Commit 3d5a5ab9bf2acfcecbd6fbf29073c310570b73e0
Add basic verification between signatories' release tarballs
Add support to check if the release tarball checksum between different signed assertions match. This is only meant for quick verification, not for actual validation of the assertion contents.TheCharlatan committed on 11/19/2019, 7:12:19 PM
Parent: 3f5f557f41bf5a2ef3be566d06db8e79d45b7f9c
Files changed
| verify-merge.py | changed |
| verify-merge.py | ||
|---|---|---|
| @@ -35,8 +35,37 @@ | ||
| 35 | 35 | if is_verification_error: |
| 36 | 36 | sys.stderr.write('ERROR: One or more signatures failed verification.\n') |
| 37 | 37 | exit(1) |
| 38 | 38 | |
| 39 | + print('All signatures verified correctly.\n') | |
| 40 | + print('Beginning checksum comparison...\n') | |
| 41 | + # Check that the contents between the assertion signers match. This is meant for quick verification, not for validation of their contents | |
| 42 | + # TODO: prevent false positives related to filenames / whitespace / formatting. | |
| 43 | + builds = glob.glob(ver_pattern + '*') | |
| 44 | + for build in builds: | |
| 45 | + first_file = glob.glob(build + '/*/*.assert', recursive=False)[0] | |
| 46 | + f = open(first_file, "r") | |
| 47 | + first_file_contents = f.readlines() | |
| 48 | + f.close() | |
| 49 | + for assert_file in glob.glob(build + '/*/*.assert', recursive=False): | |
| 50 | + f = open(assert_file, "r") | |
| 51 | + assert_file_contents = f.readlines() | |
| 52 | + f.close() | |
| 53 | + for i in range(len(assert_file_contents)): | |
| 54 | + # compare everything in the assertions until the base image manifests | |
| 55 | + if assert_file_contents[i] == "- base_manifests: !!omap\n": | |
| 56 | + break | |
| 57 | + # the OSX SDK may change from time to time | |
| 58 | + if "sdk" in assert_file_contents[i]: | |
| 59 | + continue | |
| 60 | + if assert_file_contents[i] != first_file_contents[i]: | |
| 61 | + print("ERROR: Found conflicting contents on line:", i) | |
| 62 | + print(assert_file, ":\n", assert_file_contents[i]) | |
| 63 | + print(first_file, ":\n", first_file_contents[i]) | |
| 64 | + exit(1) | |
| 65 | + | |
| 66 | + print('No discrepancies found in assertion files.') | |
| 67 | + print('All checks passed.') | |
| 39 | 68 | os.chdir(workdir) |
| 40 | 69 | |
| 41 | 70 | def main(): |
| 42 | 71 | host_repo = "git@github.com/monero-project/gitian.sigs" |
Built with git-ssb-web