From c03f95a63bb4ee8c169713aeaf9ea6233e7f6e42 Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Fri, 12 Feb 2021 12:24:51 -0800 Subject: [PATCH 1/2] scripts/verify-install: bump min required signatures to 5 --- scripts/verify-install.sh | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/scripts/verify-install.sh b/scripts/verify-install.sh index 55fb0703..73980d85 100755 --- a/scripts/verify-install.sh +++ b/scripts/verify-install.sh @@ -172,6 +172,22 @@ for signature in $SIGNATURES; do ((NUM_CHECKS=NUM_CHECKS+1)) done +# We want at least five signatures (out of seven public keys) that sign the +# hashes of the binaries we have installed. If we arrive here without exiting, +# it means no signature manifests were uploaded (yet) with the correct naming +# pattern. +MIN_REQUIRED_SIGNATURES=5 +if [[ $NUM_CHECKS -lt $MIN_REQUIRED_SIGNATURES ]]; then + echo "ERROR: Not enough valid signatures found!" + echo " Valid signatures found: $NUM_CHECKS" + echo " Valid signatures required: $MIN_REQUIRED_SIGNATURES" + echo + echo " Make sure the release $LND_VERSION contains the required " + echo " number of signatures on the manifest, or wait until more " + echo " signatures have been added to the release." + exit 1 +fi + # Then make sure that the hash of the installed binaries can be found in the # manifest that we now have verified the signatures for. if ! grep -q "^$LND_SUM" "$MANIFEST"; then @@ -195,14 +211,5 @@ fi echo "" echo "Verified lnd and lncli hashes against $MANIFEST" -# We want at least one signature that signs the hashes of the binaries we have -# installed. If we arrive here without exiting, it means no signature manifests -# were uploaded (yet) with the correct naming pattern. -if [[ $NUM_CHECKS -lt 1 ]]; then - echo "ERROR: No valid signatures found!" - echo "Make sure the release $LND_VERSION contains any signatures for the manifest." - exit 1 -fi - echo "" echo "SUCCESS! Verified lnd and lncli against $NUM_CHECKS developer signature(s)." From 95eadfee2f40e9f64a3572302414bbdb17283540 Mon Sep 17 00:00:00 2001 From: Conner Fromknecht Date: Mon, 15 Feb 2021 10:00:42 -0800 Subject: [PATCH 2/2] scripts/verify-install.sh: combine final SUCCESS logs --- scripts/verify-install.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/scripts/verify-install.sh b/scripts/verify-install.sh index 73980d85..3a7290e7 100755 --- a/scripts/verify-install.sh +++ b/scripts/verify-install.sh @@ -209,7 +209,4 @@ if ! grep -q "^$LNCLI_SUM" "$MANIFEST"; then fi echo "" -echo "Verified lnd and lncli hashes against $MANIFEST" - -echo "" -echo "SUCCESS! Verified lnd and lncli against $NUM_CHECKS developer signature(s)." +echo "SUCCESS! Verified lnd and lncli against $MANIFEST signed by $NUM_CHECKS developers."