summaryrefslogtreecommitdiff
path: root/methods
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2025-04-25 20:53:45 +0200
committerJulian Andres Klode <jak@debian.org>2025-04-25 21:07:07 +0000
commit85c435f23718e168345ea60270b24a57061b54f4 (patch)
tree95190a341e6861d216bf45c2e45eb301f6c531da /methods
parent1747377d5b486318632026f4660ea2e7fb5f9ba2 (diff)
sqv: Warn about signatures that will be rejected by policy within a year
This implements a simple check where we first run `sqv` with `--policy-as-of` 1 year in the future. If the file is validly signed one year in the future, it is validly signed now. If the file is not validly signed 1 year in the future, we check if it is validly signed now, and otherwise print an error message. The --policy-as-of feature was added in sqv 1.3.0, hence we add a version requirement to the dependency.
Diffstat (limited to 'methods')
-rw-r--r--methods/sqv.cc46
1 files changed, 45 insertions, 1 deletions
diff --git a/methods/sqv.cc b/methods/sqv.cc
index 3cb27354b..6c154401d 100644
--- a/methods/sqv.cc
+++ b/methods/sqv.cc
@@ -206,7 +206,51 @@ bool SQVMethod::VerifyGetSigners(const char *file, const char *outfile,
args.push_back(outfile);
}
- return ExecuteSqv(args, signers);
+ bool res = false;
+ std::vector<std::string> aheadErrors;
+ // Check the signature with a one-year-ahead policy first
+ {
+ _error->PushToStack();
+ auto time = std::time(nullptr);
+ auto tm = std::localtime(&time);
+ std::string yearAheadDate;
+ strprintf(yearAheadDate, "%d-%d-%d", tm->tm_year + 1900 + 1, tm->tm_mon + 1, tm->tm_mday);
+
+ args.push_back("--policy-as-of");
+ args.push_back(std::move(yearAheadDate));
+ res = ExecuteSqv(args, signers);
+ args.pop_back();
+ args.pop_back();
+
+ // Preserve any warnings or whatnot on success
+ if (res)
+ _error->MergeWithStack();
+ else
+ {
+ while (not _error->empty())
+ {
+ std::string msg;
+ _error->PopMessage(msg);
+ aheadErrors.push_back(msg);
+ }
+ _error->RevertToStack();
+ }
+ }
+
+ // The year-ahead-policy produced no valid signer, check if valid at current time.
+ if (not res)
+ {
+ // clear signers, args have already been cleaned post-execution
+ signers.clear();
+ res = ExecuteSqv(args, signers);
+ if (res)
+ {
+ Warning(_("Policy will reject signature within a year, see --audit for details"));
+ for (auto &&msg : aheadErrors)
+ Audit(std::move(msg));
+ }
+ }
+ return res;
}
bool SQVMethod::ExecuteSqv(const std::vector<std::string> &args, std::vector<std::string> &signers)