verify-commits.py: error for merge commit with no signature with a trusted key #22170

<!-- This issue tracker is only for technical issues related to Bitcoin Core. General bitcoin questions and/or support requests are best directed to the Bitcoin StackExchange at https://bitcoin.stackexchange.com. For reporting security issues, please read instructions at https://bitcoincore.org/en/contact/. If the node is "stuck" during sync or giving "block checksum mismatch" errors, please ensure your hardware is stable by running memtest and observe CPU temperature with a load-test tool such as linpack before creating an issue! -->

<!-- Describe the issue -->

When running the verify-commit script, I get the following results:

Using verify-commits data from /home/nima/p/bitcoin/contrib/verify-commits
No parent of 38ab7d0765e52b8c9d93a677de70736a2e3a58a0 was signed with a trusted key!
Parents are:
commit 898dd9e262e4911fdf729bfe84b026c4e869802d
Merge: 8f5c9a7fd fa2b6c62c
Author: MarcoFalke <falke.marco@gmail.com>
Date:   Sat Jun 5 08:41:34 2021 +0200

    Merge bitcoin/bitcoin#22150: test: Remove unused node from feature_nulldummy
    
    fa2b6c62cd9a43d5896bb4b06a3ae64b7199843f test: Remove unused node from feature_nulldummy (MarcoFalke)
    
    Pull request description:
    
      This is confusing and might even slow down the test.
    
      This reverts a change that was added a year ago in d438d60 and then the need for it was removed by 95d5d5e six months ago.
    
    Top commit has no ACKs.
    
    Tree-SHA512: 9a86792e9a634cf7bbd4e7a21b1acdfc3baba1b1962fe2b9b73848436d10351d2326dca01313c097ba2342dde7207add73e731d053c0bfa888a5d8f2b233a7cf
commit 69b8b5d72c47d42a9e69e6666af89606057be15b
Author: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
Date:   Wed May 12 21:39:48 2021 +0300

    qt: Align numbers in the "Peer Id" column to the right

<!--- What behavior did you expect? -->

Actual behavior

<!--- What was the actual behavior (provide screenshots if the issue is GUI-related)? -->

Steps I took that resulted in this behavior:

git clone git@github.com:bitcoin/bitcoin.git
cd bitcoin
git fetch origin
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys $(<contrib/verify-commits/trusted-keys)
./contrib/verify-commits/verify-commits.py origin/master

After checking the way this script is currently used in the CI, I found the following lines: https://github.com/bitcoin/bitcoin/blob/master/ci/lint/06_script.sh#L27-L29

I also tried running

git log --merges --before="2 days ago" -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit

before running the verify-commit.py script, but the results were the same.

Any insights on this issue? I guess the unsigned commits from falke.marco@gmail.com are causing this issue. Not sure if there are more commits like that or not though.

<!--- How reliably can you reproduce the issue, what are the steps to do so? -->

System information

<!-- What version of Bitcoin Core are you using, where did you get it (website, self-compiled, etc)? -->

<!-- What type of machine are you observing the error on (OS/CPU and disk type)? -->

<!-- GUI-related issue? What is your operating system and its version? If Linux, what is your desktop environment and graphical shell? -->

<!-- Any extra information that might be useful in the debugging process. -->

<!--- This is normally the contents of a `debug.log` or `config.log` file. Raw text or a link to a pastebin type site are preferred. -->

I guess the unsigned commits from falke.marco@gmail.com are causing this issue. Not sure if there are more commits like that or not though.

The 898dd9e262e4911fdf729bfe84b026c4e869802d commit is signed with valid @MarcoFalke's signature:

$ git log -1 --show-signature 
commit 898dd9e262e4911fdf729bfe84b026c4e869802d (HEAD)
gpg: Signature made Tue 01 Jan 2019 02:00:00 AM EET
gpg:                using RSA key FAB54FA146A1AC8F6C2C6613CE2B75697E69A548
gpg: Good signature from "Marco Falke <marco.falke@tum.de>" [full]
gpg:                 aka "Marco Falke <falke.marco@gmail.com>" [full]
Merge: 8f5c9a7fd fa2b6c62c
Author: MarcoFalke <falke.marco@gmail.com>
Date:   Sat Jun 5 08:41:34 2021 +0200

    Merge bitcoin/bitcoin#22150: test: Remove unused node from feature_nulldummy
    
    fa2b6c62cd9a43d5896bb4b06a3ae64b7199843f test: Remove unused node from feature_nulldummy (MarcoFalke)
    
    Pull request description:
    
      This is confusing and might even slow down the test.
    
      This reverts a change that was added a year ago in d438d60 and then the need for it was removed by 95d5d5e six months ago.
    
    Top commit has no ACKs.
    
    Tree-SHA512: 9a86792e9a634cf7bbd4e7a21b1acdfc3baba1b1962fe2b9b73848436d10351d2326dca01313c097ba2342dde7207add73e731d053c0bfa888a5d8f2b233a7cf

True! Okay.

It was pointed out to me on IRC that @MarcoFalke 's RSA key is expired right now.

Then how can one use the verify-commit.py script and ignore the expired signatures?

True! Okay.

It was pointed out to me on IRC that @MarcoFalke 's RSA key is expired right now.

Then how can one use the verify-commit.py script and ignore the expired signatures?

gpg --refresh-keys

?

I had the same issue and had to fetch his key from openpgp.org.

gpg --recv-keys --keyserver hkp://keys.openpgp.org FAB54FA146A1AC8F6C2C6613CE2B75697E69A548

Most keyservers no longer accept new or updated keys on the public API due to DOS attacks. https://keys.openpgp.org/ is the only one left that has a public API (with email confirmation required) to accept keys.

Thanks everyone for the answers. After refreshing the keys, the script worked as expected. I will close the issue.

Can we start running the check in CI again as a smoke test? Was there a reason this was removed from ci?

Was there a reason this was removed from ci?

https://github.com/bitcoin/bitcoin/pull/12851