Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci/contributing: verify donation address/qr's are signed #2394

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

ci/contributing: verify donation address/qr's are signed #2394

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a0d5dd5
CI: verify donation addresses are signed
plowsof Oct 16, 2024
6c6b925
contributing: xmr/btc qr+uri consistency
plowsof Oct 16, 2024
63c5a35
contributing: add uri to QR's
plowsof Oct 18, 2024
3fda80f
contributing: obtain sensitive info from trusted source
plowsof Oct 18, 2024
3b61379
CI: add contributing.yml.asc
plowsof Oct 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 34 additions & 2 deletions .github/workflows/hashes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,12 @@ on:
paths:
- 'downloads/hashes.txt'
- '_data/downloads.yml'
- '_data/contributing.yml'
pull_request:
paths:
- 'downloads/hashes.txt'
- '_data/downloads.yml'
- '_data/contributing.yml'
jobs:
validate-hashes:
name: Validate Hashes
Expand All @@ -17,13 +19,43 @@ jobs:
- uses: actions/checkout@v2
- name: Install dependencies
run: |
sudo apt-get install -y --no-install-recommends curl gpg jq python3-pip
sudo apt-get install -y --no-install-recommends curl gpg jq python3-pip zbar-tools
sudo pip3 install yq
- name: Verify hashes.txt signature
- name: Verify hashes.txt + contributing.yml signature
run: |
curl -sL https://raw.githubusercontent.com/monero-project/monero/master/utils/gpg_keys/binaryfate.asc |
gpg --import
gpg --verify downloads/hashes.txt
# signed by myself for test purposes only.
curl -sL https://raw.githubusercontent.com/plowsof/pgp/refs/heads/main/plowsofsmol.asc |
gpg --import
gpg --verify _data/contributing.yml.asc
- name: Verify General Fund donation QR's
run: |
yaml="_data/contributing.yml"
get_yaml_value() {
awk -v key="$1:" '$1 == key {print $2}' "$yaml"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not familiar with awk but looks like easy to break things when the content of the site changed a bit. Is it?

Copy link
Contributor

@nahuhh nahuhh Nov 3, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awk is a text processor and $1 processes the first argument $2 the second etc.

an example is
echo uhh nah | awk '{print $2 $1}'

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also, we're only looking at "contributing.yml" . this is a hack to access yaml variables. astro has no problem importing yml files / using their variables so the same signed file will be usable by both.

}
for coin in xmr btc; do
qr_checksum=$(get_yaml_value "qr_${coin}_checksum")
qr_filename=$(get_yaml_value "qr_${coin}_filename")
qr_content=$(get_yaml_value "qr_${coin}_content")
echo "DEBUG: $qr_checksum $qr_filename"
echo "DEBUG: $qr_content"
# Confirm hashes match
echo "$qr_checksum $qr_filename" | sha256sum -c
# Scan QR content
qr_scanned=$(zbarimg -q --raw "$qr_filename")
# Compare scanned content with expected content
if [ "$qr_scanned" = "$qr_content" ]; then
echo "${coin^^} QR code content matches exactly"
else
echo "${coin^^} QR code content does not match"
echo "Scanned: $qr_scanned"
echo "Expected: $qr_content"
exit 1
fi
done
- name: Verify filenames
run: |
lines="$(grep -v ^# downloads/hashes.txt)"
Expand Down
11 changes: 11 additions & 0 deletions _data/contributing.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
address_xmr: 888tNkZrPN6JsEgekjMnABU4TBzc2Dt29EPAvkRxbANsAnjyPbb3iQ1YBRk1UXcdRsiKc9dhwMVgN5S9cQUiyoogDavup3H
address_btc: 1KTexdemPdxSBcG55heUuTjDRYqbC5ZL8H
address_openalias: donate.getmonero.org
view_address: 44AFFq5kSiGBoZ4NMDwYtN18obc8AemS33DBLWs3H7otXft3XjrpDtQGv7SqSsaBYBb98uNbr2VBBEt7f2wfn3RVGQBEP3A
view_key: f359631075708155cc3d92a32b75a7d02a5dcf27756707b47a2b31b21c389501
qr_xmr_filename: img/donate-monero.png
qr_xmr_content: monero:888tNkZrPN6JsEgekjMnABU4TBzc2Dt29EPAvkRxbANsAnjyPbb3iQ1YBRk1UXcdRsiKc9dhwMVgN5S9cQUiyoogDavup3H
qr_xmr_checksum: 634324cb9d5feaf31cadafa1a62fb78c0c97aac084624ee466354086b2e62f3a
qr_btc_filename: img/donate-bitcoin.png
qr_btc_content: bitcoin:1KTexdemPdxSBcG55heUuTjDRYqbC5ZL8H
qr_btc_checksum: 6f091048b4492d70d7524f78be1af865530ff80b237a5f9b27b1b67dc3ba6c56
7 changes: 7 additions & 0 deletions _data/contributing.yml.asc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----

iI0EABMIADUWIQTci88MUIPyAweCgD5OipEtQO0FLAUCZxJ8rxcccGxvd3NvZkBw
cm90b25tYWlsLmNvbQAKCRBOipEtQO0FLMyuAQCXt4p3t4f1EPsmJelNs7hRUexr
azBCDCdnwpFnW7LBOQD+MoPTX0T5cWXNtDbZ+umU/ozWsdZzZcauG7657YW+uCI=
=1ghd
-----END PGP SIGNATURE-----
8 changes: 8 additions & 0 deletions css/custom.css
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4705,3 +4705,11 @@ input.accordion[type=radio]:checked + label::after {
.donation-field {
user-select: all; /* Select donation addresses with one click */
}

#qr-link {
all: unset;
}

#qr-link:hover {
cursor: pointer;
}
18 changes: 11 additions & 7 deletions get-started/contributing/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,24 +70,28 @@ meta_descr: meta_descr.contributing
<div class="col-xs-12">
<h3>{% t contributing.genfund %}</h3>
<p>{% t contributing.genfund_p %}</p>
<p>Monero:<br><code class="donation-field">888tNkZrPN6JsEgekjMnABU4TBzc2Dt29EPAvkRxbANsAnjyPbb3iQ1YBRk1UXcdRsiKc9dhwMVgN5S9cQUiyoogDavup3H</code></p>
<p>Monero:<br><code class="donation-field">{{ site.data.contributing.address_xmr }}</code></p>
<details>
<summary>{% t contributing.donation_viewkeys %}:</summary>
<ul>
<li>{% t contributing.primary_address %}: <code class="donation-field">44AFFq5kSiGBoZ4NMDwYtN18obc8AemS33DBLWs3H7otXft3XjrpDtQGv7SqSsaBYBb98uNbr2VBBEt7f2wfn3RVGQBEP3A</code></li>
<li>{% t moneropedia.entries.viewkey %}: <code class="donation-field">f359631075708155cc3d92a32b75a7d02a5dcf27756707b47a2b31b21c389501</code></li>
<li>{% t contributing.primary_address %}: <code class="donation-field">{{ site.data.contributing.view_address}}</code></li>
<li>{% t moneropedia.entries.viewkey %}: <code class="donation-field">{{ site.data.contributing.view_key }}</code></li>
</ul>
</details>
<p>Bitcoin:<br><code class="donation-field">1KTexdemPdxSBcG55heUuTjDRYqbC5ZL8H</code></p>
<p>@openalias: <code class="donation-field">donate.getmonero.org</code></p>
<p>Bitcoin:<br><code class="donation-field">{{ site.data.contributing.address_btc }}</code></p>
<p>@openalias: <code class="donation-field">{{ site.data.contributing.address_openalias }}</code></p>
</div>
</div><br>
<div class="row center-xs">
<div class="col-lg-6">
<img class="qr" src="/img/donate-monero.png" alt="{% t contributing.altqrmonero %}"/>
<a id="qr-link" href="{{ site.data.contributing.qr_xmr_content }}">
<img class="qr" src="/{{ site.data.contributing.qr_xmr_filename }}" alt="{% t contributing.altqrmonero %}"/>
</a>
</div>
<div class="col-lg-6">
<img class="qr" src="/img/donate-bitcoin.png" alt="{% t contributing.altqrbitcoin %}"/>
<a id="qr-link" href="{{ site.data.contributing.qr_btc_content}}">
<img class="qr" src="/{{ site.data.contributing.qr_btc_filename }}" alt="{% t contributing.altqrbitcoin %}"/>
</a>
</div>
</div>
<div class="row start-xs">
Expand Down
Binary file modified img/donate-bitcoin.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified img/donate-monero.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading