diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2025-04-25 20:53:45 +0200 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2025-04-25 21:07:07 +0000 |
| commit | 85c435f23718e168345ea60270b24a57061b54f4 (patch) | |
| tree | 95190a341e6861d216bf45c2e45eb301f6c531da /methods | |
| parent | 1747377d5b486318632026f4660ea2e7fb5f9ba2 (diff) | |
sqv: Warn about signatures that will be rejected by policy within a year
This implements a simple check where we first run `sqv` with
`--policy-as-of` 1 year in the future. If the file is validly
signed one year in the future, it is validly signed now.
If the file is not validly signed 1 year in the future, we check
if it is validly signed now, and otherwise print an error message.
The --policy-as-of feature was added in sqv 1.3.0, hence we add a
version requirement to the dependency.
Diffstat (limited to 'methods')
| -rw-r--r-- | methods/sqv.cc | 46 |
1 files changed, 45 insertions, 1 deletions
diff --git a/methods/sqv.cc b/methods/sqv.cc index 3cb27354b..6c154401d 100644 --- a/methods/sqv.cc +++ b/methods/sqv.cc @@ -206,7 +206,51 @@ bool SQVMethod::VerifyGetSigners(const char *file, const char *outfile, args.push_back(outfile); } - return ExecuteSqv(args, signers); + bool res = false; + std::vector<std::string> aheadErrors; + // Check the signature with a one-year-ahead policy first + { + _error->PushToStack(); + auto time = std::time(nullptr); + auto tm = std::localtime(&time); + std::string yearAheadDate; + strprintf(yearAheadDate, "%d-%d-%d", tm->tm_year + 1900 + 1, tm->tm_mon + 1, tm->tm_mday); + + args.push_back("--policy-as-of"); + args.push_back(std::move(yearAheadDate)); + res = ExecuteSqv(args, signers); + args.pop_back(); + args.pop_back(); + + // Preserve any warnings or whatnot on success + if (res) + _error->MergeWithStack(); + else + { + while (not _error->empty()) + { + std::string msg; + _error->PopMessage(msg); + aheadErrors.push_back(msg); + } + _error->RevertToStack(); + } + } + + // The year-ahead-policy produced no valid signer, check if valid at current time. + if (not res) + { + // clear signers, args have already been cleaned post-execution + signers.clear(); + res = ExecuteSqv(args, signers); + if (res) + { + Warning(_("Policy will reject signature within a year, see --audit for details")); + for (auto &&msg : aheadErrors) + Audit(std::move(msg)); + } + } + return res; } bool SQVMethod::ExecuteSqv(const std::vector<std::string> &args, std::vector<std::string> &signers) |
