aboutsummaryrefslogtreecommitdiff
path: root/contrib/verify-commits/gpg.sh
diff options
context:
space:
mode:
authorMatt Corallo <git@bluematt.me>2015-10-23 02:05:42 -0700
committerMatt Corallo <git@bluematt.me>2015-10-23 02:05:42 -0700
commit1d94b72019e31066b33947af5709383b8075e43a (patch)
treee83ac333adc4b84830cc4482bcee2abde9a15e26 /contrib/verify-commits/gpg.sh
parent27252b73894d00f9dbe27b664159b2a999683069 (diff)
Whitelist commits signed with Pieter's now-revoked key
Diffstat (limited to 'contrib/verify-commits/gpg.sh')
-rwxr-xr-xcontrib/verify-commits/gpg.sh22
1 files changed, 20 insertions, 2 deletions
diff --git a/contrib/verify-commits/gpg.sh b/contrib/verify-commits/gpg.sh
index 6b5137e7b5..0218b82e11 100755
--- a/contrib/verify-commits/gpg.sh
+++ b/contrib/verify-commits/gpg.sh
@@ -1,15 +1,33 @@
#!/bin/sh
INPUT=$(</dev/stdin)
VALID=false
+REVSIG=false
IFS=$'\n'
for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do
- case "$LINE" in "[GNUPG:] VALIDSIG"*)
+ case "$LINE" in
+ "[GNUPG:] VALIDSIG "*)
while read KEY; do
case "$LINE" in "[GNUPG:] VALIDSIG $KEY "*) VALID=true;; esac
done < ./contrib/verify-commits/trusted-keys
+ ;;
+ "[GNUPG:] REVKEYSIG "*)
+ [ "$BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG" != 1 ] && exit 1
+ while read KEY; do
+ case "$LINE" in "[GNUPG:] REVKEYSIG ${KEY:24:40} "*)
+ REVSIG=true
+ GOODREVSIG="[GNUPG:] GOODSIG ${KEY:24:40} "
+ ;;
+ esac
+ done < ./contrib/verify-commits/trusted-keys
+ ;;
esac
done
if ! $VALID; then
exit 1
fi
-echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
+if $VALID && $REVSIG; then
+ echo "$INPUT" | gpg --trust-model always "$@" | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null
+ echo "$GOODREVSIG"
+else
+ echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
+fi