Commit Graph

89 Commits

Author SHA1 Message Date
Ryan Ofsky
59ebee3fb4
add ryanofsky to trusted-keys 2023-05-08 23:30:56 -04:00
Cory Fields
1fefcf27ed verify-commits: error and exit cleanly when git is too old. 2023-04-13 21:07:06 +00:00
glozow
873dcc1910
Merge bitcoin/bitcoin#27058: contrib: Improve verify-commits.py to work with maintainers leaving
14fac808bd verify-commits: Mention git v2.38.0 requirement (Andrew Chow)
bb86887527 verify-commits: Skip checks for commits older than trusted roots (Andrew Chow)
5497c14830 verify-commits: Use merge-tree in clean merge check (Andrew Chow)
76923bfa09 verify-commits: Remove all allowed commit exceptions (Andrew Chow)
53b07b2b47 verify-commits: Move trusted-keys valid sig check into verify-commits itself (Andrew Chow)

Pull request description:

  Currently the `verify-commits.py` script does not work well with maintainers giving up their commit access. If a key is removed from `trusted-keys`, any commits it signed previously will fail to verify, however keys cannot be kept in the list as it would allow that person to continue to push new commits. Furthermore, the `trusted-keys` used depends on the working tree which `verify-commits.py` itself may be modifying. When the script is run, the `trusted-keys` may be the one that is intended to be used, but the script may change the tree to a different commit with a different `trusted-keys` and use that instead!

  To resolve these issues, I've updated `verify-commits.py` to load the `trusted-keys` file and check the keys itself rather than delegating that to `gpg.sh` (which previously read in `trusted-keys`). This avoids the issue with the tree changing.

  I've also updated the script so that it stops modifying the tree. It would do this for the clean merge check where it would checkout each individual commit and attempt to reapply the merges, and then checking out the commit given as a cli arg. `git merge-tree` lets us do basically that but without modifying the tree. It will give us the object id for the resulting tree which we can compare against the object id of the tree in the merge commit in question. This also appears to be quite a bit faster.

  Lastly I've removed all of the exception commits in `allow-revsig-commits`, `allow-incorrect-sha512-commits`, and `allow-unclean-merge-commits` since all of these predate the commits in `trusted-git-root` and `trusted-sha512-root`. I've also updated the script to skip verification of commits that predate `trusted-git-root`, and skip sha512 verification for those that predate `trusted-sha512-root`.

ACKs for top commit:
  Sjors:
    ACK 14fac808bd
  glozow:
    Concept ACK 14fac808bd

Tree-SHA512: f9b0c6e1f1aecb169cdd6c833b8871b15e31c2374dc589858df0523659b294220d327481cc36dd0f92e9040d868eee6a8a68502f3163e05fa751f9fc2fa8832a
2023-02-27 13:17:48 +00:00
Andrew Chow
14fac808bd verify-commits: Mention git v2.38.0 requirement 2023-02-21 17:00:13 -05:00
MarcoFalke
fab17f08e2
Revert "[contrib] verify-commits: Add MarcoFalke fingerprint"
This reverts commit fa24329334.
2023-02-21 14:00:13 +01:00
Andrew Chow
bb86887527 verify-commits: Skip checks for commits older than trusted roots 2023-02-16 12:47:00 -05:00
Andrew Chow
5497c14830 verify-commits: Use merge-tree in clean merge check 2023-02-16 12:47:00 -05:00
Andrew Chow
76923bfa09 verify-commits: Remove all allowed commit exceptions
These commits predate the current trusted root.
2023-02-16 12:46:59 -05:00
Andrew Chow
53b07b2b47 verify-commits: Move trusted-keys valid sig check into verify-commits itself
Instead of having gpg.sh check against the trusted keys for a valid
signature, do it inside of verify-commits itself.

This also allows us to use the same trusted-keys throughout the
verify-commits.py check rather than it possibly being modified during
the clean merge check.
2023-02-16 12:46:40 -05:00
fanquake
cbf511b3f4
Merge bitcoin/bitcoin#27054: Remove laanwj from trusted-keys
aafa5e945c Remove laanwj from trusted-keys (laanwj)

Pull request description:

  allow-revsig-commits list generated using:

      git log --format="%H %ce" --merges 577bd51a4b8de066466a445192c1c653872657e2..master | grep laanwj | cut -c -40 >> allow-revsig-commits

ACKs for top commit:
  Sjors:
    tACK aafa5e945c 😢
  achow101:
    ACK aafa5e945c
  fanquake:
    ACK aafa5e945c

Tree-SHA512: 5e38ac8101f948030f9577480bfba14674351a7d697d7f6985966d98a0200fa110cee13fb331a1ff0c05874d92d9d03402c540f063155e7eea093accb5f4590e
2023-02-16 09:42:11 +00:00
Andrew Chow
6ada37d44c verify-commits: Bump trusted git root to after most recent laanwj merge
To prepare for the removal of laanwj's key from trusted key, the trusted
git root needs to be newer than the most recent merge commit signed by
his key.
2023-02-10 11:36:06 -05:00
laanwj
aafa5e945c
Remove laanwj from trusted-keys
allow-revsig-commits list generated using:

    git log --format="%H %ce" --merges 577bd51a4b8de066466a445192c1c653872657e2..master | grep laanwj | cut -c -40 >> allow-revsig-commits

Tree-SHA512: e665d1f3f6ae45ad435cb2802d49988f5133d695b145aa2dc65af95c052e562e0afaf585c351a41529985b4229965cf555f7197a44c90ba7daaea7a28975648d
2023-02-07 10:12:49 +01:00
Hennadii Stepanov
306ccd4927
scripted-diff: Bump copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-

Commits of previous years:
- 2021: f47dda2c58
- 2020: fa0074e2d8
- 2019: aaaaad6ac9
2022-12-24 23:49:50 +00:00
Pieter Wuille
8cbeab4d90 Remove my key from trusted-keys 2022-07-07 16:53:48 -04:00
glozow
ebe106a754
add glozow to trusted-keys 2022-07-01 14:15:03 +01:00
Hennadii Stepanov
d4b3dc5b0a
contrib: Remove keys that are no longer used for merging
See:
https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-10-21#726591
https://bitcoin-irc.chaincode.com/bitcoin-core-dev/2021-12-09#750000

Also updated trusted-git-root to be right after meshcollider's last
merge.
2022-05-24 14:02:30 +02:00
brunoerg
ded915e842 contrib: fix dirname on verify-commits 2022-05-05 13:27:11 -03:00
brunoerg
027aab663a test, contrib, refactor: use with when opening a file 2022-04-27 20:04:33 -03:00
Hennadii Stepanov
f47dda2c58
scripted-diff: Bump copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-

Commits of previous years:
* 2020: fa0074e2d8
* 2019: aaaaad6ac9
2021-12-30 19:36:57 +02:00
Andrew Chow
33b511251a
contrib: add achow101 to trusted keys
For maintaining the wallet and psbt things
2021-12-16 14:52:39 -05:00
W. J. van der Laan
aec631bccc
Merge bitcoin/bitcoin#23462: test: Enable SC2046 and SC2086 shellcheck rules
fe0ff569ea test: Enable SC2046 shellcheck rule (Hennadii Stepanov)
9a1ad7bc0d test: Enable SC2086 shellcheck rule (Hennadii Stepanov)

Pull request description:

  Closes #20879.
  Replaces #22695.

  **Note for reviewers**. Some touched shell scripts are not being run in CI, therefore they require more thorough reviewing:
  - `contrib/devtools/gen-manpages.sh`
  - `contrib/macdeploy/detached-sig-apply.sh`
  - `contrib/windeploy/detached-sig-create.sh`
  - `src/qt/res/animation/makespinner.sh`

ACKs for top commit:
  laanwj:
    Code review re-ACK fe0ff569ea

Tree-SHA512: 73619b9a7bcb6cf0dfc4189a753ef550d40c82a3432bb9d8d8a994310d42594576038daac7e0c2fc004d716976bb1413b9a77848ecf088b25b69ed0773b77e8e
2021-11-15 16:22:52 +01:00
Hennadii Stepanov
9a1ad7bc0d
test: Enable SC2086 shellcheck rule 2021-11-13 16:54:56 +02:00
nthumann
365f35481d
script: Add commits signed with sipas expired key to allow-revsig-commits 2021-08-22 11:52:21 +02:00
fanquake
4c43b7d41d
contrib: use hkps://keys.openpgp.org to retrieve builder keys
hkps://hkps.pool.sks-keyservers.net is essentially no-longer functional,
and a number of distributions and GPG tools have since switched to using
this key server as their default.

See this Debian patch for additional context:
https://salsa.debian.org/debian/gnupg2/-/blob/debian/main/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch

Switch to using keys.openpgp.org in the CI as well.
2021-08-17 08:59:04 +08:00
Hennadii Stepanov
55d85834cc
script: Add trusted key for hebasto 2021-04-06 12:27:32 +03:00
MarcoFalke
fa488f131f
scripted-diff: Bump copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
2020-04-16 13:33:09 -04:00
MarcoFalke
e09c701e01 scripted-diff: Bump copyright of files changed in 2020
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
2020-01-15 02:18:00 +07:00
MarcoFalke
aaaaad6ac9
scripted-diff: Bump copyright of files changed in 2019
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
2019-12-30 10:42:20 +13:00
Emil Engler
bd6a243075
script: Add Keyserver to verify-commits README 2019-11-30 04:41:06 +01:00
fanquake
6c27fa0f09
scripts: remove github-merge.py
This script has been moved to the bitcoin-core/bitcoin-maintainer-tools repository,
after discussion in a core dev meeting. The rationale being that it is also useful to
other projects, and thus should be moved to a more general repository.

Meeting log: http://www.erisian.com.au/bitcoin-core-dev/log-2019-08-15.html
See also: https://github.com/bitcoin-core/bitcoin-maintainer-tools/pull/28
2019-08-19 19:16:57 +08:00
Hennadii Stepanov
1ac454a384
Enable ShellCheck rules
Enabled ShellCheck rules:
  SC1087
  SC2001
  SC2004
  SC2005
  SC2006
  SC2016
  SC2028
  SC2048
  SC2066 (note that IFS already contains only a line feed)
  SC2116
  SC2166
  SC2181
  SC2206
  SC2207
  SC2230
  SC2236
2019-07-04 19:35:25 +03:00
fanquake
8081927c33
scripts: add key for fanquake to trusted keys list 2019-06-07 09:48:12 +02:00
MarcoFalke
904129b35d
Merge #15255: [tests] Remove travis_wait from lint script
8b8d8eeae9 Remove travis_wait from lint script (Graham Krizek)

Pull request description:

  Using the `travis_wait` command in conjunction with `set -o errexit` causes problems. The `travis_wait` command will correctly log the command's output if successful, but if the command fails the process exits before the `travis_wait` command can dump the logs. This will hide important debugging information like error messages and stack traces. We ran into this in #15196 and it was very hard to debug because output was being suppressed.

  `travis_wait` was being used because the `contrib/verify-commits/verify-commits.py` script can sometimes run for a long time without producing any output. If a script runs for 10 minutes without logging anything, the CI run times out. The `travis_wait` command will extend this timeout by logging a message for you, while sending stderr and stdout to a file.

  This PR removes the `travis_wait` command from our CI system and adds additional logging to the `verify-commits.py` script so it doesn't make Travis timeout.

ACKs for commit 8b8d8e:
  MarcoFalke:
    utACK 8b8d8eeae9

Tree-SHA512: 175a8dd3f4d4e03ab272ddba94fa8bb06875c9027c3f3f81577feda4bc8918b5f0e003a19027f04f8cf2d0b56c68633716a6ab23f95b910121a8d1132428767d
2019-03-29 11:23:08 -04:00
Graham Krizek
8b8d8eeae9 Remove travis_wait from lint script
Also adding progress logging to verify-commits.py script to prevent Travis from timing out
2019-02-21 11:11:02 -06:00
Douglas Roark
a786c3b306
Slight tweak to the verify-commits script directions
Clarify that GnuPG may be used on both Linux and macOS to obtain the keys required to verify the commits.
2019-01-31 10:15:52 -08:00
Graham Krizek
fdf82ba181
Update all subprocess.check_output functions in CI scripts to be Python 3.4 compatible
Removing the 'universal_newlines' and 'encoding' args from the subprocess.check_outputs fuction. 'universal_newlines' is supported in 3.4, but 'encoding' is not. Without specifying 'encoding' it will make a guess at encoding, which can break things on BSD systems. We must handle encoding/decoding ourselves until we can use Python 3.6
2019-01-18 09:36:39 -06:00
MeshCollider
e946fc7eb1
Merge #14809: Tools: improve verify-commits.py script
45842c3d2 Improve documentation for running verify-commits.py script (Jameson Lopp)

Pull request description:

  I ran into 3 different issues while trying to run the verify-commits script for the first time and I think documenting them would help save time for future developers.

  1. I was trying to just run it with "python" and didn't realize I had multiple python versions installed and this script is only syntactically valid for python 3.x.
  2. I needed to import the trusted keys
  3. The script was hanging because it was triggering my yubikey for signature verification

Tree-SHA512: dfc7a62972ca3de528fae3c9d420c7d2d6658767a555ebbf5f4a27c04748c35ccf8bf63bfc9f264358346de0db49bfbaf2d1540793a609d81c2d9b622ee8182c
2018-12-10 17:18:38 +13:00
Jameson Lopp
45842c3d26
Improve documentation for running verify-commits.py script 2018-12-06 10:41:08 -05:00
Wladimir J. van der Laan
1ca0502541
scripts: Add trusted key for Samuel Dobson
Add trusted GPG key so that Samuel Dobson (MeshCollider), who is now
wallet maintainer, can merge PRs.
2018-12-04 13:51:53 +01:00
Chun Kuan Lee
5d62dcf9cf lint: Make sure we read the command line inputs using utf-8 decoding in python 2018-09-02 21:40:51 +08:00
DesWurstes
000000035b Obsolete #!/bin/bash shebang 2018-06-20 11:12:41 +03:00
Wladimir J. van der Laan
45c00f8416
Merge #13454: Make sure LC_ALL=C is set in all shell scripts
47776a958b Add linter: Make sure all shell scripts opt out of locale dependence using "export LC_ALL=C" (practicalswift)
3352da8da1 Add "export LC_ALL=C" to all shell scripts (practicalswift)

Pull request description:

  ~~Make sure `LC_ALL=C` is set when using `grep` range expressions.~~

  Make sure `LC_ALL=C` is set in all shell scripts.

  From the `grep(1)` documentation:

  > Within a bracket expression, a range expression consists of two characters separated by a hyphen. It matches any single character that sorts between the two characters, inclusive, using the locale's collating sequence and character set. For example, in the default C locale, `[a-d]` is equivalent to `[abcd]`. Many  locales sort characters in dictionary order, and in these locales `[a-d]` is typically not equivalent to `[abcd]`; it might be equivalent to `[aBbCcDd]`, for example. To obtain the traditional interpretation of bracket expressions, you can use the C locale by setting the `LC_ALL` environment variable to the value C.

  Context: [Locale issue found when reviewing #13450](https://github.com/bitcoin/bitcoin/pull/13450/files#r194877736)

Tree-SHA512: fd74d2612998f9b49ef9be24410e505d8c842716f84d085157fc7f9799d40e8a7b4969de783afcf99b7fae4f91bbb4559651f7dd6578a6a081a50bdea29f0909
2018-06-18 13:18:12 +02:00
Wladimir J. van der Laan
a90ca4087a
Merge #13448: Add linter: Make sure we explicitly open all text files using UTF-8 encoding in Python
c8176b3cc7 Add linter: Make sure we explicitly open all text files using UTF-8 or ASCII encoding in Python (practicalswift)
634bd97001 Explicitly specify encoding when opening text files in Python code (practicalswift)

Pull request description:

  Add linter: Make sure we explicitly open all text files using UTF-8 encoding in Python.

  As requested by @laanwj in #13440.

Tree-SHA512: 1651c00fe220ceb273324abd6703aee504029b96c7ef0e3029145901762c733c9b9d24927da281394fd4681a5bff774336c04eed01fafea997bb32192c334c06
2018-06-16 15:23:14 +02:00
Loganaden Velvindron
9e2e5626da Fix CVE-2018-12356 by hardening the regex. 2018-06-15 21:45:32 +04:00
practicalswift
3352da8da1 Add "export LC_ALL=C" to all shell scripts 2018-06-14 15:27:52 +02:00
practicalswift
634bd97001 Explicitly specify encoding when opening text files in Python code 2018-06-12 21:34:52 +02:00
Chun Kuan Lee
e5b2cd8e75 Use python instead of slow shell script on verify-commits 2018-06-12 14:48:02 +00:00
Wladimir J. van der Laan
b2e5fe8b55
Merge #12708: Make verify-commits.sh test that merges are clean
577f111 Make verify-commits.sh test that merges are clean (Pieter Wuille)

Pull request description:

  Unsure if we want this.

  This modifies verify-commits.sh to redo all merges along the leftmost commit branch (which includes all PR merges), and verify whether they match the merge commit's trees.

  The benefit is that it will detect a case where one of the maintainers merges a PR, but makes an unrelated change inside the merge commit. This on itself is not very strong, as unrelated changes can also be included in the merged branch itself - but perhaps the merge commit is not something that people are otherwise likely to look at.

  Fixes #8089

Tree-SHA512: 2c020f5ac3f771ac775aa726832916bb8e03a311b2745d7a9825047239bd0660d838f086f3456f2bb05cea14c1529f74436b8cdd74cc94b70e40b4617309f62c
2018-04-07 18:48:27 +02:00
Matt Corallo
94715767a3 [verify-commits] Add some additional useful documentation. 2018-03-29 10:31:56 -04:00
Matt Corallo
de7e93138a Add Marco-expired-key-signed-commits to allow-revsig-commits 2018-03-28 14:55:50 -04:00