Merge #9932: Fix verify-commits on travis and always check top commit's tree
b3ec305
Fix bashisms in verify-commits and always check top commit's tree (Matt Corallo)f20e664
Check gpg version before setting --weak-digest (Matt Corallo) Tree-SHA512: f87247008ae6a265e3fd371f00aec0e84f1feb713bf5859eab139a88a4e205e1f26de7b510bcc2c3ab538d5443978a48ec920d25b52b9601e625d198fa2d725f
This commit is contained in:
commit
00c13ea637
3 changed files with 24 additions and 11 deletions
|
@ -19,8 +19,20 @@ else
|
|||
# an attacker could construct a pull-req that results in a commit object that
|
||||
# they've created a collision for. Not the most likely attack, but preventing
|
||||
# it is pretty easy so we do so as a "belt-and-suspenders" measure.
|
||||
|
||||
GPG_RES="$(echo "$INPUT" | gpg --trust-model always --weak-digest sha1 "$@" 2>/dev/null)"
|
||||
GPG_RES=""
|
||||
for LINE in "$(gpg --version)"; do
|
||||
case "$LINE" in
|
||||
"gpg (GnuPG) 1.4.1"*|"gpg (GnuPG) 2.0."*)
|
||||
echo "Please upgrade to at least gpg 2.1.10 to check for weak signatures" > /dev/stderr
|
||||
GPG_RES="$(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null)"
|
||||
;;
|
||||
# We assume if you're running 2.1+, you're probably running 2.1.10+
|
||||
# gpg will fail otherwise
|
||||
# We assume if you're running 1.X, it is either 1.4.1X or 1.4.20+
|
||||
# gpg will fail otherwise
|
||||
esac
|
||||
done
|
||||
[ "$GPG_RES" = "" ] && GPG_RES="$(echo "$INPUT" | gpg --trust-model always --weak-digest sha1 "$@" 2>/dev/null)"
|
||||
fi
|
||||
for LINE in $(echo "$GPG_RES"); do
|
||||
case "$LINE" in
|
||||
|
@ -40,7 +52,7 @@ if ! $VALID; then
|
|||
exit 1
|
||||
fi
|
||||
if $VALID && $REVSIG; then
|
||||
echo "$INPUT" | gpg --trust-model always "$@" | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null
|
||||
echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)"
|
||||
echo "$GOODREVSIG"
|
||||
else
|
||||
echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
|
||||
|
|
|
@ -1 +1 @@
|
|||
b00ba6251f71fa1edaabdf809514e1bc3c67862e
|
||||
f7ec7cfd38b543ba81ac7bed5b77f9a19739460b
|
||||
|
|
|
@ -43,11 +43,12 @@ IS_SIGNED () {
|
|||
export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0
|
||||
fi
|
||||
|
||||
if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then
|
||||
if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null; then
|
||||
return 1;
|
||||
fi
|
||||
|
||||
if [ "$VERIFY_TREE" = 1 ]; then
|
||||
# We set $4 to 1 on the first call, always verifying the top of the tree
|
||||
if [ "$VERIFY_TREE" = 1 -o "$4" = "1" ]; then
|
||||
IFS_CACHE="$IFS"
|
||||
IFS='
|
||||
'
|
||||
|
@ -63,9 +64,10 @@ IS_SIGNED () {
|
|||
IFS="$IFS_CACHE"
|
||||
|
||||
FILE_HASHES=""
|
||||
for FILE in $(git ls-tree --full-tree -r --name-only $1 | LANG=C sort); do
|
||||
for FILE in $(git ls-tree --full-tree -r --name-only $1 | LC_ALL=C sort); do
|
||||
HASH=$(git cat-file blob $1:"$FILE" | sha512sum | { read FIRST OTHER; echo $FIRST; } )
|
||||
[ "$FILE_HASHES" != "" ] && FILE_HASHES="$FILE_HASHES"$'\n'
|
||||
[ "$FILE_HASHES" != "" ] && FILE_HASHES="$FILE_HASHES"'
|
||||
'
|
||||
FILE_HASHES="$FILE_HASHES$HASH $FILE"
|
||||
done
|
||||
HASH_MATCHES=0
|
||||
|
@ -86,7 +88,7 @@ IS_SIGNED () {
|
|||
local PARENTS
|
||||
PARENTS=$(git show -s --format=format:%P $1)
|
||||
for PARENT in $PARENTS; do
|
||||
if IS_SIGNED $PARENT $VERIFY_TREE $NO_SHA1; then
|
||||
if IS_SIGNED $PARENT $VERIFY_TREE $NO_SHA1 0; then
|
||||
return 0;
|
||||
fi
|
||||
break
|
||||
|
@ -111,10 +113,9 @@ fi
|
|||
DO_CHECKOUT_TEST=0
|
||||
if [ x"$2" = "x--tree-checks" ]; then
|
||||
DO_CHECKOUT_TEST=1
|
||||
|
||||
fi
|
||||
|
||||
IS_SIGNED "$TEST_COMMIT" "$DO_CHECKOUT_TEST" 1
|
||||
IS_SIGNED "$TEST_COMMIT" "$DO_CHECKOUT_TEST" 1 1
|
||||
RES=$?
|
||||
if [ "$RES" = 1 ]; then
|
||||
if ! "$HAVE_FAILED"; then
|
||||
|
|
Loading…
Reference in a new issue