aboutsummaryrefslogtreecommitdiff
path: root/contrib/verify-commits
AgeCommit message (Collapse)Author
2018-12-10Merge #14809: Tools: improve verify-commits.py scriptMeshCollider
45842c3d2 Improve documentation for running verify-commits.py script (Jameson Lopp) Pull request description: I ran into 3 different issues while trying to run the verify-commits script for the first time and I think documenting them would help save time for future developers. 1. I was trying to just run it with "python" and didn't realize I had multiple python versions installed and this script is only syntactically valid for python 3.x. 2. I needed to import the trusted keys 3. The script was hanging because it was triggering my yubikey for signature verification Tree-SHA512: dfc7a62972ca3de528fae3c9d420c7d2d6658767a555ebbf5f4a27c04748c35ccf8bf63bfc9f264358346de0db49bfbaf2d1540793a609d81c2d9b622ee8182c
2018-12-06Improve documentation for running verify-commits.py scriptJameson Lopp
2018-12-04scripts: Add trusted key for Samuel DobsonWladimir J. van der Laan
Add trusted GPG key so that Samuel Dobson (MeshCollider), who is now wallet maintainer, can merge PRs.
2018-09-02lint: Make sure we read the command line inputs using utf-8 decoding in pythonChun Kuan Lee
2018-06-20Obsolete #!/bin/bash shebangDesWurstes
2018-06-18Merge #13454: Make sure LC_ALL=C is set in all shell scriptsWladimir J. van der Laan
47776a958b08382d76d69b5df7beed807af168b3 Add linter: Make sure all shell scripts opt out of locale dependence using "export LC_ALL=C" (practicalswift) 3352da8da1243c03fc83ba678d2f5d193bd5a0c2 Add "export LC_ALL=C" to all shell scripts (practicalswift) Pull request description: ~~Make sure `LC_ALL=C` is set when using `grep` range expressions.~~ Make sure `LC_ALL=C` is set in all shell scripts. From the `grep(1)` documentation: > Within a bracket expression, a range expression consists of two characters separated by a hyphen. It matches any single character that sorts between the two characters, inclusive, using the locale's collating sequence and character set. For example, in the default C locale, `[a-d]` is equivalent to `[abcd]`. Many locales sort characters in dictionary order, and in these locales `[a-d]` is typically not equivalent to `[abcd]`; it might be equivalent to `[aBbCcDd]`, for example. To obtain the traditional interpretation of bracket expressions, you can use the C locale by setting the `LC_ALL` environment variable to the value C. Context: [Locale issue found when reviewing #13450](https://github.com/bitcoin/bitcoin/pull/13450/files#r194877736) Tree-SHA512: fd74d2612998f9b49ef9be24410e505d8c842716f84d085157fc7f9799d40e8a7b4969de783afcf99b7fae4f91bbb4559651f7dd6578a6a081a50bdea29f0909
2018-06-16Merge #13448: Add linter: Make sure we explicitly open all text files using ↵Wladimir J. van der Laan
UTF-8 encoding in Python c8176b3cc7556d7bcec39a55ae4d6ba16453baaa Add linter: Make sure we explicitly open all text files using UTF-8 or ASCII encoding in Python (practicalswift) 634bd970013eca90f4b4c1f9044eec8c97ba62c2 Explicitly specify encoding when opening text files in Python code (practicalswift) Pull request description: Add linter: Make sure we explicitly open all text files using UTF-8 encoding in Python. As requested by @laanwj in #13440. Tree-SHA512: 1651c00fe220ceb273324abd6703aee504029b96c7ef0e3029145901762c733c9b9d24927da281394fd4681a5bff774336c04eed01fafea997bb32192c334c06
2018-06-15Fix CVE-2018-12356 by hardening the regex.Loganaden Velvindron
2018-06-14Add "export LC_ALL=C" to all shell scriptspracticalswift
2018-06-12Explicitly specify encoding when opening text files in Python codepracticalswift
2018-06-12Use python instead of slow shell script on verify-commitsChun Kuan Lee
2018-04-07Merge #12708: Make verify-commits.sh test that merges are cleanWladimir J. van der Laan
577f111 Make verify-commits.sh test that merges are clean (Pieter Wuille) Pull request description: Unsure if we want this. This modifies verify-commits.sh to redo all merges along the leftmost commit branch (which includes all PR merges), and verify whether they match the merge commit's trees. The benefit is that it will detect a case where one of the maintainers merges a PR, but makes an unrelated change inside the merge commit. This on itself is not very strong, as unrelated changes can also be included in the merged branch itself - but perhaps the merge commit is not something that people are otherwise likely to look at. Fixes #8089 Tree-SHA512: 2c020f5ac3f771ac775aa726832916bb8e03a311b2745d7a9825047239bd0660d838f086f3456f2bb05cea14c1529f74436b8cdd74cc94b70e40b4617309f62c
2018-03-29[verify-commits] Add some additional useful documentation.Matt Corallo
2018-03-28Add Marco-expired-key-signed-commits to allow-revsig-commitsMatt Corallo
2018-03-28Revert "test: Update trust git root".Matt Corallo
This reverts commit 7deba93bdc76616011a9f493cbc203d60084416f. This is neither a "test" change, nor should the trusted-git-root have been updated - there is a process for expired PGP keys.
2018-03-16Make verify-commits.sh test that merges are cleanPieter Wuille
2018-03-06test: Update trust git rootWladimir J. van der Laan
Marco Falke's old key expired, causing a travis error while verifying commits 36afd4db4442c45d4078b1a7ad16a1872b5bee0d and before: gpg: Good signature from "Marco Falke <marco.falke@tum.de>" [unknown] gpg: aka "Marco Falke <falke.marco@gmail.com>" [unknown] gpg: Note: This key has expired! Primary key fingerprint: B8B3 F1C0 E58C 15DB 6A81 D30C 3648 A882 F431 6B9B Subkey fingerprint: FE09 B823 E6D8 3A3B C798 3EAA 2D7F 2372 E50F E137 Update the trusted root commit to the commit after that, to fix this issue. Tree-SHA512: 41e5913728099b131f73f8b4621cf6474d8914b2ffd524be8bac356426820f58016cc427fb32d043367688c8dbb60c26a7e34756589b61d0ba4ca3f8529a300f
2017-12-05[verify-commits] Fix gpg.sh's echoing for commits with '\n'Matt Corallo
2017-12-04Merge #10773: Shell script cleanupsPieter Wuille
13a81b19d Add quotes to variable assignment (as requested by @TheBlueMatt) (practicalswift) 683b9d280 Fix valid path output (practicalswift) 193c2fb4c Use bash instead of POSIX sh. POSIX sh does not support arrays. (practicalswift) 80f5f28d3 Fix incorrect quoting of quotes (the previous quotes had no effect beyond unquoting) (practicalswift) 564a172df Add required space to [[ -n "$1" ]] (previously [[ -n"$1" ]]) (practicalswift) 1e44ae0e1 Add error handling: exit if cd fails (practicalswift) b9e79ab41 Remove "\n" from echo argument. echo does not support escape sequences. (practicalswift) f6b3382fa Remove unused variables (practicalswift) Pull request description: Shell script cleanups: * Add required space to `[ -n ]`. * Avoid quote within quote. * Exit if `cd` fails. * Remove `\n` which is not handled by `echo`. * ~~Remove redundant `$` in arithmetic variable expression.~~ * ~~Use `$(command)` instead of legacy form `` `command` ``.~~ * Arrays are not supported in POSIX `sh`. Use `bash` when arrays are used. * ~~`[ foo -a bar ]` is not well defined, use `[ foo ] && [ bar ]` instead.~~ * ~~`[ foo -o bar ]` is not well defined, use `[ foo ] || [ bar ]` instead.~~ Tree-SHA512: 80f6ded58bce625b15b4da30d69d2714c633e184e62b21ed67d2c58e2ebaa08b4147593324012694d02bf4f1f252844cdff2fd1cf5e817ddb07e2777db7a6390
2017-11-09Merge #10771: Remove unused variables in shell scriptsWladimir J. van der Laan
ab8e8b9 Remove unused variables in shell scripts. (practicalswift) Pull request description: Remove unused variables in shell scripts. Use `_` where we don't care about the result. Tree-SHA512: 35049e79ee432c805f061456c32902a92811b5214d50ce6770b22d1442cc5999ed53cfe05bb2347f6995ca33c707a0f3fe92d5829c0385c4a3e254953924cbc4
2017-10-20[verify-commits] Allow revoked keys to expireMatt Corallo
2017-10-18Add quotes to variable assignment (as requested by @TheBlueMatt)practicalswift
2017-10-18Fix valid path outputpracticalswift
2017-10-18Fix incorrect quoting of quotes (the previous quotes had no effect beyond ↵practicalswift
unquoting)
2017-10-18Remove unused variablespracticalswift
2017-10-09Remove accidental stray semicolonpracticalswift
2017-08-09Remove unused variables in shell scripts.practicalswift
2017-03-09Update trusted-sha512-root-commit for new bad tree hashMatt Corallo
2017-03-09If GNU sha512sum is missing, try perl shasum in verify-commitsMatt Corallo
2017-03-09Make verify-commits.sh non-recursiveMatt Corallo
2017-03-06Fix bashisms in verify-commits and always check top commit's treeMatt Corallo
2017-03-06Check gpg version before setting --weak-digestMatt Corallo
2017-03-05Fix regsig checking for subkey sigs in verify-commitsMatt Corallo
2017-03-04Allow any subkey in verify-commitsMatt Corallo
2017-03-04Add comment re: why SHA1 is disabledPeter Todd
2017-03-04Verify Tree-SHA512s in merge commits, enforce sigs are not SHA1Matt Corallo
2017-02-27Add Pieter's old signed commits to revsig-commitsMatt Corallo
2017-02-01Require merge commits merge branches on top of other merge commitsMatt Corallo
Specifically, require that the left branch (first restult of git show -s --format=format:%P) is a signed merge commit, instead of allowing either. This is fine for now, but might need to be relaxed in the future. Also fixes an out-of-file-descriptors issue by holding too many open FDs writing to /dev/null
2016-09-11[copyright] add MIT license headers to .sh scripts where missingisle2983
Years are set according to 'git log' history
2016-06-18Remove sipa's old revoked key from verify-commitsPeter Todd
Now that the trusted root is past all commits signed by that key we don't need it in the trusted-keys list, nor do we need to whitelist those commits in allow-revsig-commits
2016-06-09Add README for verify-commitsPeter Todd
2016-05-21Remove keys that are no longer used for mergingPeter Todd
Also updated trusted git root to be right after gmaxwell's last merge.
2016-05-21Remove pointless warningPeter Todd
Any attacker who managed to make an evil commit that changed something in the contrib/verify-commits/ directory could just as easily remove the warning and/or modify it to not display the evil commits; telling the user to check those commits specifically misleads them into checking just those commits rather than the script itself.
2016-05-21Make verify-commits path-independentMatt Corallo
2016-05-21Make verify-commits POSIX-compliantMatt Corallo
2016-04-21[contrib] verify-commits: Add MarcoFalke fingerprintMarcoFalke
2015-11-13add jonasschnellis key to git-verify-commits trusted-keysJonas Schnelli
2015-11-06Use Pieter's signing subkey instead of his primary keyMatt Corallo
This commit is signed.
2015-10-27Add Pieter's new PGP key to verify-commits/trusted-keysMatt Corallo
2015-10-23Whitelist commits signed with Pieter's now-revoked keyMatt Corallo