aboutsummaryrefslogtreecommitdiff
path: root/contrib/verify-commits/gpg.sh
diff options
context:
space:
mode:
authorMatt Corallo <git@bluematt.me>2017-02-27 14:13:39 -0500
committerMatt Corallo <git@bluematt.me>2017-03-04 09:41:15 -0500
commitd9c450ffb2a5a619ce11304f31427af9c9bf7a92 (patch)
tree5cd7cef12b36729e9061bdcca0fc8d30e5fb84af /contrib/verify-commits/gpg.sh
parentbe908a69bf74a74a263bde14c310b397abe6776f (diff)
Verify Tree-SHA512s in merge commits, enforce sigs are not SHA1
Diffstat (limited to 'contrib/verify-commits/gpg.sh')
-rwxr-xr-xcontrib/verify-commits/gpg.sh7
1 files changed, 6 insertions, 1 deletions
diff --git a/contrib/verify-commits/gpg.sh b/contrib/verify-commits/gpg.sh
index 09ff237544..4df8bee3b3 100755
--- a/contrib/verify-commits/gpg.sh
+++ b/contrib/verify-commits/gpg.sh
@@ -8,7 +8,12 @@ VALID=false
REVSIG=false
IFS='
'
-for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do
+if [ "$BITCOIN_VERIFY_COMMITS_ALLOW_SHA1" = 1 ]; then
+ GPG_RES="$(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null)"
+else
+ GPG_RES="$(echo "$INPUT" | gpg --trust-model always --weak-digest sha1 "$@" 2>/dev/null)"
+fi
+for LINE in $(echo "$GPG_RES"); do
case "$LINE" in
"[GNUPG:] VALIDSIG "*)
while read KEY; do