Merge bitcoin/bitcoin#34318: contrib: Revert "verify-commits sha1 exceptions"

fa38ffac6f contrib: [refactor] Use shorter read_text from pathlib (MarcoFalke) fab8bc0308 contrib: Revert "verify-commits sha1 exceptions" (MarcoFalke) Pull request description: This reverts commit 8ac134be5e, because it is no longer needed. See https://github.com/bitcoin/bitcoin/pull/34245#issuecomment-3759448369 Also, use the shorter pathlib `read_text`, which is available since Python 3.5 ACKs for top commit: dergoegge: utACK fa38ffac6f sedited: ACK fa38ffac6f hebasto: ACK fa38ffac6f. Tree-SHA512: 83049349d4a5c74ad700c2912d727584b88944a75d572c10661a76b69b08093ef7ebf786b359455e36d7467a708de46a77da41a54512e057d7eed8206984c8fd
2026-01-21 15:50:07 +01:00 · 2026-01-16 18:01:43 +00:00
parent 0ffb20dee1 fa38ffac6f
commit 81bf4209e9
2 changed files with 9 additions and 19 deletions
--- a/contrib/verify-commits/allow-sha1-commits
+++ b/contrib/verify-commits/allow-sha1-commits
@@ -1 +0,0 @@
-aeaa67a9eac0decb89c60a67f9755ca10cbcc1d9
--- a/contrib/verify-commits/verify-commits.py
+++ b/contrib/verify-commits/verify-commits.py
@@ -7,6 +7,7 @@ import argparse
 import hashlib
 import logging
 import os
+from pathlib import Path
 import subprocess
 import sys
 import time
@@ -80,22 +81,14 @@ def main():
    args = parser.parse_args()

    # get directory of this program and read data files
-    dirname = os.path.dirname(os.path.abspath(__file__))
-    print("Using verify-commits data from " + dirname)
-    with open(dirname + "/trusted-git-root", "r") as f:
-        verified_root = f.read().splitlines()[0]
-    with open(dirname + "/trusted-sha512-root-commit", "r") as f:
-        verified_sha512_root = f.read().splitlines()[0]
-    with open(dirname + "/allow-revsig-commits", "r") as f:
-        revsig_allowed = f.read().splitlines()
-    with open(dirname + "/allow-unclean-merge-commits", "r") as f:
-        unclean_merge_allowed = f.read().splitlines()
-    with open(dirname + "/allow-incorrect-sha512-commits", "r") as f:
-        incorrect_sha512_allowed = f.read().splitlines()
-    with open(dirname + "/trusted-keys", "r") as f:
-        trusted_keys = f.read().splitlines()
-    with open(dirname + "/allow-sha1-commits", "r") as f:
-        sha1_allowed = f.read().splitlines()
+    dirname = Path(__file__).absolute().parent
+    print(f"Using verify-commits data from {dirname}")
+    verified_root = (dirname / "trusted-git-root").read_text().splitlines()[0]
+    verified_sha512_root = (dirname / "trusted-sha512-root-commit").read_text().splitlines()[0]
+    revsig_allowed = (dirname / "allow-revsig-commits").read_text().splitlines()
+    unclean_merge_allowed = (dirname / "allow-unclean-merge-commits").read_text().splitlines()
+    incorrect_sha512_allowed = (dirname / "allow-incorrect-sha512-commits").read_text().splitlines()
+    trusted_keys = (dirname / "trusted-keys").read_text().splitlines()

    # Set commit and variables
    current_commit = args.commit
@@ -138,8 +131,6 @@ def main():


        os.environ['BITCOIN_VERIFY_COMMITS_ALLOW_SHA1'] = "0" if no_sha1 else "1"
-        if current_commit in sha1_allowed:
-            os.environ['BITCOIN_VERIFY_COMMITS_ALLOW_SHA1'] = "1"
        allow_revsig = current_commit in revsig_allowed

        # Check that the commit (and parents) was signed with a trusted key