diff options
Diffstat (limited to 'contrib')
-rwxr-xr-x | contrib/verify-commits/gpg.sh | 18 | ||||
-rw-r--r-- | contrib/verify-commits/trusted-sha512-root-commit | 2 | ||||
-rwxr-xr-x | contrib/verify-commits/verify-commits.sh | 15 |
3 files changed, 24 insertions, 11 deletions
diff --git a/contrib/verify-commits/gpg.sh b/contrib/verify-commits/gpg.sh index 4342d7bd0f..b01e2a6d39 100755 --- a/contrib/verify-commits/gpg.sh +++ b/contrib/verify-commits/gpg.sh @@ -19,8 +19,20 @@ else # an attacker could construct a pull-req that results in a commit object that # they've created a collision for. Not the most likely attack, but preventing # it is pretty easy so we do so as a "belt-and-suspenders" measure. - - GPG_RES="$(echo "$INPUT" | gpg --trust-model always --weak-digest sha1 "$@" 2>/dev/null)" + GPG_RES="" + for LINE in "$(gpg --version)"; do + case "$LINE" in + "gpg (GnuPG) 1.4.1"*|"gpg (GnuPG) 2.0."*) + echo "Please upgrade to at least gpg 2.1.10 to check for weak signatures" > /dev/stderr + GPG_RES="$(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null)" + ;; + # We assume if you're running 2.1+, you're probably running 2.1.10+ + # gpg will fail otherwise + # We assume if you're running 1.X, it is either 1.4.1X or 1.4.20+ + # gpg will fail otherwise + esac + done + [ "$GPG_RES" = "" ] && GPG_RES="$(echo "$INPUT" | gpg --trust-model always --weak-digest sha1 "$@" 2>/dev/null)" fi for LINE in $(echo "$GPG_RES"); do case "$LINE" in @@ -40,7 +52,7 @@ if ! $VALID; then exit 1 fi if $VALID && $REVSIG; then - echo "$INPUT" | gpg --trust-model always "$@" | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null + echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" echo "$GOODREVSIG" else echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null diff --git a/contrib/verify-commits/trusted-sha512-root-commit b/contrib/verify-commits/trusted-sha512-root-commit index 189dc215e3..c28f50ff78 100644 --- a/contrib/verify-commits/trusted-sha512-root-commit +++ b/contrib/verify-commits/trusted-sha512-root-commit @@ -1 +1 @@ -b00ba6251f71fa1edaabdf809514e1bc3c67862e +f7ec7cfd38b543ba81ac7bed5b77f9a19739460b diff --git a/contrib/verify-commits/verify-commits.sh b/contrib/verify-commits/verify-commits.sh index 55eccf588a..40c9341445 100755 --- a/contrib/verify-commits/verify-commits.sh +++ b/contrib/verify-commits/verify-commits.sh @@ -43,11 +43,12 @@ IS_SIGNED () { export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0 fi - if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then + if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null; then return 1; fi - if [ "$VERIFY_TREE" = 1 ]; then + # We set $4 to 1 on the first call, always verifying the top of the tree + if [ "$VERIFY_TREE" = 1 -o "$4" = "1" ]; then IFS_CACHE="$IFS" IFS=' ' @@ -63,9 +64,10 @@ IS_SIGNED () { IFS="$IFS_CACHE" FILE_HASHES="" - for FILE in $(git ls-tree --full-tree -r --name-only $1 | LANG=C sort); do + for FILE in $(git ls-tree --full-tree -r --name-only $1 | LC_ALL=C sort); do HASH=$(git cat-file blob $1:"$FILE" | sha512sum | { read FIRST OTHER; echo $FIRST; } ) - [ "$FILE_HASHES" != "" ] && FILE_HASHES="$FILE_HASHES"$'\n' + [ "$FILE_HASHES" != "" ] && FILE_HASHES="$FILE_HASHES"' +' FILE_HASHES="$FILE_HASHES$HASH $FILE" done HASH_MATCHES=0 @@ -86,7 +88,7 @@ IS_SIGNED () { local PARENTS PARENTS=$(git show -s --format=format:%P $1) for PARENT in $PARENTS; do - if IS_SIGNED $PARENT $VERIFY_TREE $NO_SHA1; then + if IS_SIGNED $PARENT $VERIFY_TREE $NO_SHA1 0; then return 0; fi break @@ -111,10 +113,9 @@ fi DO_CHECKOUT_TEST=0 if [ x"$2" = "x--tree-checks" ]; then DO_CHECKOUT_TEST=1 - fi -IS_SIGNED "$TEST_COMMIT" "$DO_CHECKOUT_TEST" 1 +IS_SIGNED "$TEST_COMMIT" "$DO_CHECKOUT_TEST" 1 1 RES=$? if [ "$RES" = 1 ]; then if ! "$HAVE_FAILED"; then |