Remove laanwj from trusted-keys #27054
Conversation
allow-revsig-commits list generated using:
git log --format="%H %ce" --merges 577bd51..master | grep laanwj | cut -c -40 >> allow-revsig-commits
Tree-SHA512: e665d1f3f6ae45ad435cb2802d49988f5133d695b145aa2dc65af95c052e562e0afaf585c351a41529985b4229965cf555f7197a44c90ba7daaea7a28975648d
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
Seems to match with: git log --format="%H %GK" --merges $(cat contrib/verify-commits/trusted-git-root)..master | grep -E " 1E4AED62986CD25D" | cut -c -40if you prefer querying by key id, rather than committer email. Bit slower though (20s vs 0.2s). The key id matches the signing subkey: $ gpg --list-key --with-colons 71A3B16735405025D447E8F274810B012346C9A6 | cut -d: -f1,5,12 | grep 'sub:.*:s'
sub:1E4AED62986CD25D:s |
|
I don't think adding your merged commits to allow-revsig-commits actually allows them. Once verify-commits gets to those commits, since they are signed with a key no longer in trusted-keys, it will fail. Currently the only solution is to update trusted-git-root, although I'm working on a longer term solution that lets us set a "valid until" for the trusted keys. |
|
tACK aafa5e9 😢 The behavior of That makes sense because the list of trusted keys changes through time. But it means the newly added hash only have an effect if you call verify-commits with one of those hashes. In that case we check that commit against the current You can see this difference in behavior by amending this commit to drop one of the hashes. The verify-commits script will fail if you pass it that hash, and succeed if you don't. It would probably help if it cloned the repo in tmp rather than operate on itself. Still I think we can merge with these hashes added and improve the script later. I've checked the commit list in aafa5e9 against the list generated by @ajtowns's incantation. Also checked that this commit was signed by @laanwj. Note to other testers: the verify-commits.py script can be a bit cryptic when a PGP key has expired. Use |
It should only be checking out commits in order to do the clean merge check. When it does that, it will always reset itself to the commit given, and thus |
Unfortunately that commit can't be (an amended) aafa5e9 because that would simply fail. So when testing this PR it reset to the commit before it (that I used as the argument), with the trusted-keys at that time. But trying with So I guess the verification script only "works" if you enable the option(s) that cause it change commits, but either way |
|
I think you can just bump the root, like it was done before, see d4b3dc5 |
|
In any case, I think this can be merged as is, the intent should be clear here, and any bug fixes or behaviour changes of the script are better handled in a separate pull. |
…ent laanwj merge 6ada37d verify-commits: Bump trusted git root to after most recent laanwj merge (Andrew Chow) Pull request description: To prepare for the removal of laanwj's key from trusted key (#27054), the trusted git root needs to be newer than the most recent merge commit signed by his key. This can be tested by removing the laanwj's key from trusted keys (e.g. by merging with #27054) and running `verify-commits.py` with `--clean-merge 0`: `./contrib/verify-commits/verify-commits.py --clean-merge 0 HEAD~`. (`--clean-merge 0` disables the clean merge check which will checkout some commits, which results in the `trusted-keys` used in checking of subsequent commits to be different than expected). ACKs for top commit: fanquake: ACK 6ada37d hebasto: ACK 6ada37d, I've verified the history of laanwj's merge commits. Tree-SHA512: 55cafeddd54aa2b62d7b7cd41c542f4fd974b322a0405de546600d88658575714ebc893b087eb31f28c205559a7b213f88d9038de431271fca00be866610df74
| 2d0bdb2089644f5904629413423cdc897911b081 | ||
| 50c502f54abd9eb15c8ddca013f0fdfae3d132a9 | ||
| c840ab0231bc29057172179f005001c9ab299554 | ||
| aab5e48d422d396aec09bd6389de68613b19def5 |
|
ACK aafa5e9 |
allow-revsig-commits list generated using: