diff options
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/debian/copyright | 2 | ||||
-rw-r--r-- | contrib/devtools/README.md | 20 | ||||
-rwxr-xr-x | contrib/devtools/clang-format-diff.py | 2 | ||||
-rwxr-xr-x | contrib/devtools/copyright_header.py | 2 | ||||
-rwxr-xr-x | contrib/devtools/github-merge.py | 25 | ||||
-rwxr-xr-x | contrib/devtools/update-translations.py | 2 | ||||
-rwxr-xr-x | contrib/gitian-build.py | 4 | ||||
-rwxr-xr-x | contrib/install_db4.sh | 2 | ||||
-rwxr-xr-x | contrib/linearize/linearize-data.py | 1 | ||||
-rwxr-xr-x | contrib/linearize/linearize-hashes.py | 8 | ||||
-rwxr-xr-x | contrib/macdeploy/custom_dsstore.py | 2 | ||||
-rw-r--r-- | contrib/verify-commits/README.md | 17 | ||||
-rwxr-xr-x | contrib/verify-commits/verify-commits.py | 2 |
13 files changed, 61 insertions, 28 deletions
diff --git a/contrib/debian/copyright b/contrib/debian/copyright index e5b9cbaa40..2d5b0188d2 100644 --- a/contrib/debian/copyright +++ b/contrib/debian/copyright @@ -5,7 +5,7 @@ Upstream-Contact: Satoshi Nakamoto <satoshin@gmx.com> Source: https://github.com/bitcoin/bitcoin Files: * -Copyright: 2009-2018, Bitcoin Core Developers +Copyright: 2009-2019, Bitcoin Core Developers License: Expat Comment: The Bitcoin Core Developers encompasses the current developers listed on bitcoin.org, as well as the numerous contributors to the project. diff --git a/contrib/devtools/README.md b/contrib/devtools/README.md index a0b6225345..6ee65f40be 100644 --- a/contrib/devtools/README.md +++ b/contrib/devtools/README.md @@ -119,7 +119,25 @@ Configuring the github-merge tool for the bitcoin repository is done in the foll git config githubmerge.repository bitcoin/bitcoin git config githubmerge.testcmd "make -j4 check" (adapt to whatever you want to use for testing) - git config --global user.signingkey mykeyid (if you want to GPG sign) + git config --global user.signingkey mykeyid + +Authentication (optional) +-------------------------- + +The API request limit for unauthenticated requests is quite low, but the +limit for authenticated requests is much higher. If you start running +into rate limiting errors it can be useful to set an authentication token +so that the script can authenticate requests. + +- First, go to [Personal access tokens](https://github.com/settings/tokens). +- Click 'Generate new token'. +- Fill in an arbitrary token description. No further privileges are needed. +- Click the `Generate token` button at the bottom of the form. +- Copy the generated token (should be a hexadecimal string) + +Then do: + + git config --global user.ghtoken "pasted token" Create and verify timestamps of merge commits --------------------------------------------- diff --git a/contrib/devtools/clang-format-diff.py b/contrib/devtools/clang-format-diff.py index 77e845a9b4..f322b3a880 100755 --- a/contrib/devtools/clang-format-diff.py +++ b/contrib/devtools/clang-format-diff.py @@ -109,7 +109,7 @@ def main(): match = re.search('^\+\+\+\ (.*?/){%s}(\S*)' % args.p, line) if match: filename = match.group(2) - if filename == None: + if filename is None: continue if args.regex is not None: diff --git a/contrib/devtools/copyright_header.py b/contrib/devtools/copyright_header.py index 2d539ffe43..6d7a592f01 100755 --- a/contrib/devtools/copyright_header.py +++ b/contrib/devtools/copyright_header.py @@ -491,7 +491,7 @@ def get_git_change_year_range(filename): def file_already_has_core_copyright(file_lines): index, _ = get_updatable_copyright_line(file_lines) - return index != None + return index is not None ################################################################################ # insert header execution diff --git a/contrib/devtools/github-merge.py b/contrib/devtools/github-merge.py index 4e90f85f50..ab834b7623 100755 --- a/contrib/devtools/github-merge.py +++ b/contrib/devtools/github-merge.py @@ -14,7 +14,6 @@ # In case of a clean merge that is accepted by the user, the local branch with # name $BRANCH is overwritten with the merged result, and optionally pushed. -from __future__ import division,print_function,unicode_literals import os from sys import stdin,stdout,stderr import argparse @@ -23,10 +22,8 @@ import subprocess import sys import json import codecs -try: - from urllib.request import Request,urlopen -except: - from urllib2 import Request,urlopen +from urllib.request import Request, urlopen +from urllib.error import HTTPError # External tools (can be overridden using environment) GIT = os.getenv('GIT','git') @@ -50,17 +47,24 @@ def git_config_get(option, default=None): except subprocess.CalledProcessError: return default -def retrieve_pr_info(repo,pull): +def retrieve_pr_info(repo,pull,ghtoken): ''' Retrieve pull request information from github. Return None if no title can be found, or an error happens. ''' try: req = Request("https://api.github.com/repos/"+repo+"/pulls/"+pull) + if ghtoken is not None: + req.add_header('Authorization', 'token ' + ghtoken) result = urlopen(req) reader = codecs.getreader('utf-8') obj = json.load(reader(result)) return obj + except HTTPError as e: + error_message = e.read() + print('Warning: unable to retrieve pull information from github: %s' % e) + print('Detailed error: %s' % error_message) + return None except Exception as e: print('Warning: unable to retrieve pull information from github: %s' % e) return None @@ -138,6 +142,7 @@ def parse_arguments(): In addition, you can set the following git configuration variables: githubmerge.repository (mandatory), user.signingkey (mandatory), + user.ghtoken (default: none). githubmerge.host (default: git@github.com), githubmerge.branch (no default), githubmerge.testcmd (default: none). @@ -156,6 +161,7 @@ def main(): host = git_config_get('githubmerge.host','git@github.com') opt_branch = git_config_get('githubmerge.branch',None) testcmd = git_config_get('githubmerge.testcmd') + ghtoken = git_config_get('user.ghtoken') signingkey = git_config_get('user.signingkey') if repo is None: print("ERROR: No repository configured. Use this command to set:", file=stderr) @@ -166,14 +172,17 @@ def main(): print("git config --global user.signingkey <key>",file=stderr) sys.exit(1) - host_repo = host+":"+repo # shortcut for push/pull target + if host.startswith(('https:','http:')): + host_repo = host+"/"+repo+".git" + else: + host_repo = host+":"+repo # Extract settings from command line args = parse_arguments() pull = str(args.pull[0]) # Receive pull information from github - info = retrieve_pr_info(repo,pull) + info = retrieve_pr_info(repo,pull,ghtoken) if info is None: sys.exit(1) title = info['title'].strip() diff --git a/contrib/devtools/update-translations.py b/contrib/devtools/update-translations.py index f0098cfcdf..1b9d3a4c27 100755 --- a/contrib/devtools/update-translations.py +++ b/contrib/devtools/update-translations.py @@ -125,7 +125,7 @@ def escape_cdata(text): return text def contains_bitcoin_addr(text, errors): - if text != None and ADDRESS_REGEXP.search(text) != None: + if text is not None and ADDRESS_REGEXP.search(text) is not None: errors.append('Translation "%s" contains a bitcoin address. This will be removed.' % (text)) return True return False diff --git a/contrib/gitian-build.py b/contrib/gitian-build.py index faf8b014aa..fc7fbb764d 100755 --- a/contrib/gitian-build.py +++ b/contrib/gitian-build.py @@ -51,8 +51,10 @@ def build(): os.chdir('gitian-builder') os.makedirs('inputs', exist_ok=True) - subprocess.check_call(['wget', '-N', '-P', 'inputs', 'http://downloads.sourceforge.net/project/osslsigncode/osslsigncode/osslsigncode-1.7.1.tar.gz']) + subprocess.check_call(['wget', '-N', '-P', 'inputs', 'https://downloads.sourceforge.net/project/osslsigncode/osslsigncode/osslsigncode-1.7.1.tar.gz']) subprocess.check_call(['wget', '-N', '-P', 'inputs', 'https://bitcoincore.org/cfields/osslsigncode-Backports-to-1.7.1.patch']) + subprocess.check_call(["echo 'a8c4e9cafba922f89de0df1f2152e7be286aba73f78505169bc351a7938dd911 inputs/osslsigncode-Backports-to-1.7.1.patch' | sha256sum -c"], shell=True) + subprocess.check_call(["echo 'f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 inputs/osslsigncode-1.7.1.tar.gz' | sha256sum -c"], shell=True) subprocess.check_call(['make', '-C', '../bitcoin/depends', 'download', 'SOURCES_PATH=' + os.getcwd() + '/cache/common']) if args.linux: diff --git a/contrib/install_db4.sh b/contrib/install_db4.sh index 4f74e67f2f..e90b8af7e1 100755 --- a/contrib/install_db4.sh +++ b/contrib/install_db4.sh @@ -51,7 +51,7 @@ http_get() { if [ -f "${2}" ]; then echo "File ${2} already exists; not downloading again" elif check_exists curl; then - curl --insecure "${1}" -o "${2}" + curl --insecure --retry 5 "${1}" -o "${2}" else wget --no-check-certificate "${1}" -O "${2}" fi diff --git a/contrib/linearize/linearize-data.py b/contrib/linearize/linearize-data.py index b6ead4a166..56c1fbfc92 100755 --- a/contrib/linearize/linearize-data.py +++ b/contrib/linearize/linearize-data.py @@ -7,7 +7,6 @@ # file COPYING or http://www.opensource.org/licenses/mit-license.php. # -from __future__ import print_function, division import struct import re import os diff --git a/contrib/linearize/linearize-hashes.py b/contrib/linearize/linearize-hashes.py index 911c3c959d..e10b46d831 100755 --- a/contrib/linearize/linearize-hashes.py +++ b/contrib/linearize/linearize-hashes.py @@ -7,11 +7,7 @@ # file COPYING or http://www.opensource.org/licenses/mit-license.php. # -from __future__ import print_function -try: # Python 3 - import http.client as httplib -except ImportError: # Python 2 - import httplib +from http.client import HttpConnection import json import re import base64 @@ -31,7 +27,7 @@ class BitcoinRPC: authpair = "%s:%s" % (username, password) authpair = authpair.encode('utf-8') self.authhdr = b"Basic " + base64.b64encode(authpair) - self.conn = httplib.HTTPConnection(host, port=port, timeout=30) + self.conn = HttpConnection(host, port=port, timeout=30) def execute(self, obj): try: diff --git a/contrib/macdeploy/custom_dsstore.py b/contrib/macdeploy/custom_dsstore.py index c29f83a91e..dc1c1882dd 100755 --- a/contrib/macdeploy/custom_dsstore.py +++ b/contrib/macdeploy/custom_dsstore.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# Copyright (c) 2013-2017 The Bitcoin Core developers +# Copyright (c) 2013-2018 The Bitcoin Core developers # Distributed under the MIT software license, see the accompanying # file COPYING or http://www.opensource.org/licenses/mit-license.php. import biplist diff --git a/contrib/verify-commits/README.md b/contrib/verify-commits/README.md index aa805ad1b9..27ca15acb4 100644 --- a/contrib/verify-commits/README.md +++ b/contrib/verify-commits/README.md @@ -3,7 +3,7 @@ Tooling for verification of PGP signed commits This is an incomplete work in progress, but currently includes a pre-push hook script (`pre-push-hook.sh`) for maintainers to ensure that their own commits -are PGP signed (nearly always merge commits), as well as a script to verify +are PGP signed (nearly always merge commits), as well as a Python 3 script to verify commits against a trusted keys list. @@ -17,9 +17,11 @@ be backdoored. Instead, you need to use a trusted version of verify-commits prior to checkout to make sure you're checking out only code signed by trusted keys: - git fetch origin && \ - ./contrib/verify-commits/verify-commits.py origin/master && \ - git checkout origin/master + ```sh + git fetch origin && \ + ./contrib/verify-commits/verify-commits.py origin/master && \ + git checkout origin/master + ``` Note that the above isn't a good UI/UX yet, and needs significant improvements to make it more convenient and reduce the chance of errors; pull-reqs @@ -33,6 +35,13 @@ Configuration files * `trusted-keys`: This file should contain a \n-delimited list of all PGP fingerprints of authorized commit signers (primary, not subkeys). * `allow-revsig-commits`: This file should contain a \n-delimited list of git commit hashes. See next section for more info. +Import trusted keys +------------------- +In order to check the commit signatures you must add the trusted PGP keys to your machine. This can be done in Linux by running +```sh +gpg --recv-keys $(<contrib/verify-commits/trusted-keys) +``` + Key expiry/revocation --------------------- diff --git a/contrib/verify-commits/verify-commits.py b/contrib/verify-commits/verify-commits.py index 544f4dc48d..b3c8064ec2 100755 --- a/contrib/verify-commits/verify-commits.py +++ b/contrib/verify-commits/verify-commits.py @@ -139,7 +139,7 @@ def main(): if len(parents) == 2 and check_merge and not allow_unclean: current_tree = subprocess.check_output([GIT, 'show', '--format=%T', current_commit], universal_newlines=True, encoding='utf8').splitlines()[0] subprocess.call([GIT, 'checkout', '--force', '--quiet', parents[0]]) - subprocess.call([GIT, 'merge', '--no-ff', '--quiet', parents[1]], stdout=subprocess.DEVNULL) + subprocess.call([GIT, 'merge', '--no-ff', '--quiet', '--no-gpg-sign', parents[1]], stdout=subprocess.DEVNULL) recreated_tree = subprocess.check_output([GIT, 'show', '--format=format:%T', 'HEAD'], universal_newlines=True, encoding='utf8').splitlines()[0] if current_tree != recreated_tree: print("Merge commit {} is not clean".format(current_commit), file=sys.stderr) |