Merge pull request #5023 from cfromknecht/min-required-sigs-five
scripts/verify-install: require 5 of 7 signatures before accepting
This commit is contained in:
commit
fd3dd2cfff
@ -172,6 +172,22 @@ for signature in $SIGNATURES; do
|
|||||||
((NUM_CHECKS=NUM_CHECKS+1))
|
((NUM_CHECKS=NUM_CHECKS+1))
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# We want at least five signatures (out of seven public keys) that sign the
|
||||||
|
# hashes of the binaries we have installed. If we arrive here without exiting,
|
||||||
|
# it means no signature manifests were uploaded (yet) with the correct naming
|
||||||
|
# pattern.
|
||||||
|
MIN_REQUIRED_SIGNATURES=5
|
||||||
|
if [[ $NUM_CHECKS -lt $MIN_REQUIRED_SIGNATURES ]]; then
|
||||||
|
echo "ERROR: Not enough valid signatures found!"
|
||||||
|
echo " Valid signatures found: $NUM_CHECKS"
|
||||||
|
echo " Valid signatures required: $MIN_REQUIRED_SIGNATURES"
|
||||||
|
echo
|
||||||
|
echo " Make sure the release $LND_VERSION contains the required "
|
||||||
|
echo " number of signatures on the manifest, or wait until more "
|
||||||
|
echo " signatures have been added to the release."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
# Then make sure that the hash of the installed binaries can be found in the
|
# Then make sure that the hash of the installed binaries can be found in the
|
||||||
# manifest that we now have verified the signatures for.
|
# manifest that we now have verified the signatures for.
|
||||||
if ! grep -q "^$LND_SUM" "$MANIFEST"; then
|
if ! grep -q "^$LND_SUM" "$MANIFEST"; then
|
||||||
@ -193,16 +209,4 @@ if ! grep -q "^$LNCLI_SUM" "$MANIFEST"; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "Verified lnd and lncli hashes against $MANIFEST"
|
echo "SUCCESS! Verified lnd and lncli against $MANIFEST signed by $NUM_CHECKS developers."
|
||||||
|
|
||||||
# We want at least one signature that signs the hashes of the binaries we have
|
|
||||||
# installed. If we arrive here without exiting, it means no signature manifests
|
|
||||||
# were uploaded (yet) with the correct naming pattern.
|
|
||||||
if [[ $NUM_CHECKS -lt 1 ]]; then
|
|
||||||
echo "ERROR: No valid signatures found!"
|
|
||||||
echo "Make sure the release $LND_VERSION contains any signatures for the manifest."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo ""
|
|
||||||
echo "SUCCESS! Verified lnd and lncli against $NUM_CHECKS developer signature(s)."
|
|
||||||
|
Loading…
Reference in New Issue
Block a user