Merge #9932: Fix verify-commits on travis and always check top commit's tree

b3ec305 Fix bashisms in verify-commits and always check top commit's tree (Matt Corallo) f20e664 Check gpg version before setting --weak-digest (Matt Corallo) Tree-SHA512: f87247008ae6a265e3fd371f00aec0e84f1feb713bf5859eab139a88a4e205e1f26de7b510bcc2c3ab538d5443978a48ec920d25b52b9601e625d198fa2d725f
2017-03-07 10:51:38 +01:00 · 2017-03-07 10:51:38 +01:00 · 00c13ea637
commit 00c13ea637
parent 19be26afe3 b3ec305f8e
3 changed files with 24 additions and 11 deletions
--- a/contrib/verify-commits/gpg.sh
+++ b/contrib/verify-commits/gpg.sh
@ -19,8 +19,20 @@ else
 	# an attacker could construct a pull-req that results in a commit object that
 	# they've created a collision for. Not the most likely attack, but preventing
 	# it is pretty easy so we do so as a "belt-and-suspenders" measure.
-
-	GPG_RES="$(echo "$INPUT" | gpg --trust-model always --weak-digest sha1 "$@" 2>/dev/null)"
+	GPG_RES=""
+	for LINE in "$(gpg --version)"; do
+		case "$LINE" in
+			"gpg (GnuPG) 1.4.1"*|"gpg (GnuPG) 2.0."*)
+				echo "Please upgrade to at least gpg 2.1.10 to check for weak signatures" > /dev/stderr
+				GPG_RES="$(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null)"
+				;;
+			# We assume if you're running 2.1+, you're probably running 2.1.10+
+			# gpg will fail otherwise
+			# We assume if you're running 1.X, it is either 1.4.1X or 1.4.20+
+			# gpg will fail otherwise
+		esac
+	done
+	[ "$GPG_RES" = "" ] && GPG_RES="$(echo "$INPUT" | gpg --trust-model always --weak-digest sha1 "$@" 2>/dev/null)"
 fi
 for LINE in $(echo "$GPG_RES"); do
 	case "$LINE" in
@ -40,7 +52,7 @@ if ! $VALID; then
 	exit 1
 fi
 if $VALID && $REVSIG; then
-	echo "$INPUT" | gpg --trust-model always "$@" | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null
+	echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)"
 	echo "$GOODREVSIG"
 else
 	echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
--- a/contrib/verify-commits/trusted-sha512-root-commit
+++ b/contrib/verify-commits/trusted-sha512-root-commit
@ -1 +1 @@
-b00ba6251f71fa1edaabdf809514e1bc3c67862e
+f7ec7cfd38b543ba81ac7bed5b77f9a19739460b
--- a/contrib/verify-commits/verify-commits.sh
+++ b/contrib/verify-commits/verify-commits.sh
@ -43,11 +43,12 @@ IS_SIGNED () {
 		export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0
 	fi

-	if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then
+	if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null; then
 		return 1;
 	fi

-	if [ "$VERIFY_TREE" = 1 ]; then
+	# We set $4 to 1 on the first call, always verifying the top of the tree
+	if [ "$VERIFY_TREE" = 1 -o "$4" = "1" ]; then
 		IFS_CACHE="$IFS"
 		IFS='
 '
@ -63,9 +64,10 @@ IS_SIGNED () {
 		IFS="$IFS_CACHE"

 		FILE_HASHES=""
-		for FILE in $(git ls-tree --full-tree -r --name-only $1 | LANG=C sort); do
+		for FILE in $(git ls-tree --full-tree -r --name-only $1 | LC_ALL=C sort); do
 			HASH=$(git cat-file blob $1:"$FILE" | sha512sum | { read FIRST OTHER; echo $FIRST; } )
-			[ "$FILE_HASHES" != "" ] && FILE_HASHES="$FILE_HASHES"$'\n'
+			[ "$FILE_HASHES" != "" ] && FILE_HASHES="$FILE_HASHES"'
+'
 			FILE_HASHES="$FILE_HASHES$HASH  $FILE"
 		done
 		HASH_MATCHES=0
@ -86,7 +88,7 @@ IS_SIGNED () {
 	local PARENTS
 	PARENTS=$(git show -s --format=format:%P $1)
 	for PARENT in $PARENTS; do
-		if IS_SIGNED $PARENT $VERIFY_TREE $NO_SHA1; then
+		if IS_SIGNED $PARENT $VERIFY_TREE $NO_SHA1 0; then
 			return 0;
 		fi
 		break
@ -111,10 +113,9 @@ fi
 DO_CHECKOUT_TEST=0
 if [ x"$2" = "x--tree-checks" ]; then
 	DO_CHECKOUT_TEST=1
-
 fi

-IS_SIGNED "$TEST_COMMIT" "$DO_CHECKOUT_TEST" 1
+IS_SIGNED "$TEST_COMMIT" "$DO_CHECKOUT_TEST" 1 1
 RES=$?
 if [ "$RES" = 1 ]; then
 	if ! "$HAVE_FAILED"; then