fix: contrib: allow multi-sig binary verification #23020

Related: https://github.com/bitcoin-core/bitcoincore.org/issues/793

This changeset improves the contrib/verifybinaries/verify.py script to account for the new binary verification procedure introduced in the 22.0 release; for details on this new process, see the note in #22634.

In short, instead of relying on a single signature from the lead maintainer attesting to the expected hashes of binary releases, this verify script now supports validating that a minimum threshold of trusted identities have signed the checksum file.

Both the threshold and identities to trust are configurable by the end user, but sensible defaults are provided: identities are inferred from local GPG trust and the builder-keys file and a minimum threshold of 4 trusted signatures is configured by default. There are options for overriding these.

Various improvements have been made to the script for allow for easier programmatic use; a --json option is introduced and logging output is now directed to stderr.

Automatic pubkey import

Pubkeys that are referenced in checksum signature files can now be automatically downloaded based on a user prompt. This behavior can be disabled with the --noninteractive flag to support CI use.

I have built in functionality for elevating local GPG trust of the imported keys, but it isn't quite working yet; I think instead of manually modifying the GPG trust database I have to use the --sign-key command. But this is optional functionality and fixing the broken process is the priority here, so I can enable this nicety in a follow-up.

Builder-key diffing

Builder keys (as listed in ./contrib/builder-keys/keys.txt) are used by default to establish trust in a pubkey signature. This can be disabled with --no-builder-keys.

If builder keys are locally supplied (by running this command from the root of the repository), they are diffed with the remote version obtained over HTTPS from Github. A diff is reported if it exists, e.g.

Granular JSON output

Because binary verification is now a gradient on the basis of an end user's trust in a set of pubkeys, users of this script may want a granular report on which signatures were used. Stderr logging can be parsed for this information, but a convenient JSON blob is also accessible using the --json flag:

% ./contrib/verifybinaries/verify.py 22.0-x86 --noninteractive --json 2>/dev/null

{
  "good_trusted_sigs": [
    "SigData('9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C', 'Aaron Clauson (sipsorcery) <aaron@sipsorcery.com>', trusted=False, status='unknown')",
    "SigData('637DB1E23370F84AFF88CCE03152347D07DA627C', 'Stephan Oeste (it) <it@oeste.de>', trusted=True, status='unknown')",
    "SigData('9DEAE0DC7063249FB05474681E4AED62986CD25D', 'Wladimir J. van der Laan <laanwj@visucore.com>', trusted=True, status='unknown')",
    "SigData('0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8', 'Ben Carman <benthecarman@live.com>', trusted=False, status='unknown')",
    "SigData('152812300785C96444D3334D17565732E08E5E41', 'Andrew Chow (Official New Key) <achow101@gmail.com>', trusted=True, status='expired')",
    "SigData('D1DBF2C4B96F2DEBF4C16654410108112E7EA81F', 'Hennadii Stepanov (GitHub key) <32963518+hebasto@users.noreply.github.com>', trusted=True, status='unknown')",
    "SigData('590B7292695AFFA5B672CBB2E13FC145CD3F4304', 'Antoine Poinsot <darosior@protonmail.com>', trusted=True, status='unknown')"
  ],
  "good_untrusted_sigs": [
    "SigData('0CCBAAFD76A2ECE2CCD3141DE2FFD5B1D88CA97D', '.0xB10C <0xb10c@gmail.com>', trusted=False, status='unknown')",
    "SigData('28F5900B1BB5D1A4B6B6D1A9ED357015286A333D', 'Duncan Dean <duncangleeddean@gmail.com>', trusted=False, status='unknown')",
    "SigData('CFB16E21C950F67FA95E558F2EEB9F5CC09526C1', 'Michael Ford (bitcoin-otc) <fanquake@gmail.com>', trusted=False, status='unknown')",
    "SigData('6E01EEC9656903B0542B8F1003DB6322267C373B', 'Oliver Gugger <gugger@gmail.com>', trusted=False, status='unknown')",
    "SigData('74E2DEF5D77260B98BC19438099BAD163C70FBFA', 'Will Clark <will8clark@gmail.com>', trusted=False, status='unknown')"
  ],
  "unknown_sigs": [
    "SigData('82921A4B88FD454B7EB8CE3C796C4109063D4EAF', '', trusted=False, status='')"
  ],
  "bad_sigs": [],
  "verified_binaries": [
    "bitcoin-22.0-x86_64-linux-gnu.tar.gz"
  ]
}

Backwards incompatibility

Note that I have broken the interface; the script is no longer invoked in the same way and output differs. I initially tried to retain the old format, but I found it made less and less sense for the new signature scheme, and was not easily parsed sensibly. If there are users that rely on the old output structure, they can copy the script from an old version of the source tree.

Examples

Validate releases with default settings:

./contrib/verifybinaries/verify.py 22.0
./contrib/verifybinaries/verify.py 22.0-rc2-x86_64
./contrib/verifybinaries/verify.py bitcoin-core-0.13.0-rc3

Get JSON output and don't prompt for user input (no auto key import):

./contrib/verifybinaries/verify.py 22.0-x86 --json --noninteractive

Don't trust builder-keys by default, and rely only on local GPG state and manually specified keys, while requiring a threshold of at least 10 trusted signatures:

./contrib/verifybinaries/verify.py 22.0 \
    --no-builder-keys \
    --trusted-keys 74E2DEF5D77260B98BC19438099BAD163C70FBFA,9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C \
    --min-trusted-sigs 10

Followups

• update https://github.com/bitcoin-core/bitcoincore.org with new verification instructions
  • https://github.com/bitcoin-core/bitcoincore.org/pull/803
• fix local GPG trust elevation during pubkey import
• use logging facility instead of print_* functions
• write small test.sh exercising basic functionality with --noninteractive

New CLI interface

% ./contrib/verifybinaries/verify.py --help

usage: verify.py [-h] [--verbose] [--cleanup] [--noninteractive]
                 [--require-all-hosts] [--bitcoin-src-path [BITCOIN_SRC_PATH]]
                 [--skip-import-builders]
                 [--min-trusted-sigs [MIN_TRUSTED_SIGS]]
                 [--keyserver [KEYSERVER]] [--trusted-keys [TRUSTED_KEYS]]
                 [--no-builder-keys] [--json]
                 version

Script for verifying Bitcoin Core release binaries. This script attempts to
download the sum file SHA256SUMS and corresponding signature file
SHA256SUMS.asc from bitcoincore.org and bitcoin.org and compares them. The
sum-signature file is signed by a number of builder keys. This script ensures
that there is a minimum threshold of signatures from pubkeys that we trust.
This trust is articulated on the basis of configuration options here, but by
default is based upon a unionof (i) local GPG trust settings, and (ii) keys
which appear in the builder-keys/keys.txt file. If a minimum good, trusted
signature threshold is met on the sum file, we then download the files
specified in SHA256SUMS, and check if the hashes of these files match those
that are specified. The script returns 0 if everything passes the checks. It
returns 1 if either the signature check or the hash check doesn't pass. If an
error occurs the return value is >= 2. Logging output goes to stderr and final
binary verification data goes to stdout. JSON output can by obtained by
setting env BINVERIFY_JSON=1.

positional arguments:
  version               version of the bitcoin release to download; of the
                        format <major>.<minor>[.<patch>][-rc[0-9]][-platform].
                        Example: 22.0-x86_64 or 0.21.0-rc2-osx

options:
  -h, --help            show this help message and exit
  --verbose
  --cleanup             if specified, clean up files afterwards
  --noninteractive      if specified, do not block for user input
  --require-all-hosts   If set, require all hosts (https://bitcoincore.org,
                        https://bitcoin.org) to provide signatures. (Sometimes
                        bitcoin.org lags behind bitcoincore.org.)
  --bitcoin-src-path [BITCOIN_SRC_PATH]
                        specify path to bitcoin repository. Used to find
                        builder keys.
  --skip-import-builders
                        If set, do not prompt to import builder pubkeys
  --min-trusted-sigs [MIN_TRUSTED_SIGS]
                        The minimum number of good signatures from recognized
                        keys to require successful termination.
  --keyserver [KEYSERVER]
                        which keyserver to use
  --trusted-keys [TRUSTED_KEYS]
                        A list of trusted builder GPG keys, specified as CSV
  --no-builder-keys     If set, do not trust the builder-keys from the bitcoin
                        repo by default
  --json                If set, output the result as JSON

Concept ACK

Thanks for working on this! Will review and test within the next days.

Concept ACK

Concept ACK

This is great! Thanks

Concept ACK

Have you considered using the gpgme library (like https://github.com/bitcoin-core/bitcoin-maintainer-tools/blob/master/gitian-verify.py#L66 does) instead of parsing gpg command text output? I tried this approach and it became an awful mess, using the library is more robust, though it does introduce another Python dependency.

I guess I'm doing something wrong (on macOS 11.6)?

% contrib/verifybinaries/verify.py 22.0  
WARNING: https://bitcoin.org failed to provide signature file. Continuing based solely upon https://bitcoincore.org.
WARNING: https://bitcoin.org failed to provide SHA256SUMS file. Continuing based solely upon https://bitcoincore.org.
Traceback (most recent call last):
  File "contrib/verifybinaries/verify.py", line 568, in <module>
    sys.exit(main(sys.argv[1:]))
  File "contrib/verifybinaries/verify.py", line 418, in main
    good, unknown, bad = parse_gpg_result(output.splitlines())
  File "contrib/verifybinaries/verify.py", line 271, in parse_gpg_result
    f"failed to evaluate all signatures: found {all_found} "
RuntimeError: failed to evaluate all signatures: found 13 but expected 10

For 0.21.1 the SHA256SUMS file is missing, only the signatures are there: https://bitcoincore.org/bin/bitcoin-core-0.21.1/

% contrib/verifybinaries/verify.py 0.21.1
Error: couldn't fetch SHA256SUMS file.
wget output:
  --2021-09-21 19:18:24--  https://bitcoincore.org/bin/bitcoin-core-0.21.1/SHA256SUMS
  Herleiden van bitcoincore.org (bitcoincore.org)... 198.251.83.116, 107.191.99.5
  Verbinding maken met bitcoincore.org (bitcoincore.org)|198.251.83.116|:443... verbonden.
  HTTP-verzoek is verzonden; wachten op antwoord... 404 Not Found
  2021-09-21 19:18:25 Fout 404: Not Found.

PS it would be nice to check the timestamp as well if opentimestamp is present.

Have you considered using the gpgme library @laanwj this is a good idea, I'll look into it. Initially I didn't want end users to have to futz with pip or extra Python package installation since it can get very confusing very fast for semi-technical users (and even just plain technical users), but it might be worth the complexity. I'll give that a shot and post the diff.

I guess I'm doing something wrong (on macOS 11.6)? @Sjors hm, interesting... I'm not able to reproduce on my Linux machine, but I'm betting there may be some formatting differences on different versions of GPG and/or macOS (which speaks to @laanwj's point about not relying on parsing output). Can you rerun with --verbose and send me the GPG output, either here or in DM?

For 0.21.1 the SHA256SUMS file is missing, only the signatures are there: https://bitcoincore.org/bin/bitcoin-core-0.21.1/

Oh, that's a really good point. We probably need to retain the legacy behavior for old releases. I'll work on this.

PS it would be nice to check the timestamp as well if opentimestamp is present.

Love that idea.

I've pushed a fix for the first issue @Sjors discovered (signature miscounting) as well as a logging refactoring. A commit for legacy process support is coming soon, but this can still be tested with 22.0.

Much better, modulo somewhat scary warnings:

% contrib/verifybinaries/verify.py 22.0                                
[WARNING] https://bitcoin.org failed to provide signature file. Continuing based solely upon https://bitcoincore.org.
[WARNING] https://bitcoin.org failed to provide SHA256SUMS file. Continuing based solely upon https://bitcoincore.org.
[WARNING] removing *-unsigned binaries (bitcoin-22.0-osx-unsigned.dmg, bitcoin-22.0-osx-unsigned.tar.gz, bitcoin-22.0-win-unsigned.tar.gz, bitcoin-22.0-win64-setup-unsigned.exe) from verification since https://bitcoincore.org does not host *-unsigned binaries
[WARNING] removing *-debug binaries (bitcoin-22.0-aarch64-linux-gnu-debug.tar.gz, bitcoin-22.0-arm-linux-gnueabihf-debug.tar.gz, bitcoin-22.0-powerpc64-linux-gnu-debug.tar.gz, bitcoin-22.0-powerpc64le-linux-gnu-debug.tar.gz, bitcoin-22.0-riscv64-linux-gnu-debug.tar.gz, bitcoin-22.0-x86_64-linux-gnu-debug.tar.gz, bitcoin-22.0-win64-debug.zip) from verification since https://bitcoincore.org does not host *-debug binaries
[WARNING] removing *-codesignatures binaries (bitcoin-22.0-codesignatures-22.0.tar.gz) from verification since https://bitcoincore.org does not host *-codesignatures binaries
VERIFIED: bitcoin-22.0-aarch64-linux-gnu.tar.gz
VERIFIED: bitcoin-22.0-arm-linux-gnueabihf.tar.gz
VERIFIED: bitcoin-22.0.tar.gz
VERIFIED: bitcoin-22.0-powerpc64-linux-gnu.tar.gz
VERIFIED: bitcoin-22.0-powerpc64le-linux-gnu.tar.gz
VERIFIED: bitcoin-22.0-riscv64-linux-gnu.tar.gz
VERIFIED: bitcoin-22.0-osx-signed.dmg
VERIFIED: bitcoin-22.0-osx64.tar.gz
VERIFIED: bitcoin-22.0-x86_64-linux-gnu.tar.gz
VERIFIED: bitcoin-22.0-win64-setup.exe
VERIFIED: bitcoin-22.0-win64.zip

I've pushed an update (thanks to @Sjors' testing) that preserves the ability to verify binaries for releases older than 22.0, but still outputs verification results for everything in a uniform way.

I've also included a change that associates the sha256 hash values along with the binary filenames in JSON output, which seems potentially useful.

22.0 output

% ./contrib/verifybinaries/verify.py 22.0 --json --quiet --noninteractive
[WARNING] https://bitcoin.org failed to provide file (https://bitcoin.org/bin/bitcoin-core-22.0/SHA256SUMS.asc). Continuing based solely upon https://bitcoincore.org.
[WARNING] https://bitcoin.org failed to provide file (https://bitcoin.org/bin/bitcoin-core-22.0/SHA256SUMS). Continuing based solely upon https://bitcoincore.org.
[WARNING] key 152812300785C96444D3334D17565732E08E5E41 for Andrew Chow (Official New Key) <achow101@gmail.com> is expired
[WARNING] UNKNOWN SIGNATURE: SigData('82921A4B88FD454B7EB8CE3C796C4109063D4EAF', '', trusted=False, status='')
{
  "good_trusted_sigs": [
    "SigData('9DEAE0DC7063249FB05474681E4AED62986CD25D', 'Wladimir J. van der Laan <laanwj@visucore.com>', trusted=True, status='unknown')",
    "SigData('152812300785C96444D3334D17565732E08E5E41', 'Andrew Chow (Official New Key) <achow101@gmail.com>', trusted=True, status='expired')",
    "SigData('637DB1E23370F84AFF88CCE03152347D07DA627C', 'Stephan Oeste (it) <it@oeste.de>', trusted=True, status='unknown')",
    "SigData('590B7292695AFFA5B672CBB2E13FC145CD3F4304', 'Antoine Poinsot <darosior@protonmail.com>', trusted=True, status='unknown')",
    "SigData('D1DBF2C4B96F2DEBF4C16654410108112E7EA81F', 'Hennadii Stepanov (GitHub key) <32963518+hebasto@users.noreply.github.com>', trusted=True, status='unknown')",
    "SigData('0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8', 'Ben Carman <benthecarman@live.com>', trusted=False, status='unknown')",
    "SigData('9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C', 'Aaron Clauson (sipsorcery) <aaron@sipsorcery.com>', trusted=False, status='unknown')"
  ],
  "good_untrusted_sigs": [
    "SigData('0CCBAAFD76A2ECE2CCD3141DE2FFD5B1D88CA97D', '.0xB10C <0xb10c@gmail.com>', trusted=False, status='unknown')",
    "SigData('28F5900B1BB5D1A4B6B6D1A9ED357015286A333D', 'Duncan Dean <duncangleeddean@gmail.com>', trusted=False, status='unknown')",
    "SigData('CFB16E21C950F67FA95E558F2EEB9F5CC09526C1', 'Michael Ford (bitcoin-otc) <fanquake@gmail.com>', trusted=False, status='unknown')",
    "SigData('6E01EEC9656903B0542B8F1003DB6322267C373B', 'Oliver Gugger <gugger@gmail.com>', trusted=False, status='unknown')",
    "SigData('74E2DEF5D77260B98BC19438099BAD163C70FBFA', 'Will Clark <will8clark@gmail.com>', trusted=False, status='unknown')"
  ],
  "unknown_sigs": [
    "SigData('82921A4B88FD454B7EB8CE3C796C4109063D4EAF', '', trusted=False, status='')"
  ],
  "bad_sigs": [],
  "verified_binaries": {
    "bitcoin-22.0-aarch64-linux-gnu.tar.gz": "ac718fed08570a81b3587587872ad85a25173afa5f9fbbd0c03ba4d1714cfa3e",
    "bitcoin-22.0-arm-linux-gnueabihf.tar.gz": "b8713c6c5f03f5258b54e9f436e2ed6d85449aa24c2c9972f91963d413e86311",
    "bitcoin-22.0.tar.gz": "d0e9d089b57048b1555efa7cd5a63a7ed042482045f6f33402b1df425bf9613b",
    "bitcoin-22.0-powerpc64-linux-gnu.tar.gz": "2cca5f99007d060aca9d8c7cbd035dfe2f040dd8200b210ce32cdf858479f70d",
    "bitcoin-22.0-powerpc64le-linux-gnu.tar.gz": "91b1e012975c5a363b5b5fcc81b5b7495e86ff703ec8262d4b9afcfec633c30d",
    "bitcoin-22.0-riscv64-linux-gnu.tar.gz": "9cc3a62c469fe57e11485fdd32c916f10ce7a2899299855a2e479256ff49ff3c",
    "bitcoin-22.0-osx-signed.dmg": "3b3e2680f7d9304c13bfebaf6445ada40d72324b4b3e0a07de9db807389a6c5b",
    "bitcoin-22.0-osx64.tar.gz": "2744d199c3343b2d94faffdfb2c94d75a630ba27301a70e47b0ad30a7e0155e9",
    "bitcoin-22.0-x86_64-linux-gnu.tar.gz": "59ebd25dd82a51638b7a6bb914586201e67db67b919b2a1ff08925a7936d1b16",
    "bitcoin-22.0-win64-setup.exe": "9169989d649937c0f9ebccd3ab088501328aa319fe9e91fc7ea8e8cf0fcccede",
    "bitcoin-22.0-win64.zip": "9485e4b52ed6cebfe474ab4d7d0c1be6d0bb879ba7246a8239326b2230a77eb1"
  }
}

0.21.0 output

Note that this fails because the SHA256SUMS.asc files differ between bitcoincore.org and bitcoin.org. This is the behavior of the script before this changeset (though now we display a unified diff of file contents), but we may want to change things to just ignore bitcoin.org in a case like this.

 % ./contrib/verifybinaries/verify.py 0.21.0 --json --quiet --noninteractive
[WARNING] found diff in files (SHA256SUMS.asc, SHA256SUMS.asc.2):
  ---
  +++
  @@ -7,23 +7,23 @@
   6223fd23d07133a6bfa2aa3d2554a09dc1d790d28ce67b0085d3fdcc1c126e05  bitcoin-0.21.0-osx.dmg
   f8b2adfeae021a672effbc7bd40d5c48d6b94e53b2dd660f787340bf1a52e4e9  bitcoin-0.21.0-riscv64-linux-gnu.tar.gz
   1a91202c62ee49fb64d57a52b8d6d01cd392fffcbef257b573800f9289655f37  bitcoin-0.21.0.tar.gz
  -385a67cc4cf45558c05eb85fc500046cf033f816637fe0bff80d30debfca0128  bitcoin-0.21.0-win64-setup-unsigned.exe
  +54050748ef4d4f000ea1ece472491b3e5fd546efc74ed52119354b2893f6624b  bitcoin-0.21.0-win64-setup.exe
   1d0052c4ce80227fb6d0bc1c4e673ba21033e219c1f935d25f130ef7f43360d4  bitcoin-0.21.0-win64.zip
   da7766775e3f9c98d7a9145429f2be8297c2672fe5b118fd3dc2411fb48e0032  bitcoin-0.21.0-x86_64-linux-gnu.tar.gz
   -----BEGIN PGP SIGNATURE-----
   Version: GnuPG v1.4.11 (GNU/Linux)

  -iQIcBAEBCAAGBQJgXPg5AAoJEJDIAZ42wulkkl4P/jq29Je7Uqn75jkpvT8ilB8M
  -5nM60ORBSsCyJHryS5sJeljLx/i8JTYkL10nUTpGDlFA3DOjM5MXgAHMJdYles7c
  -PFO6TAqjrDWHgpc/HuPUCiF84N47u8xXcyWuoUjcgfLuV0K6l/1unCw6ISXZEdhy
  -WTDZuqy+9lw9nWQA7VyIP+gfgMzgiH9P6x+ru9cYcXmimCv0TUtKp8iwUnW7QmrT
  -aDtQJPs9sNWxjIa4WP5l4FKFlRErAyiHA24apQkOhn8YLSrIEATFE2t89HwvmIoV
  -kv2BmQDrCUceC1OneFzmDP3JXJ0qa8wisw2gbUyO3EoSHfs/dlEG4+4NUQxtIwwX
  -JQmaB7HII6UI86kIVIBWKA19hNiAxljSKgG7blP7+J2EKC+IDqZhuYHjpYCiJg5V
  -2NSB3YE0sgKNyLPJN4OSA0h9nsBbEzHWm+BRgnkpPSsi2HSnczKzZwES31p9EGX1
  -PYi4A1nk/kOFKCZh0uvaBKWR4h3MrLB9ABv3QqmkLeEJamLDfZPDC/35WRs9Z7kQ
  -CUER5yMoJxq7aGjYSdd0jMxDL4akXRwf5DSN++voil3zWAqWS6XaH+9RtGmqFrZr
  -uso8UR3RkAwgC5HQwgtEcyewA9xxz4MHx5UN5D+YzaejJvdDJBEa9oLry21EA34U
  -071d1dTERe21zpnLj1EL
  -=yP9G
  +iQIcBAEBCAAGBQJgADqTAAoJEJDIAZ42wulkjtkQAJwlSTDinKsxZIMky3MeVhwB
  +CmxxYiMLPQA8bwgxyc4RaTxUrqL2oExPOtfcDzcR1WbQe12niG40N/2yrtf66lG9
  +KbSsQD6nKat9B3mCk9/jNkJHWmq5JJbOyfRs2mex75Lj7UHaPPrqh2rMfEewljed
  +kHkDuaqeqYlTAh981WqLD+l5jnpQZqBSrcz3YTTvXWd7xKfFSVzqF/tD4CQFrPX2
  +9b2BLzA/u+29Z3s+zio1l5c7fikNDd404T5U/y+NMOyCmgT4eiDGLQPlEpoGNq3w
  +GYU7FNZUO9xXeatx4PI8qiq5mIK46UwfPUTeruTzNrHsME7YioUa87uSYKM8jqwP
  +FSnbhYoUqCB/wPaKZwEF+2WzG88yj2+PzalVt8cnjRnTQ77COtHJqs8AjLWnVACF
  +LluplM16xyiLn0FWkrEHyi5HlI+X+cqIiTtehojMBXIkHugIYMnT5XB9llh5OWXg
  +Bp1UGupojLXYuMNF5R6cU5Iq+xJjbUiQ/PDm38MBlFlQ9RzRCYyZpMYZE3K9p789
  +jpjdYdMPtzkYlIKD87S89JtE1s6i/SkTPhebyu/328rqkqnNKSCHnuB7Fy2iEKJj
  +5kLs/LjY8yxSMuGeNl6LhWGKVZKy0AS/BztSHr2jgThfhN1BemFRcViSvcXhMeNw
  +ka8Z9KLt/N0ziabBexAw
  +=bi4p
   -----END PGP SIGNATURE-----


[ERROR] files not equal: SHA256SUMS.asc and SHA256SUMS.asc.2

0.20.0 output

Legacy binary verifications rely solely on a successful GPG code, as was the behavior before this changeset.

% ./contrib/verifybinaries/verify.py 0.20.0 --json --quiet --noninteractive
{
  "good_trusted_sigs": [],
  "good_untrusted_sigs": [
    "SigData('0x90C8019E36C2E964', 'Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>', trusted=False, status='unknown')"
  ],
  "unknown_sigs": [],
  "bad_sigs": [],
  "verified_binaries": {
    "bitcoin-0.20.0-aarch64-linux-gnu.tar.gz": "081b30b0f1af95656242c83eef30bbf7216b1a30fa8e8f29b3b160fe520d28f6",
    "bitcoin-0.20.0-arm-linux-gnueabihf.tar.gz": "05014c7ff00f4496b1f389f0961d807e04505d8721d5c6f69567f2a0ec1985cc",
    "bitcoin-0.20.0-osx64.tar.gz": "34f377fee2c7adf59981dde7e41215765d47b466f773cf2673137d30495b2675",
    "bitcoin-0.20.0-osx.dmg": "a6e44b928d9ac04f11d43e920f4971fbdf1e77a8c28f7c14fafdd741ca7bc99f",
    "bitcoin-0.20.0-riscv64-linux-gnu.tar.gz": "5b9cae3aa4197d1e557ff236754f489bce877ebba2267ce33af79b2ca4a13af6",
    "bitcoin-0.20.0.tar.gz": "ec5a2358ee868d845115dc4fc3ed631ff063c57d5e0a713562d083c5c45efb28",
    "bitcoin-0.20.0-win64-setup.exe": "0f1ea61a9aa9aba383a43bcdb5755b072cfff016b9c6bb0afa772a8685bcf7b0",
    "bitcoin-0.20.0-win64.zip": "3e9ddfa05b7967e43fb502b735b6c4d716ec06f63ab7183df2e006ed4a6a431f",
    "bitcoin-0.20.0-x86_64-linux-gnu.tar.gz": "35ec10f87b6bc1e44fd9cd1157e5dfa483eaf14d7d9a9c274774539e7824c427"
  }
}

Concept ACK - thanks for working on this.

Have you considered using the gpgme library (like https://github.com/bitcoin-core/bitcoin-maintainer-tools/blob/master/gitian-verify.py#L66 does) instead of parsing gpg command text output?

So I spent some time thinking about this and looking around at the various libraries that're available for GPG use. While using one of them would definitely save on a little complexity here, I'm somewhat wary of the trade-offs.

On top of the added installation complexity (apparently gpgme isn't just a pip install but requires libgpgme development headers to be installed as well), I have broader concerns about relying on Python dependencies for uses that are this sensitive.

If we use a third-party Python lib, we're opening up the trust model to encompass not just the Core repo and the Python runtime, but the author of the Python library and the PyPI servers. Obviously we could pin hashes, vendor the library, etc. etc. but I think that will ultimately be more work than the 70 odd lines of code that munge GPG output.

It strikes me that dealing with possible (and probably explicit) failure of this script on less common platforms because of unexpected GPG formatting is probably preferable to opening ourselves up to vulnerabilities based on third-party dependencies and packaging infrastructure. At least when it comes to something as important as verifying Bitcoin binaries.

I tend to agree that it's worth a bit of hassle to not have too many dependencies for this verify script.

Recently I worked on a Linux machine where gpg printed its verification results in its local language (German, in my case). In such a case, the verification script would obviously fail, as it expects English as output language. Can we find a way to cope with that? I didn't look deeper yet on what the output language depends on (I guess some typical locale environment variable like LANGUAGE or LC_MESSAGES). Maybe there is a command line flag that can enforce a certain language. In the worst case, we can always start up gpg with a shell script that overrides the locale settings temporarily.

This is one concern that we wouldn't need to take care of when using a library like gpgme, though I generally agree with the opinion that we want to keep the dependencies minimal (as expressed by @jamesob and @Sjors).

This is one concern that we wouldn't need to take care of when using a library like gpgme, though I generally agree with the opinion that we want to keep the dependencies minimal (as expressed by

Yes it would never run into language issues with libgpgme because it uses the GPG code directly, not through parsing text. And FWIW, libgpgme generally seems to already be installed on Ubuntu-ish machines (it's not like bitcoin would be the only thing using this). I agree about dependency concerns otherwise of course.

but I think that will ultimately be more work than the 70 odd lines of code that munge GPG output.

What I'm mostly concerned about is that munging GPG output is conceptually brittle. It's not a good machine interface. A change in the text output from one version to another may cause the script to misbehave (likely it would fail safely, not dangerously, due to the exit code, but okay).

In such a case, the verification script would obviously fail, as it expects English as output language.

Are you able to actually trigger such a failure at the moment? I think I saw some dutch in @Sjors' output, but the script worked fine. If you are I'd be curious to see it.

What I'm mostly concerned about is that munging GPG output is conceptually brittle.

I don't want to push back too hard, but right now the script in master is plain broken. This actually works (despite maybe being brittle), and so I think it's worth considering for merge as-is.

I'm happy to do a follow-up if we actually get reports of failures, or perhaps even before then if we find a decent way to handle the additional dependencies. Nothing in this approach precludes that, but incorporating libgpgme seems like a decent chunk of additional work given we'd now have to deal with packaging considerations. It'd be a shame for the perfect to be the enemy of the good in this case.

One easy mitigation might be to specify the envvar LANG=en before each gpg call (https://stackoverflow.com/a/33961763/1611953).

Okay, I've verified that LANGUAGE=x does control output language for (my version of) gpg:

13:33:26 james@teller /home/james % LANGUAGE=en gpg --verify sigs.txt
gpg: Signature made Thu 02 Sep 2021 01:52:57 PM EDT
gpg:                using RSA key 4589779ADFC14F3327534EA8A3A31BAD5A2A5B10
gpg: Good signature from "Peter D. Gray <peter@coinkite.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4589 779A DFC1 4F33 2753  4EA8 A3A3 1BAD 5A2A 5B10

13:33:27 james@teller /home/james % LANGUAGE=fr gpg --verify sigs.txt
gpg: Signature faite le Thu 02 Sep 2021 01:52:57 PM EDT
gpg:                avec la clef RSA 4589779ADFC14F3327534EA8A3A31BAD5A2A5B10
gpg: Bonne signature de « Peter D. Gray <peter@coinkite.com> » [inconnu]
gpg: Attention : cette clef n'est pas certifiée avec une signature de confiance.
gpg:             Rien n'indique que la signature appartient à son propriétaire.
Empreinte de clef principale : 4589 779A DFC1 4F33 2753  4EA8 A3A3 1BAD 5A2A 5B10

and also demonstrated that the script would have broken in that case, albeit explicitly.

I've added a commit that specifies LANGUAGE=en before the gpg command and so avoids this issue. Thanks for raising the point! And FWIW I'm still not averse to using libgpgme at some point, but I do think more thought is required about how to manage the packaging complexity of that. I really don't like the idea of introducing PyPI and its servers into our process.

Gentle reminder here that the script in master is broken for 22.0 verification. It'd be great to either get this reviewed/merged or get some clear direction on what's needed to move this forward.

I understand that parsing GPG text output is less than ideal, but I'm still of the opinion that the alternative of introducing a reliance on gpgme and all the packaging considerations that come along with it is less appealing. The downside of parsing text is potentially having explicit errors occur which users can report - this is opposed to the implicit risks of gpgme packaging and the disincentives that come along with a more onerous install process.

Started to review this (a92ec88cbc6e153eabf5e809d8960454488cc391). Looks good, there's just a lot to go over

More review of a92ec88cbc6e153eabf5e809d8960454488cc391. Mostly done I think. Will continue

Thanks (as always) for the great review and feedback @ryanofsky. To avoid painful review invalidation (and an even more painful rebase process), I've addressed the majority of your feedback in an additional commit.

Pushed a rebase that ports the functional tests from .sh to .py - immediately to fix the shellcheck failures, but I'd been meaning to do this anyway because the tests are easier to write and maintain in Python.

Pushed a rebase that ports the functional tests from .sh to .py

Thank you!

tACK 396cb35a2205a625ce3ba1a86d97754fbb983e85. I really like this and IMO should be very simple to explain to end users.

Should I just close this?

I would prefer not, I really like this solution

tACK with the changes I suggested inline previously.

@willcl-ark thanks very much for the review; pushed your feedback.

<!--e57a25ab6845829454e8d69fc972939a-->

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

<!--021abf342d371248e50ceaed478a90ca-->

Reviews

See the guideline for information on the review process.

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

<!--174a7506f384e20aa4161008e828411d-->

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #27358 (contrib: allow multi-sig binary verification v2 by theuni)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

Review tally:

• @willcl-ark: tACK
• @Rspigler: tACK
• @ryanofsky: some review
• @fanquake: concept ACK
• @theStack: concept ACK
• @laanwj: concept ACK
• @Sjors: had tested a little

Friendly reminder that the existing script is broken for modern releases.

I'll take this for another spin after the v24.0 release.

Works with 24.0 for me:

<details> <summary>Console output </summary>

❯ ./contrib/verifybinaries/verify.py --verbose 24.0-x86_64
[INFO] got file https://bitcoincore.org/bin/bitcoin-core-24.0/SHA256SUMS.asc as SHA256SUMS.asc
[WARNING] https://bitcoin.org failed to provide file (https://bitcoin.org/bin/bitcoin-core-24.0/SHA256SUMS.asc). Continuing based solely upon https://bitcoincore.org.
[WARNING] found diff (local vs. GH) in builder keys:
  ---

  +++

  @@ -1,3 +1,4 @@

  +982A193E3CE0EED535E09023188CBB2648416AD5 0xB10C (0xb10c)
   9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C Aaron Clauson (sipsorcery)
   617C90010B3BD370B0AC7D424BB42E31C79111B8 Akira Takizawa (akx20000)
   E944AE667CF960B1004BC32FCA662BE18B877A60 Andreas Schildbach (aschildbach)

[INFO] got file https://bitcoincore.org/bin/bitcoin-core-24.0/SHA256SUMS as SHA256SUMS
[WARNING] https://bitcoin.org failed to provide file (https://bitcoin.org/bin/bitcoin-core-24.0/SHA256SUMS). Continuing based solely upon https://bitcoincore.org.
[INFO] gpg output:
  gpg: assuming signed data in 'SHA256SUMS'
  gpg: Signature made Thu 17 Nov 2022 19:10:20 GMT
  gpg:                using RSA key 152812300785C96444D3334D17565732E08E5E41
  gpg:                issuer "andrew@achow101.com"
  gpg: Good signature from "Andrew Chow <andrew@achow101.com>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 1528 1230 0785 C964 44D3  334D 1756 5732 E08E 5E41
  gpg: Signature made Fri 18 Nov 2022 17:38:13 GMT
  gpg:                using RSA key 0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8
  gpg:                issuer "benthecarman@live.com"
  gpg: Good signature from "Ben Carman <benthecarman@live.com>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 0AD8 3877 C1F0 CD1E E9BD  660A D7CC 770B 81FD 22A8
  gpg: Signature made Thu 17 Nov 2022 20:36:14 GMT
  gpg:                using RSA key 101598DC823C1B5F9A6624ABA5E0907A0380E6C3
  gpg: requesting key 0xA5E0907A0380E6C3 from hkp server keyserver.ubuntu.com
  gpg: key 0xA5E0907A0380E6C3: public key "CoinForensics (SigningKey) <59567284+coinforensics@users.noreply.github.com>" imported
  gpg: Total number processed: 1
  gpg:               imported: 1
  gpg: Good signature from "CoinForensics (SigningKey) <59567284+coinforensics@users.noreply.github.com>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 1015 98DC 823C 1B5F 9A66  24AB A5E0 907A 0380 E6C3
  gpg: Signature made Thu 17 Nov 2022 18:59:53 GMT
  gpg:                using RSA key CFB16E21C950F67FA95E558F2EEB9F5CC09526C1
  gpg:                issuer "fanquake@gmail.com"
  gpg: Good signature from "Michael Ford (bitcoin-otc) <fanquake@gmail.com>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: E777 299F C265 DD04 7930  70EB 944D 35F9 AC3D B76A
       Subkey fingerprint: CFB1 6E21 C950 F67F A95E  558F 2EEB 9F5C C095 26C1
  gpg: Signature made Fri 18 Nov 2022 04:30:59 GMT
  gpg:                using RSA key F19F5FF2B0589EC341220045BA03F4DBE0C63FB4
  gpg: Good signature from "Gloria Zhao <gloriazhao@berkeley.edu>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 6B00 2C6E A3F9 1B1B 0DF0  C9BC 8F61 7F12 00A6 D25C
       Subkey fingerprint: F19F 5FF2 B058 9EC3 4122  0045 BA03 F4DB E0C6 3FB4
  gpg: Signature made Thu 17 Nov 2022 19:11:54 GMT
  gpg:                using RSA key F4FC70F07310028424EFC20A8E4256593F177720
  gpg:                issuer "gugger@gmail.com"
  gpg: Good signature from "Oliver Gugger <gugger@gmail.com>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: F4FC 70F0 7310 0284 24EF  C20A 8E42 5659 3F17 7720
  gpg: Signature made Mon 21 Nov 2022 09:40:28 GMT
  gpg:                using RSA key D1DBF2C4B96F2DEBF4C16654410108112E7EA81F
  gpg:                issuer "hebasto@gmail.com"
  gpg: Good signature from "Hennadii Stepanov (GitHub key) <32963518+hebasto@users.noreply.github.com>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: D1DB F2C4 B96F 2DEB F4C1  6654 4101 0811 2E7E A81F
  gpg: Signature made Sat 19 Nov 2022 09:07:19 GMT
  gpg:                using RSA key 287AE4CA1187C68C08B49CB2D11BD4F33F1DB499
  gpg: Good signature from "jackielove4u <jackielove4u@hotmail.com>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 287A E4CA 1187 C68C 08B4  9CB2 D11B D4F3 3F1D B499
  gpg: Signature made Thu 24 Nov 2022 09:34:31 GMT
  gpg:                using RSA key 9DEAE0DC7063249FB05474681E4AED62986CD25D
  gpg: Good signature from "Wladimir J. van der Laan <laanwj@protonmail.com>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 71A3 B167 3540 5025 D447  E8F2 7481 0B01 2346 C9A6
       Subkey fingerprint: 9DEA E0DC 7063 249F B054  7468 1E4A ED62 986C D25D
  gpg: Signature made Mon 21 Nov 2022 15:16:20 GMT
  gpg:                using RSA key 3EB0DEE6004A13BE5A0CC758BF2978B068054311
  gpg: Good signature from "Pieter Wuille <pieter@wuille.net>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 133E AC17 9436 F14A 5CF1  B794 860F EB80 4E66 9320
       Subkey fingerprint: 3EB0 DEE6 004A 13BE 5A0C  C758 BF29 78B0 6805 4311
  gpg: Signature made Sat 19 Nov 2022 13:10:12 GMT
  gpg:                using RSA key 9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C
  gpg:                issuer "aaron@sipsorcery.com"
  gpg: Good signature from "Aaron Clauson (sipsorcery) <aaron@sipsorcery.com>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 9D3C C86A 72F8 4943 42EA  5FD1 0A41 BDC3 F4FA FF1C
  gpg: Signature made Thu 17 Nov 2022 21:23:22 GMT
  gpg:                using RSA key ED9BDF7AD6A55E232E84524257FF9BDBCC301009
  gpg: Good signature from "Sjors Provoost <sjors@sprovoost.nl>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: ED9B DF7A D6A5 5E23 2E84  5242 57FF 9BDB CC30 1009
  gpg: Signature made Tue 22 Nov 2022 11:04:28 GMT
  gpg:                using RSA key 6A8F9C266528E25AEB1D7731C2371D91CB716EA7
  gpg:                issuer "sebastian.falbesoner@gmail.com"
  gpg: requesting key 0xC2371D91CB716EA7 from hkp server keyserver.ubuntu.com
  gpg: key 0xC2371D91CB716EA7: public key "Sebastian Falbesoner (theStack) <sebastian.falbesoner@gmail.com>" imported
  gpg: Total number processed: 1
  gpg:               imported: 1
  gpg: Good signature from "Sebastian Falbesoner (theStack) <sebastian.falbesoner@gmail.com>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 6A8F 9C26 6528 E25A EB1D  7731 C237 1D91 CB71 6EA7
  gpg: Signature made Thu 17 Nov 2022 19:35:52 GMT
  gpg:                using RSA key 28E72909F1717FE9607754F8A7BEB2621678D37D
  gpg:                issuer "vertion@protonmail.com"
  gpg: Good signature from "vertion <vertion@protonmail.com>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 28E7 2909 F171 7FE9 6077  54F8 A7BE B262 1678 D37D
[INFO] got 8 good, trusted signatures
[INFO] GOOD SIGNATURE: SigData('D1DBF2C4B96F2DEBF4C16654410108112E7EA81F', 'Hennadii Stepanov (GitHub key) <32963518+hebasto@users.noreply.github.com>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE: SigData('6A8F9C266528E25AEB1D7731C2371D91CB716EA7', 'Sebastian Falbesoner (theStack) <sebastian.falbesoner@gmail.com>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE: SigData('152812300785C96444D3334D17565732E08E5E41', 'Andrew Chow <andrew@achow101.com>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE: SigData('F4FC70F07310028424EFC20A8E4256593F177720', 'Oliver Gugger <gugger@gmail.com>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE: SigData('101598DC823C1B5F9A6624ABA5E0907A0380E6C3', 'CoinForensics (SigningKey) <59567284+coinforensics@users.noreply.github.com>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE: SigData('0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8', 'Ben Carman <benthecarman@live.com>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE: SigData('ED9BDF7AD6A55E232E84524257FF9BDBCC301009', 'Sjors Provoost <sjors@sprovoost.nl>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE: SigData('9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C', 'Aaron Clauson (sipsorcery) <aaron@sipsorcery.com>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE (untrusted): SigData('CFB16E21C950F67FA95E558F2EEB9F5CC09526C1', 'Michael Ford (bitcoin-otc) <fanquake@gmail.com>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE (untrusted): SigData('F19F5FF2B0589EC341220045BA03F4DBE0C63FB4', 'Gloria Zhao <gloriazhao@berkeley.edu>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE (untrusted): SigData('287AE4CA1187C68C08B49CB2D11BD4F33F1DB499', 'jackielove4u <jackielove4u@hotmail.com>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE (untrusted): SigData('9DEAE0DC7063249FB05474681E4AED62986CD25D', 'Wladimir J. van der Laan <laanwj@protonmail.com>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE (untrusted): SigData('3EB0DEE6004A13BE5A0CC758BF2978B068054311', 'Pieter Wuille <pieter@wuille.net>', trusted=False, status='unknown')
[INFO] GOOD SIGNATURE (untrusted): SigData('28E72909F1717FE9607754F8A7BEB2621678D37D', 'vertion <vertion@protonmail.com>', trusted=False, status='unknown')
[INFO] removing *-unsigned binaries (bitcoin-24.0-x86_64-apple-darwin-unsigned.dmg, bitcoin-24.0-x86_64-apple-darwin-unsigned.tar.gz) from verification since https://bitcoincore.org does not host *-unsigned binaries
[INFO] removing *-debug binaries (bitcoin-24.0-x86_64-linux-gnu-debug.tar.gz) from verification since https://bitcoincore.org does not host *-debug binaries
[INFO] downloading bitcoin-24.0-x86_64-apple-darwin.dmg
[INFO] downloading bitcoin-24.0-x86_64-apple-darwin.tar.gz
[INFO] downloading bitcoin-24.0-x86_64-linux-gnu.tar.gz
[INFO] did not clean up /tmp/bitcoin_verify_binaries.24.0-x86_64
VERIFIED: bitcoin-24.0-x86_64-apple-darwin.dmg
VERIFIED: bitcoin-24.0-x86_64-apple-darwin.tar.gz
VERIFIED: bitcoin-24.0-x86_64-linux-gnu.tar.gz

</details>

Tested dff50dc68a54799df4415be6fea52a1e6fc88fc1 on v23.0 and v24.0. It noticed some new keys were added. It asked me to fetch keys I didn't have yet. It output a bunch of comforting VERIFIED lines :-)

I also tested that editing a file right after it's downloaded, will indeed cause it to fail the checksum ([CRITICAL] Hashes don't match.).

I ran contrib/verifybinaries/test.py locally:

% contrib/verifybinaries/test.py 
✓ 'Nonexistent version should fail' passed
✓ 'Malformed version should fail' passed
✓ '--min-trusted-sigs 20 should fail' passed
- testing multisig verification (22.0)
✓ '22.0 should succeed' passed
- testing single-sig verification (0.20.0)
Traceback (most recent call last):
  File "contrib/verifybinaries/test.py", line 62, in <module>
    main()
  File "contrib/verifybinaries/test.py", line 33, in main
    result = json.loads(_20.stdout.decode())
  File "/Users/sjors/.pyenv/versions/3.6.15/lib/python3.6/json/__init__.py", line 354, in loads
    return _default_decoder.decode(s)
  File "/Users/sjors/.pyenv/versions/3.6.15/lib/python3.6/json/decoder.py", line 339, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/Users/sjors/.pyenv/versions/3.6.15/lib/python3.6/json/decoder.py", line 357, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

(tried twice)

This is consistent with me not being able to verify 0.20.0. The error is a bit cryptic.

./contrib/verifybinaries/verify.py 0.20.0
[INFO] got file https://bitcoincore.org/bin/bitcoin-core-0.20.0/SHA256SUMS.asc as SHA256SUMS.asc
[INFO] got file https://bitcoin.org/bin/bitcoin-core-0.20.0/SHA256SUMS.asc as SHA256SUMS.asc.2
Traceback (most recent call last):
  File "./contrib/verifybinaries/verify.py", line 687, in <module>
    sys.exit(main(sys.argv[1:]))
  File "./contrib/verifybinaries/verify.py", line 560, in main
    SIGNATUREFILENAME, args)
  File "./contrib/verifybinaries/verify.py", line 481, in check_single_sig
    good, unknown, bad = parse_gpg_result(output.splitlines())
  File "./contrib/verifybinaries/verify.py", line 273, in parse_gpg_result
    raise RuntimeError("failed to detect signature being resolved")
RuntimeError: failed to detect signature being resolved

This is consistent with me not being able to verify 0.20.0. The error is a bit cryptic.

0.y.x isn't using guix, only y.x, so I guess this is expected?

This is consistent with me not being able to verify 0.20.0. The error is a bit cryptic.

Do you have Wladimir's old release signing key imported?

gpg --keyserver [...] --recv-key 01EA5486DE18A882D4C2684590C8019E36C2E964

When reproducing, I found that that fixed both the test failure as well as the inability to verify 0.20.0.

Thanks for testing @Sjors and for the look @MarcoFalke. I've pushed a small commit that improves error diagnostics for the test script, and ensures that the old release key is installed.

I looked at removing single-sig (legacy) verification, but I'd actually like to keep it in. I think it's a useful way to retrieve old releases of Bitcoin, and the marginal code to review/maintain is relatively little.

With this new commit I get the same error message when fetching 0.20.0.

When running the test I get "In order to run tests, you should first import the old release signing key:", however importing that key has no effect since I already have it.

I have the old release key, though it's marked as expired. I tried pulling from the default key server that gpgtools.org uses (hkps://keys.openpgp.org), but that doesn't change the status. Also tried gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 01EA5486DE18A882D4C2684590C8019E36C2E964.

I assume the key has intentionally not been renewed, so we have to handle the expiration somehow.

Assigned this to the 25.x milestone. We either need to make these scripts useful/usable, or we should just delete them.

I looked at removing single-sig (legacy) verification, but I'd actually like to keep it in.

Given that the legacy signing key has been revoked:

Please remove it from verification pipelines.

probably makes more sense to remove.

We either need to make these scripts useful/usable, or we should just delete them.

Agreed - right now in master this script is useless for contemporary versions.

Unless anyone thinks otherwise, I think the best way forward here is for me to remove support for pre-multi-sig binaries and compress this change down to a single commit for easier review.

I've rebased/squashed/simplified the script here to

• incorporate the removal of builder keys from this repo, and
• remove support for single-sig release signing (users are referred to old versions of this script for that).

Tested lightly on OpenBSD 7.2 (amd64) with versions 22.1 / 23.1 / 24.0.1 and didn't run into any issues so far. Automatic key import (--import-keys) and JSON output mode (--json) work as expected. :heavy_check_mark: Planning to code-review and test a bit more in-depth (i.e. intentionally triggering a failed verification and other individual errors) within the following days.

(Not sure if it has to do with my connection but fetching the binaries from bitcoincore.org was extra slow today, taking several minutes per file).

Can you (here or in a separate PR) add support for validating release artifacts without actually downloading them (ie pre-downloaded release artifacts)?

Concept ACK

It would be nice to have this in, given how long our current verification script has been broken.

I think it would be better to also allow the user to specify the paths to the files to verify instead of automatically downloading them. This would be particularly useful when the files haven't been uploaded yet, e.g. on the website server itself prior to publishing the binaries.

The linter is unhappy for some reason.

https://github.com/achow101/bitcoin/tree/pr23020-direct-bins-gpg-parse is a branch which implements a subcommand for verifying binaries directly and to use --status-file for the machine parseable output.

I probably won't have time in the next few days to attend to this, so feel free to open a replacement PR with @achow101's branch if I'm holding anything up.

https://github.com/achow101/bitcoin/tree/pr23020-direct-bins-gpg-parse is a branch which implements a subcommand for verifying binaries directly and to use --status-file for the machine parseable output.

Testing your branch now. Let me know if you'd like to take review elsewhere.

Sorry I don't speak much python. Some of these problems may already exist as opposed to being introduced here.

First, testing with python3.8: verify.py pub 23.0-x86_64

  File "/home/cory/dev/bitcoin2/contrib/verifybinaries/verify.py", line 192, in parse_gpg_result
    def line_begins_with(patt: str, line: str) -> t.Optional[re.Match[str]]:
TypeError: 'type' object is not subscriptable

python3.9 gets past this, but runs into this:

verify.py pub 23.0-x86_64

  File "/home/cory/dev/bitcoin2/contrib/verifybinaries/verify.py", line 228, in parse_gpg_result
    curr_sigdata.key, _, _, _, _, _, _ = line.split()[2:8]
ValueError: not enough values to unpack (expected 7, got 6)

I was able to get past that with the following naive change:

index 51c8aa584f..407030a71c 100755
--- a/contrib/verifybinaries/verify.py
+++ b/contrib/verifybinaries/verify.py
@@ -227,3 +227,3 @@ def parse_gpg_result(
         elif line_begins_with(r"ERRSIG(?:\s|$)", line):
-            curr_sigdata.key, _, _, _, _, _, _ = line.split()[2:8]
+            curr_sigdata.key, _, _, _, _, _ = line.split()[2:8]
             curr_sigs = unknown_sigs

At that point, verification succeeds.

Testing local binaries:

Again, fails with python3.8 for the same reason. Works as expected with python3.9.

It would be nice if: if no binary is named, check for everything listed in SHA256SUMS. I suspect that would make it easier to automate its use.

I probably won't have time in the next few days to attend to this, so feel free to open a replacement PR with @achow101's branch if I'm holding anything up.

Unfortunately I will be away for the next two weeks soon, so I won't have any time to maintain a replacement PR either.

First, testing with python3.8: verify.py pub 23.0-x86_64

  File "/home/cory/dev/bitcoin2/contrib/verifybinaries/verify.py", line 192, in parse_gpg_result
    def line_begins_with(patt: str, line: str) -> t.Optional[re.Match[str]]:
TypeError: 'type' object is not subscriptable

This is an issue with the original in this PR, but I've added a commit to my branch that fixes it.

verify.py pub 23.0-x86_64

  File "/home/cory/dev/bitcoin2/contrib/verifybinaries/verify.py", line 228, in parse_gpg_result
    curr_sigdata.key, _, _, _, _, _, _ = line.split()[2:8]
ValueError: not enough values to unpack (expected 7, got 6)

Fixed

It would be nice if: if no binary is named, check for everything listed in SHA256SUMS. I suspect that would make it easier to automate its use.

I've updated my branch to allow this.

I've also updated it to allow specifying only the SHA256SUMS and it will assume the signature file name.

Closing for now. In favour of #27358, which incorporated this, and other changes.