Commit graph

10 commits

Author SHA1 Message Date
Matt Corallo
b3ec305f8e Fix bashisms in verify-commits and always check top commit's tree 2017-03-06 16:59:08 -05:00
Matt Corallo
f20e664f40 Check gpg version before setting --weak-digest 2017-03-06 16:59:07 -05:00
Matt Corallo
d9c450ffb2 Verify Tree-SHA512s in merge commits, enforce sigs are not SHA1 2017-03-04 09:41:15 -05:00
Matt Corallo
3e900acafa Require merge commits merge branches on top of other merge commits
Specifically, require that the left branch (first restult of git
show -s --format=format:%P) is a signed merge commit, instead of
allowing either. This is fine for now, but might need to be relaxed
in the future.

Also fixes an out-of-file-descriptors issue by holding too many
open FDs writing to /dev/null
2017-02-01 18:22:27 -05:00
isle2983
0766d1cac3 [copyright] add MIT license headers to .sh scripts where missing
Years are set according to 'git log' history
2016-09-11 13:36:22 -06:00
Peter Todd
22421faa19 Remove pointless warning
Any attacker who managed to make an evil commit that changed something in the
contrib/verify-commits/ directory could just as easily remove the warning
and/or modify it to not display the evil commits; telling the user to check
those commits specifically misleads them into checking just those commits
rather than the script itself.
2016-05-21 11:26:21 +02:00
Matt Corallo
9523e8adaf Make verify-commits path-independent 2016-05-21 11:26:10 +02:00
Matt Corallo
f7d4a25fe6 Make verify-commits POSIX-compliant 2016-05-21 11:26:06 +02:00
Matt Corallo
1d94b72019 Whitelist commits signed with Pieter's now-revoked key 2015-10-23 02:05:42 -07:00
Matt Corallo
adaa568722 Add script to verify all merge commits are signed 2014-12-20 00:39:42 -05:00