aboutsummaryrefslogtreecommitdiff
path: root/contrib/verify-commits/README.md
diff options
context:
space:
mode:
authorChun Kuan Lee <ken2812221@gmail.com>2018-05-10 16:22:58 +0000
committerChun Kuan Lee <ken2812221@gmail.com>2018-06-12 14:48:02 +0000
commite5b2cd8e7564b9fc2ed4f63fe49efb0af60b4460 (patch)
tree5355f07d0bf219960a672e34cc7501b614936e7d /contrib/verify-commits/README.md
parente24bf1ce184bc8d5bba70a3f3e9c43c2df07f4d3 (diff)
Use python instead of slow shell script on verify-commits
Diffstat (limited to 'contrib/verify-commits/README.md')
-rw-r--r--contrib/verify-commits/README.md10
1 files changed, 5 insertions, 5 deletions
diff --git a/contrib/verify-commits/README.md b/contrib/verify-commits/README.md
index fa492fdd27..aa805ad1b9 100644
--- a/contrib/verify-commits/README.md
+++ b/contrib/verify-commits/README.md
@@ -7,18 +7,18 @@ are PGP signed (nearly always merge commits), as well as a script to verify
commits against a trusted keys list.
-Using verify-commits.sh safely
+Using verify-commits.py safely
------------------------------
Remember that you can't use an untrusted script to verify itself. This means
-that checking out code, then running `verify-commits.sh` against `HEAD` is
-_not_ safe, because the version of `verify-commits.sh` that you just ran could
+that checking out code, then running `verify-commits.py` against `HEAD` is
+_not_ safe, because the version of `verify-commits.py` that you just ran could
be backdoored. Instead, you need to use a trusted version of verify-commits
prior to checkout to make sure you're checking out only code signed by trusted
keys:
git fetch origin && \
- ./contrib/verify-commits/verify-commits.sh origin/master && \
+ ./contrib/verify-commits/verify-commits.py origin/master && \
git checkout origin/master
Note that the above isn't a good UI/UX yet, and needs significant improvements
@@ -42,6 +42,6 @@ said key. In order to avoid bumping the root-of-trust `trusted-git-root`
file, individual commits which were signed by such a key can be added to the
`allow-revsig-commits` file. That way, the PGP signatures are still verified
but no new commits can be signed by any expired/revoked key. To easily build a
-list of commits which need to be added, verify-commits.sh can be edited to test
+list of commits which need to be added, verify-commits.py can be edited to test
each commit with BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG set to both 1 and 0, and
those which need it set to 1 printed.