diff options
author | Matt Corallo <git@bluematt.me> | 2015-10-23 02:05:42 -0700 |
---|---|---|
committer | Matt Corallo <git@bluematt.me> | 2015-10-23 02:05:42 -0700 |
commit | 1d94b72019e31066b33947af5709383b8075e43a (patch) | |
tree | e83ac333adc4b84830cc4482bcee2abde9a15e26 /contrib/verify-commits/gpg.sh | |
parent | 27252b73894d00f9dbe27b664159b2a999683069 (diff) |
Whitelist commits signed with Pieter's now-revoked key
Diffstat (limited to 'contrib/verify-commits/gpg.sh')
-rwxr-xr-x | contrib/verify-commits/gpg.sh | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/contrib/verify-commits/gpg.sh b/contrib/verify-commits/gpg.sh index 6b5137e7b5..0218b82e11 100755 --- a/contrib/verify-commits/gpg.sh +++ b/contrib/verify-commits/gpg.sh @@ -1,15 +1,33 @@ #!/bin/sh INPUT=$(</dev/stdin) VALID=false +REVSIG=false IFS=$'\n' for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do - case "$LINE" in "[GNUPG:] VALIDSIG"*) + case "$LINE" in + "[GNUPG:] VALIDSIG "*) while read KEY; do case "$LINE" in "[GNUPG:] VALIDSIG $KEY "*) VALID=true;; esac done < ./contrib/verify-commits/trusted-keys + ;; + "[GNUPG:] REVKEYSIG "*) + [ "$BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG" != 1 ] && exit 1 + while read KEY; do + case "$LINE" in "[GNUPG:] REVKEYSIG ${KEY:24:40} "*) + REVSIG=true + GOODREVSIG="[GNUPG:] GOODSIG ${KEY:24:40} " + ;; + esac + done < ./contrib/verify-commits/trusted-keys + ;; esac done if ! $VALID; then exit 1 fi -echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null +if $VALID && $REVSIG; then + echo "$INPUT" | gpg --trust-model always "$@" | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null + echo "$GOODREVSIG" +else + echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null +fi |