Allow to whitelist commits signed with a revoked key

(cherry picked from commit 1d94b72019e31066b33947af5709383b8075e43a)

contrib/verify-commits/gpg.sh

@@ -1,15 +1,33 @@
 #!/bin/sh
 INPUT=$(</dev/stdin)
 VALID=false
+REVSIG=false
 IFS=$'\n'
 for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do
-	case "$LINE" in "[GNUPG:] VALIDSIG"*)
+	case "$LINE" in
+	"[GNUPG:] VALIDSIG "*)
 		while read KEY; do
 			case "$LINE" in "[GNUPG:] VALIDSIG $KEY "*) VALID=true;; esac
 		done < ./contrib/verify-commits/trusted-keys
+		;;
+	"[GNUPG:] REVKEYSIG "*)
+		[ "$BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG" != 1 ] && exit 1
+		while read KEY; do
+			case "$LINE" in "[GNUPG:] REVKEYSIG ${KEY:24:40} "*)
+				REVSIG=true
+				GOODREVSIG="[GNUPG:] GOODSIG ${KEY:24:40} "
+				;;
+			esac
+		done < ./contrib/verify-commits/trusted-keys
+		;;
 	esac
 done
 if ! $VALID; then
 	exit 1
 fi
-echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
+if $VALID && $REVSIG; then
+	echo "$INPUT" | gpg --trust-model always "$@" | grep "\[GNUPG:\] \(NEWSIG\|SIG_ID\|VALIDSIG\)" 2>/dev/null
+	echo "$GOODREVSIG"
+else
+	echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
+fi

contrib/verify-commits/verify-commits.sh

@@ -7,11 +7,23 @@ git log "$DIR"
 
 VERIFIED_ROOT=$(cat "${DIR}/trusted-git-root")
 
+IS_REVSIG_ALLOWED () {
+	while read LINE; do
+		[ "$LINE" = "$1" ] && return 0
+	done < "${DIR}/allow-revsig-commits"
+	return 1
+}
+
 HAVE_FAILED=false
 IS_SIGNED () {
 	if [ $1 = $VERIFIED_ROOT ]; then
 		return 0;
 	fi
+	if IS_REVSIG_ALLOWED "$1"; then
+		export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=1
+	else
+		export BITCOIN_VERIFY_COMMITS_ALLOW_REVSIG=0
+	fi
 	if ! git -c "gpg.program=${DIR}/gpg.sh" verify-commit $1 > /dev/null 2>&1; then
 		return 1;
 	fi