Merge bitcoin/bitcoin#34246: verify-commits: Allow specific commits to allow sha1

8ac134be5e57680eb1c6ef596e5de085825e83ee contrib: verify-commits sha1 exceptions (Ava Chow) Pull request description: Allow specific commits to not require the sha1 check. Fixes the CI for aeaa67a9eac0decb89c60a67f9755ca10cbcc1d9 which uses SHA1 somewhere in the key's self signatures. ACKs for top commit: dergoegge: utACK 8ac134be5e57680eb1c6ef596e5de085825e83ee darosior: utACK 8ac134be5e57680eb1c6ef596e5de085825e83ee. Looks good to me provided we want to avoid the temporary red CI on master branch. Tree-SHA512: cafd080ee35e4f735cbe9281ac2a73488c2f9e4acccd39563e933a3775def35b6e8080a6a772e45e64d90275013e430765a29e87116130ff456257c5ec8a2810
2026-03-17 17:02:43 +00:00 · 2026-01-13 15:02:20 -08:00 · 2026-01-13 15:02:20 -08:00 · c094a966d6
commit c094a966d6
parent c352d3c51c 8ac134be5e
2 changed files with 5 additions and 0 deletions
--- a/contrib/verify-commits/allow-sha1-commits
+++ b/contrib/verify-commits/allow-sha1-commits
@ -0,0 +1 @@
+aeaa67a9eac0decb89c60a67f9755ca10cbcc1d9
--- a/contrib/verify-commits/verify-commits.py
+++ b/contrib/verify-commits/verify-commits.py
@ -94,6 +94,8 @@ def main():
        incorrect_sha512_allowed = f.read().splitlines()
    with open(dirname + "/trusted-keys", "r") as f:
        trusted_keys = f.read().splitlines()
+    with open(dirname + "/allow-sha1-commits", "r") as f:
+        sha1_allowed = f.read().splitlines()

    # Set commit and variables
    current_commit = args.commit
@ -136,6 +138,8 @@ def main():


        os.environ['BITCOIN_VERIFY_COMMITS_ALLOW_SHA1'] = "0" if no_sha1 else "1"
+        if current_commit in sha1_allowed:
+            os.environ['BITCOIN_VERIFY_COMMITS_ALLOW_SHA1'] = "1"
        allow_revsig = current_commit in revsig_allowed

        # Check that the commit (and parents) was signed with a trusted key