Commit graph

26 commits

Author SHA1 Message Date
Matt Corallo
df5bae2e7b Update trusted-sha512-root-commit for new bad tree hash 2017-03-09 09:53:19 -05:00
Matt Corallo
efc06c2c46 If GNU sha512sum is missing, try perl shasum in verify-commits 2017-03-09 09:53:19 -05:00
Matt Corallo
fd5e905e21 Make verify-commits.sh non-recursive 2017-03-09 09:53:19 -05:00
Matt Corallo
b3ec305f8e Fix bashisms in verify-commits and always check top commit's tree 2017-03-06 16:59:08 -05:00
Matt Corallo
f20e664f40 Check gpg version before setting --weak-digest 2017-03-06 16:59:07 -05:00
Matt Corallo
bbd757940b Fix regsig checking for subkey sigs in verify-commits 2017-03-05 11:21:52 -05:00
Matt Corallo
d025bc7964 Allow any subkey in verify-commits 2017-03-04 09:41:16 -05:00
Peter Todd
eddc77a1b1 Add comment re: why SHA1 is disabled 2017-03-04 09:41:16 -05:00
Matt Corallo
d9c450ffb2 Verify Tree-SHA512s in merge commits, enforce sigs are not SHA1 2017-03-04 09:41:15 -05:00
Matt Corallo
a4b02f4275 Add Pieter's old signed commits to revsig-commits 2017-02-27 20:24:20 -05:00
Matt Corallo
3e900acafa Require merge commits merge branches on top of other merge commits
Specifically, require that the left branch (first restult of git
show -s --format=format:%P) is a signed merge commit, instead of
allowing either. This is fine for now, but might need to be relaxed
in the future.

Also fixes an out-of-file-descriptors issue by holding too many
open FDs writing to /dev/null
2017-02-01 18:22:27 -05:00
isle2983
0766d1cac3 [copyright] add MIT license headers to .sh scripts where missing
Years are set according to 'git log' history
2016-09-11 13:36:22 -06:00
Peter Todd
1e9aab0dbf
Remove sipa's old revoked key from verify-commits
Now that the trusted root is past all commits signed by that key we don't need
it in the trusted-keys list, nor do we need to whitelist those commits in
allow-revsig-commits
2016-06-18 20:53:17 -04:00
Peter Todd
966151e71d
Add README for verify-commits 2016-06-09 13:58:29 -04:00
Peter Todd
11164ec0b4
Remove keys that are no longer used for merging
Also updated trusted git root to be right after gmaxwell's last merge.
2016-05-21 11:29:01 +02:00
Peter Todd
22421faa19 Remove pointless warning
Any attacker who managed to make an evil commit that changed something in the
contrib/verify-commits/ directory could just as easily remove the warning
and/or modify it to not display the evil commits; telling the user to check
those commits specifically misleads them into checking just those commits
rather than the script itself.
2016-05-21 11:26:21 +02:00
Matt Corallo
9523e8adaf Make verify-commits path-independent 2016-05-21 11:26:10 +02:00
Matt Corallo
f7d4a25fe6 Make verify-commits POSIX-compliant 2016-05-21 11:26:06 +02:00
MarcoFalke
fa24329334 [contrib] verify-commits: Add MarcoFalke fingerprint 2016-04-21 15:25:09 +02:00
Jonas Schnelli
a5bc8de1ba
add jonasschnellis key to git-verify-commits trusted-keys 2015-11-13 14:52:17 +01:00
Matt Corallo
9ea7762e2c Use Pieter's signing subkey instead of his primary key
This commit is signed.
2015-11-06 15:19:31 -08:00
Matt Corallo
6e800c2b41
Add Pieter's new PGP key to verify-commits/trusted-keys 2015-10-27 17:06:13 -07:00
Matt Corallo
1d94b72019 Whitelist commits signed with Pieter's now-revoked key 2015-10-23 02:05:42 -07:00
Matt Corallo
27252b7389 Fix pre-push-hook regexes 2015-10-22 19:50:01 -07:00
Matt Corallo
0186228d61 Update trusted-git-root to the most recent unsigned commit 2015-09-14 12:54:25 -04:00
Matt Corallo
adaa568722 Add script to verify all merge commits are signed 2014-12-20 00:39:42 -05:00