-
Notifications
You must be signed in to change notification settings - Fork 35.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove laanwj from trusted-keys #27054
Conversation
allow-revsig-commits list generated using: git log --format="%H %ce" --merges 577bd51..master | grep laanwj | cut -c -40 >> allow-revsig-commits Tree-SHA512: e665d1f3f6ae45ad435cb2802d49988f5133d695b145aa2dc65af95c052e562e0afaf585c351a41529985b4229965cf555f7197a44c90ba7daaea7a28975648d
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
Seems to match with: git log --format="%H %GK" --merges $(cat contrib/verify-commits/trusted-git-root)..master | grep -E " 1E4AED62986CD25D" | cut -c -40 if you prefer querying by key id, rather than committer email. Bit slower though (20s vs 0.2s). The key id matches the signing subkey: $ gpg --list-key --with-colons 71A3B16735405025D447E8F274810B012346C9A6 | cut -d: -f1,5,12 | grep 'sub:.*:s'
sub:1E4AED62986CD25D:s |
I don't think adding your merged commits to allow-revsig-commits actually allows them. Once verify-commits gets to those commits, since they are signed with a key no longer in trusted-keys, it will fail. Currently the only solution is to update trusted-git-root, although I'm working on a longer term solution that lets us set a "valid until" for the trusted keys. |
tACK aafa5e9 😢 The behavior of That makes sense because the list of trusted keys changes through time. But it means the newly added hash only have an effect if you call verify-commits with one of those hashes. In that case we check that commit against the current You can see this difference in behavior by amending this commit to drop one of the hashes. The verify-commits script will fail if you pass it that hash, and succeed if you don't. It would probably help if it cloned the repo in tmp rather than operate on itself. Still I think we can merge with these hashes added and improve the script later. I've checked the commit list in aafa5e9 against the list generated by @ajtowns's incantation. Also checked that this commit was signed by @laanwj. Note to other testers: the verify-commits.py script can be a bit cryptic when a PGP key has expired. Use |
It should only be checking out commits in order to do the clean merge check. When it does that, it will always reset itself to the commit given, and thus |
Unfortunately that commit can't be (an amended) aafa5e9 because that would simply fail. So when testing this PR it reset to the commit before it (that I used as the argument), with the trusted-keys at that time. But trying with So I guess the verification script only "works" if you enable the option(s) that cause it change commits, but either way |
I think you can just bump the root, like it was done before, see d4b3dc5 |
In any case, I think this can be merged as is, the intent should be clear here, and any bug fixes or behaviour changes of the script are better handled in a separate pull. |
…ent laanwj merge 6ada37d verify-commits: Bump trusted git root to after most recent laanwj merge (Andrew Chow) Pull request description: To prepare for the removal of laanwj's key from trusted key (#27054), the trusted git root needs to be newer than the most recent merge commit signed by his key. This can be tested by removing the laanwj's key from trusted keys (e.g. by merging with #27054) and running `verify-commits.py` with `--clean-merge 0`: `./contrib/verify-commits/verify-commits.py --clean-merge 0 HEAD~`. (`--clean-merge 0` disables the clean merge check which will checkout some commits, which results in the `trusted-keys` used in checking of subsequent commits to be different than expected). ACKs for top commit: fanquake: ACK 6ada37d hebasto: ACK 6ada37d, I've verified the history of laanwj's merge commits. Tree-SHA512: 55cafeddd54aa2b62d7b7cd41c542f4fd974b322a0405de546600d88658575714ebc893b087eb31f28c205559a7b213f88d9038de431271fca00be866610df74
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
left a comment, if you retouch
2d0bdb2089644f5904629413423cdc897911b081 | ||
50c502f54abd9eb15c8ddca013f0fdfae3d132a9 | ||
c840ab0231bc29057172179f005001c9ab299554 | ||
aab5e48d422d396aec09bd6389de68613b19def5 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like this can be dropped after commit 2b0cd76
Probably the whole file can be dropped, but this can be done either here or in a follow-up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets sort this out in a followup, like #27058.
ACK aafa5e9 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK aafa5e9
allow-revsig-commits list generated using: