diff options
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/README.md | 3 | ||||
| -rw-r--r-- | contrib/bitrpc/bitrpc.py | 144 | ||||
| -rw-r--r-- | contrib/init/README.md | 1 | ||||
| -rw-r--r-- | contrib/init/bitcoind.init | 67 | ||||
| -rw-r--r-- | contrib/init/bitcoind.openrc | 6 | ||||
| -rwxr-xr-x | contrib/verify-commits/gpg.sh | 15 | ||||
| -rwxr-xr-x | contrib/verify-commits/pre-push-hook.sh | 16 | ||||
| -rw-r--r-- | contrib/verify-commits/trusted-git-root | 1 | ||||
| -rw-r--r-- | contrib/verify-commits/trusted-keys | 5 | ||||
| -rwxr-xr-x | contrib/verify-commits/verify-commits.sh | 51 |
10 files changed, 234 insertions, 75 deletions
diff --git a/contrib/README.md b/contrib/README.md index dae975e9ef..7d4b91e887 100644 --- a/contrib/README.md +++ b/contrib/README.md @@ -16,6 +16,9 @@ Repository Tools Specific tools for developers working on this repository. Contains the script `github-merge.sh` for merging github pull requests securely and signing them using GPG. +### [Verify-Commits](/contrib/verify-commits) ### +Tool to verify that every merge commit was signed by a developer using the above `github-merge.sh` script. + ### [Linearize](/contrib/linearize) ### Construct a linear, no-fork, best version of the blockchain. diff --git a/contrib/bitrpc/bitrpc.py b/contrib/bitrpc/bitrpc.py index 02577b1b6a..c3ce9d7936 100644 --- a/contrib/bitrpc/bitrpc.py +++ b/contrib/bitrpc/bitrpc.py @@ -20,9 +20,9 @@ if cmd == "backupwallet": try: path = raw_input("Enter destination path/filename: ") print access.backupwallet(path) - except: - print "\n---An error occurred---\n" - + except Exception as inst: + print inst + elif cmd == "encryptwallet": try: pwd = getpass.getpass(prompt="Enter passphrase: ") @@ -32,29 +32,29 @@ elif cmd == "encryptwallet": print "\n---Wallet encrypted. Server stopping, restart to run with encrypted wallet---\n" else: print "\n---Passphrases do not match---\n" - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getaccount": try: addr = raw_input("Enter a Bitcoin address: ") print access.getaccount(addr) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getaccountaddress": try: acct = raw_input("Enter an account name: ") print access.getaccountaddress(acct) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getaddressesbyaccount": try: acct = raw_input("Enter an account name: ") print access.getaddressesbyaccount(acct) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getbalance": try: @@ -64,57 +64,57 @@ elif cmd == "getbalance": print access.getbalance(acct, mc) except: print access.getbalance() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getblockbycount": try: height = raw_input("Height: ") print access.getblockbycount(height) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getblockcount": try: print access.getblockcount() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getblocknumber": try: print access.getblocknumber() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getconnectioncount": try: print access.getconnectioncount() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getdifficulty": try: print access.getdifficulty() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getgenerate": try: print access.getgenerate() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "gethashespersec": try: print access.gethashespersec() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getinfo": try: print access.getinfo() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getnewaddress": try: @@ -123,8 +123,8 @@ elif cmd == "getnewaddress": print access.getnewaddress(acct) except: print access.getnewaddress() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getreceivedbyaccount": try: @@ -134,8 +134,8 @@ elif cmd == "getreceivedbyaccount": print access.getreceivedbyaccount(acct, mc) except: print access.getreceivedbyaccount() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getreceivedbyaddress": try: @@ -145,15 +145,15 @@ elif cmd == "getreceivedbyaddress": print access.getreceivedbyaddress(addr, mc) except: print access.getreceivedbyaddress() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "gettransaction": try: txid = raw_input("Enter a transaction ID: ") print access.gettransaction(txid) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "getwork": try: @@ -162,8 +162,8 @@ elif cmd == "getwork": print access.gettransaction(data) except: print access.gettransaction() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "help": try: @@ -172,8 +172,8 @@ elif cmd == "help": print access.help(cmd) except: print access.help() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "listaccounts": try: @@ -182,8 +182,8 @@ elif cmd == "listaccounts": print access.listaccounts(mc) except: print access.listaccounts() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "listreceivedbyaccount": try: @@ -193,8 +193,8 @@ elif cmd == "listreceivedbyaccount": print access.listreceivedbyaccount(mc, incemp) except: print access.listreceivedbyaccount() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "listreceivedbyaddress": try: @@ -204,8 +204,8 @@ elif cmd == "listreceivedbyaddress": print access.listreceivedbyaddress(mc, incemp) except: print access.listreceivedbyaddress() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "listtransactions": try: @@ -216,8 +216,8 @@ elif cmd == "listtransactions": print access.listtransactions(acct, count, frm) except: print access.listtransactions() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "move": try: @@ -230,8 +230,8 @@ elif cmd == "move": print access.move(frm, to, amt, mc, comment) except: print access.move(frm, to, amt) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "sendfrom": try: @@ -245,8 +245,8 @@ elif cmd == "sendfrom": print access.sendfrom(frm, to, amt, mc, comment, commentto) except: print access.sendfrom(frm, to, amt) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "sendmany": try: @@ -258,8 +258,8 @@ elif cmd == "sendmany": print access.sendmany(frm,to,mc,comment) except: print access.sendmany(frm,to) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "sendtoaddress": try: @@ -271,16 +271,16 @@ elif cmd == "sendtoaddress": print access.sendtoaddress(to,amt,comment,commentto) except: print access.sendtoaddress(to,amt) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "setaccount": try: addr = raw_input("Address: ") acct = raw_input("Account:") print access.setaccount(addr,acct) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "setgenerate": try: @@ -290,36 +290,36 @@ elif cmd == "setgenerate": print access.setgenerate(gen, cpus) except: print access.setgenerate(gen) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "settxfee": try: amt = raw_input("Amount:") print access.settxfee(amt) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "stop": try: print access.stop() - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "validateaddress": try: addr = raw_input("Address: ") print access.validateaddress(addr) - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "walletpassphrase": try: pwd = getpass.getpass(prompt="Enter wallet passphrase: ") access.walletpassphrase(pwd, 60) print "\n---Wallet unlocked---\n" - except: - print "\n---An error occurred---\n" + except Exception as inst: + print inst elif cmd == "walletpassphrasechange": try: @@ -328,10 +328,8 @@ elif cmd == "walletpassphrasechange": access.walletpassphrasechange(pwd, pwd2) print print "\n---Passphrase changed---\n" - except: - print - print "\n---An error occurred---\n" - print + except Exception as inst: + print inst else: print "Command not found or not supported" diff --git a/contrib/init/README.md b/contrib/init/README.md index d3fa966583..0d19da3039 100644 --- a/contrib/init/README.md +++ b/contrib/init/README.md @@ -4,6 +4,7 @@ SystemD: bitcoind.service Upstart: bitcoind.conf OpenRC: bitcoind.openrc bitcoind.openrcconf +CentOS: bitcoind.init have been made available to assist packagers in creating node packages here. diff --git a/contrib/init/bitcoind.init b/contrib/init/bitcoind.init new file mode 100644 index 0000000000..db5061874b --- /dev/null +++ b/contrib/init/bitcoind.init @@ -0,0 +1,67 @@ +#!/bin/bash +# +# bitcoind The bitcoin core server. +# +# +# chkconfig: 345 80 20 +# description: bitcoind +# processname: bitcoind +# + +# Source function library. +. /etc/init.d/functions + +# you can override defaults in /etc/sysconfig/bitcoind, see below +if [ -f /etc/sysconfig/bitcoind ]; then + . /etc/sysconfig/bitcoind +fi + +RETVAL=0 + +prog=bitcoind +# you can override the lockfile via BITCOIND_LOCKFILE in /etc/sysconfig/bitcoind +lockfile=${BITCOIND_LOCKFILE-/var/lock/subsys/bitcoind} + +# bitcoind defaults to /usr/bin/bitcoind, override with BITCOIND_BIN +bitcoind=${BITCOIND_BIN-/usr/bin/bitcoind} + +# bitcoind opts default to -disablewallet, override with BITCOIND_OPTS +bitcoind_opts=${BITCOIND_OPTS--disablewallet} + +start() { + echo -n $"Starting $prog: " + daemon $DAEMONOPTS $bitcoind $bitcoind_opts + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch $lockfile + return $RETVAL +} + +stop() { + echo -n $"Stopping $prog: " + killproc $prog + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f $lockfile + return $RETVAL +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status $prog + ;; + restart) + stop + start + ;; + *) + echo "Usage: service $prog {start|stop|status|restart}" + exit 1 + ;; +esac diff --git a/contrib/init/bitcoind.openrc b/contrib/init/bitcoind.openrc index 1f7758c920..b0ac5e31e1 100644 --- a/contrib/init/bitcoind.openrc +++ b/contrib/init/bitcoind.openrc @@ -12,9 +12,11 @@ BITCOIND_CONFIGFILE=${BITCOIND_CONFIGFILE:-/etc/bitcoin/bitcoin.conf} BITCOIND_PIDDIR=${BITCOIND_PIDDIR:-/var/run/bitcoind} BITCOIND_PIDFILE=${BITCOIND_PIDFILE:-${BITCOIND_PIDDIR}/bitcoind.pid} BITCOIND_DATADIR=${BITCOIND_DATADIR:-${BITCOIND_DEFAULT_DATADIR}} -BITCOIND_USER=${BITCOIND_USER:-bitcoin} +BITCOIND_USER=${BITCOIND_USER:-${BITCOIN_USER:-bitcoin}} BITCOIND_GROUP=${BITCOIND_GROUP:-bitcoin} BITCOIND_BIN=${BITCOIND_BIN:-/usr/bin/bitcoind} +BITCOIND_NICE=${BITCOIND_NICE:-${NICELEVEL:-0}} +BITCOIND_OPTS="${BITCOIND_OPTS:-${BITCOIN_OPTS}}" name="Bitcoin Core Daemon" description="Bitcoin crypto-currency p2p network daemon" @@ -28,7 +30,7 @@ command_args="-pid=\"${BITCOIND_PIDFILE}\" \ required_files="${BITCOIND_CONFIGFILE}" start_stop_daemon_args="-u ${BITCOIND_USER} \ - -N ${BITCOIND_NICE:-0} -w 2000" + -N ${BITCOIND_NICE} -w 2000" pidfile="${BITCOIND_PIDFILE}" retry=60 diff --git a/contrib/verify-commits/gpg.sh b/contrib/verify-commits/gpg.sh new file mode 100755 index 0000000000..6b5137e7b5 --- /dev/null +++ b/contrib/verify-commits/gpg.sh @@ -0,0 +1,15 @@ +#!/bin/sh +INPUT=$(</dev/stdin) +VALID=false +IFS=$'\n' +for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do + case "$LINE" in "[GNUPG:] VALIDSIG"*) + while read KEY; do + case "$LINE" in "[GNUPG:] VALIDSIG $KEY "*) VALID=true;; esac + done < ./contrib/verify-commits/trusted-keys + esac +done +if ! $VALID; then + exit 1 +fi +echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null diff --git a/contrib/verify-commits/pre-push-hook.sh b/contrib/verify-commits/pre-push-hook.sh new file mode 100755 index 0000000000..607c0cac45 --- /dev/null +++ b/contrib/verify-commits/pre-push-hook.sh @@ -0,0 +1,16 @@ +#!/bin/bash +if ! [[ "$2" =~ [git@]?[www.]?github.com[:|/]bitcoin/bitcoin[.git]? ]]; then + exit 0 +fi + +while read LINE; do + set -- A $LINE + if [ "$4" != "refs/heads/master" ]; then + continue + fi + if ! ./contrib/verify-commits/verify-commits.sh $3 > /dev/null 2>&1; then + echo "ERROR: A commit is not signed, can't push" + ./contrib/verify-commits/verify-commits.sh + exit 1 + fi +done < /dev/stdin diff --git a/contrib/verify-commits/trusted-git-root b/contrib/verify-commits/trusted-git-root new file mode 100644 index 0000000000..eb13f8762e --- /dev/null +++ b/contrib/verify-commits/trusted-git-root @@ -0,0 +1 @@ +053038e5ba116cb319fb85f3cb3e062cf1b3df15 diff --git a/contrib/verify-commits/trusted-keys b/contrib/verify-commits/trusted-keys new file mode 100644 index 0000000000..658ad0375b --- /dev/null +++ b/contrib/verify-commits/trusted-keys @@ -0,0 +1,5 @@ +71A3B16735405025D447E8F274810B012346C9A6 +1F4410F6A89268CE3197A84C57896D2FF8F0B657 +01CDF4627A3B88AAE4A571C87588242FBE38D3A8 +AF8BE07C7049F3A26B239D5325B3083201782B2F +81291FA67D2C379A006A053FEAB5AF94D9E9ABE7 diff --git a/contrib/verify-commits/verify-commits.sh b/contrib/verify-commits/verify-commits.sh new file mode 100755 index 0000000000..5841fa2077 --- /dev/null +++ b/contrib/verify-commits/verify-commits.sh @@ -0,0 +1,51 @@ +#!/bin/sh + +DIR=$(dirname "$0") + +echo "Please verify all commits in the following list are not evil:" +git log "$DIR" + +VERIFIED_ROOT=$(cat "${DIR}/trusted-git-root") + +HAVE_FAILED=false +IS_SIGNED () { + if [ $1 = $VERIFIED_ROOT ]; then + return 0; + fi + if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then + return 1; + fi + local PARENTS=$(git show -s --format=format:%P $1) + for PARENT in $PARENTS; do + if IS_SIGNED $PARENT > /dev/null; then + return 0; + fi + done + if ! "$HAVE_FAILED"; then + echo "No parent of $1 was signed with a trusted key!" > /dev/stderr + echo "Parents are:" > /dev/stderr + for PARENT in $PARENTS; do + git show -s $PARENT > /dev/stderr + done + HAVE_FAILED=true + fi + return 1; +} + +if [ x"$1" = "x" ]; then + TEST_COMMIT="HEAD" +else + TEST_COMMIT="$1" +fi + +IS_SIGNED "$TEST_COMMIT" +RES=$? +if [ "$RES" = 1 ]; then + if ! "$HAVE_FAILED"; then + echo "$TEST_COMMIT was not signed with a trusted key!" + fi +else + echo "There is a valid path from $TEST_COMMIT to $VERIFIED_ROOT where all commits are signed!" +fi + +exit $RES |