
+            print("ERROR: File %s was a symlink" % f)
+        if len(symlink_files) > 0:
+            exit(4)
+
         # Put tree SHA512 into the message
         try:
             first_sha512 = tree_sha512sum()