From 066121ac4de3f1e07e203583a2c5d00a0289f84a Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Thu, 18 Jan 2024 18:35:35 +0100 Subject: gpgv: Surface [GNUPG:] ERROR and [GNUPG:] WARNING status messages --- methods/gpgv.cc | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/methods/gpgv.cc b/methods/gpgv.cc index f89aa8d2e..cb46703b3 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -40,6 +40,8 @@ using std::vector; #define GNUPGEXPSIG "[GNUPG:] EXPSIG" #define GNUPGREVKEYSIG "[GNUPG:] REVKEYSIG" #define GNUPGNODATA "[GNUPG:] NODATA" +#define GNUPGWARNING "[GNUPG:] WARNING" +#define GNUPGERROR "[GNUPG:] ERROR" #define APTKEYWARNING "[APTKEY:] WARNING" #define APTKEYERROR "[APTKEY:] ERROR" @@ -269,6 +271,13 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, if (tokens.size() > 9 && sig != tokens[9]) SubKeyMapping[tokens[9]].emplace_back(sig); } + else if (strncmp(buffer, GNUPGWARNING, sizeof(GNUPGWARNING)-1) == 0) { + std::string warning; + strprintf(warning, "GPG: %s", buffer + sizeof(GNUPGWARNING)); + Warning(std::move(warning)); + } + else if (strncmp(buffer, GNUPGERROR, sizeof(GNUPGERROR)-1) == 0) + _error->Error("GPG: %s", buffer + sizeof(GNUPGERROR)); else if (strncmp(buffer, APTKEYWARNING, sizeof(APTKEYWARNING)-1) == 0) Warning(buffer + sizeof(APTKEYWARNING)); else if (strncmp(buffer, APTKEYERROR, sizeof(APTKEYERROR)-1) == 0) -- cgit v1.2.3-70-g09d2 From 60d653634f889abe09c0f4d88f2559eab9202635 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 28 Feb 2024 14:49:48 +0100 Subject: gpgv: Add a reason to worthless signers --- methods/gpgv.cc | 32 ++++++++++++++++++++++++++------ test/integration/test-method-gpgv | 9 +++++---- 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/methods/gpgv.cc b/methods/gpgv.cc index cb46703b3..b2e73c9fe 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -108,7 +108,7 @@ static bool IsTheSameKey(std::string const &validsig, std::string const &goodsig struct APT_HIDDEN SignersStorage { std::vector Good; std::vector Bad; - std::vector Worthless; + std::vector Worthless; // a worthless signature is a expired or revoked one std::vector SoonWorthless; std::vector NoPubKey; @@ -160,6 +160,16 @@ static void PushEntryWithUID(std::vector &Signers, char * const buf std::clog << "Got " << msg << " !" << std::endl; Signers.push_back(msg); } +static void PushEntryWithUID(std::vector &Signers, char * const buffer, bool const Debug) +{ + std::string msg = buffer + sizeof(GNUPGPREFIX); + auto const nuke = msg.find_last_not_of("\n\t\r"); + if (nuke != std::string::npos) + msg.erase(nuke + 1); + if (Debug == true) + std::clog << "Got " << msg << " !" << std::endl; + Signers.push_back({msg, ""}); +} static void implodeVector(std::vector const &vec, std::ostream &out, char const * const sep) { if (vec.empty()) @@ -253,7 +263,11 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, case Digest::State::Untrusted: // Treat them like an expired key: For that a message about expiry // is emitted, a VALIDSIG, but no GOODSIG. - Signers.Worthless.push_back(sig); + { + std::string note; + strprintf(note, "untrusted digest algorithm: %s", digest.name); + Signers.Worthless.push_back({sig, note}); + } Signers.Good.erase(std::remove_if(Signers.Good.begin(), Signers.Good.end(), [&](std::string const &goodsig) { return IsTheSameKey(sig, goodsig); }), Signers.Good.end()); if (Debug == true) @@ -285,7 +299,9 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, } fclose(pipein); free(buffer); - std::move(ErrSigners.begin(), ErrSigners.end(), std::back_inserter(Signers.Worthless)); + + for (auto errSigner : ErrSigners) + Signers.Worthless.push_back({errSigner, ""}); // apt-key has a --keyid parameter, but this requires gpg, so we call it without it // and instead check after the fact which keyids where used for verification @@ -381,7 +397,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, std::cerr << "\n Bad: "; implodeVector(Signers.Bad, std::cerr, ", "); std::cerr << "\n Worthless: "; - implodeVector(Signers.Worthless, std::cerr, ", "); + std::for_each(Signers.Worthless.begin(), Signers.Worthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; }); std::cerr << "\n SoonWorthless: "; std::for_each(Signers.SoonWorthless.begin(), Signers.SoonWorthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; }); std::cerr << "\n NoPubKey: "; @@ -549,8 +565,12 @@ bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm) if (!Signers.Worthless.empty()) { errmsg += _("The following signatures were invalid:\n"); - for (auto const &I : Signers.Worthless) - errmsg.append(I).append("\n"); + for (auto const &[key, reason] : Signers.Worthless) { + errmsg.append(key); + if (not reason.empty()) + errmsg.append(" (").append(reason).append(")"); + errmsg.append("\n"); + } } if (!Signers.NoPubKey.empty()) { diff --git a/test/integration/test-method-gpgv b/test/integration/test-method-gpgv index bfa5af4c2..99bffd6ab 100755 --- a/test/integration/test-method-gpgv +++ b/test/integration/test-method-gpgv @@ -46,10 +46,11 @@ testrun() { testgpgv 'Good subkey signed with fingerprint' 'Good: GOODSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, 4281DEDBD466EAE8C1F4157E5B6896415D44C43E!' '[GNUPG:] GOODSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E Sebastian Subkey [GNUPG:] VALIDSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E 2018-08-16 1534459673 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' - testgpgv 'Untrusted signed with long keyid' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) + testgpgv 'Untrusted signed with long keyid' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, ' '' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 1 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' + exit testsuccess grep '^\s\+Good:\s\+$' method.output - testgpgv 'Untrusted signed with fingerprint' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) + testgpgv 'Untrusted signed with fingerprint' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, ' '' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 1 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' testsuccess grep '^\s\+Good:\s\+$' method.output @@ -65,9 +66,9 @@ testrun() { testgpgv 'No Pubkey with fingerprint' 'NoPubKey: NO_PUBKEY DE66AECA9151AFA1877EC31DE8525D47528144E2' '' '[GNUPG:] ERRSIG DE66AECA9151AFA1877EC31DE8525D47528144E2 1 11 00 1472744666 9 [GNUPG:] NO_PUBKEY DE66AECA9151AFA1877EC31DE8525D47528144E2' - testgpgv 'Expired key with long keyid' 'Worthless: EXPKEYSIG 4BC0A39C27CE74F9 Rex Expired ' '' '[GNUPG:] EXPKEYSIG 4BC0A39C27CE74F9 Rex Expired + testgpgv 'Expired key with long keyid' 'Worthless: EXPKEYSIG 4BC0A39C27CE74F9 Rex Expired , ' '' '[GNUPG:] EXPKEYSIG 4BC0A39C27CE74F9 Rex Expired [GNUPG:] VALIDSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 2016-09-01 1472742629 0 4 0 1 11 00 891CC50E605796A0C6E733F74BC0A39C27CE74F9' - testgpgv 'Expired key with fingerprint' 'Worthless: EXPKEYSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 Rex Expired ' '' '[GNUPG:] EXPKEYSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 Rex Expired + testgpgv 'Expired key with fingerprint' 'Worthless: EXPKEYSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 Rex Expired , ' '' '[GNUPG:] EXPKEYSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 Rex Expired [GNUPG:] VALIDSIG 891CC50E605796A0C6E733F74BC0A39C27CE74F9 2016-09-01 1472742629 0 4 0 1 11 00 891CC50E605796A0C6E733F74BC0A39C27CE74F9' } -- cgit v1.2.3-70-g09d2 From 50e3fee26ae843a812b1c9ec8531946931773fd3 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 28 Feb 2024 15:14:43 +0100 Subject: Implement gpgv --assert-pubkey-algo=>=rsa2048,ed25519,ed448 The assertion can be overriden using apt::key::assert-pubkey-algo, the default is the most opinionated one. This will inform the user during apt-cdrom add as we do not pass --quiet to user, so adjust test case. Add a simple test case for it to test-method-gpgv. LP: #2055193 --- apt-pkg/init.cc | 1 + cmdline/apt-key.in | 21 ++++++++++++++++++--- doc/examples/configure-index | 1 + methods/gpgv.cc | 20 ++++++++++++++++++++ test/integration/test-apt-cdrom | 20 +++++++++++++++++++- test/integration/test-method-gpgv | 17 ++++++++++++++++- 6 files changed, 75 insertions(+), 5 deletions(-) diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc index f1742c019..75935404f 100644 --- a/apt-pkg/init.cc +++ b/apt-pkg/init.cc @@ -131,6 +131,7 @@ bool pkgInitConfig(Configuration &Cnf) Cnf.Set("APT::Build-Essential::", "build-essential"); Cnf.CndSet("APT::Install-Recommends", true); Cnf.CndSet("APT::Install-Suggests", false); + Cnf.CndSet("APT::Key::Assert-Pubkey-Algo", ">=rsa2048,ed25519,ed448"); Cnf.CndSet("Dir","/"); // State diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in index 4f3e9c8e1..07522723b 100644 --- a/cmdline/apt-key.in +++ b/cmdline/apt-key.in @@ -800,7 +800,8 @@ case "$command" in ;; verify) GPGV='' - eval $(apt-config shell GPGV Apt::Key::gpgvcommand) + ASSERT_PUBKEY_ALGO='' + eval $(apt-config shell GPGV Apt::Key::gpgvcommand ASSERT_PUBKEY_ALGO Apt::Key::assert-pubkey-algo) if [ -n "$GPGV" ] && command_available "$GPGV"; then true; elif command_available 'gpgv'; then GPGV='gpgv'; elif command_available 'gpgv2'; then GPGV='gpgv2'; @@ -809,6 +810,20 @@ case "$command" in apt_error 'gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed' exit 29 fi + GPGV_ARGS="" + if [ "$ASSERT_PUBKEY_ALGO" ]; then + test="$(LC_ALL=C.UTF-8 "$GPGV" --assert-pubkey-algo 2>&1 || :)" + case "$test" in + *"missing argument"*) + GPGV_ARGS="--assert-pubkey-algo=$ASSERT_PUBKEY_ALGO" + ;; + *[Ii]"nvalid option"*"assert-pubkey-algo"*) + ;; + *) + apt_warn "Unknown response from gpgv to --assert-pubkey-algo check: $test" + ;; + esac + fi # for a forced keyid we need gpg --export, so full wrapping required if [ -n "$FORCED_KEYID" ]; then prepare_gpg_home @@ -817,9 +832,9 @@ case "$command" in fi setup_merged_keyring if [ -n "$FORCED_KEYRING" ]; then - "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "$(dearmor_filename "${FORCED_KEYRING}")" --ignore-time-conflict "$@" + "$GPGV" $GPGV_ARGS --homedir "${GPGHOMEDIR}" --keyring "$(dearmor_filename "${FORCED_KEYRING}")" --ignore-time-conflict "$@" else - "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@" + "$GPGV" $GPGV_ARGS --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@" fi ;; help) diff --git a/doc/examples/configure-index b/doc/examples/configure-index index f37b7696c..da4998b4d 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -762,6 +762,7 @@ apt::key::gpgcommand ""; apt::key::masterkeyring ""; apt::key::archivekeyringuri ""; apt::key::net-update-enabled ""; +apt::key::assert-pubkey-algo ""; apt::ftparchive::release::patterns ""; apt::ftparchive::release::validtime ""; diff --git a/methods/gpgv.cc b/methods/gpgv.cc index b2e73c9fe..8b365b6d4 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -42,6 +42,7 @@ using std::vector; #define GNUPGNODATA "[GNUPG:] NODATA" #define GNUPGWARNING "[GNUPG:] WARNING" #define GNUPGERROR "[GNUPG:] ERROR" +#define GNUPGASSERT_PUBKEY_ALGO "[GNUPG:] ASSERT_PUBKEY_ALGO" #define APTKEYWARNING "[APTKEY:] WARNING" #define APTKEYERROR "[APTKEY:] ERROR" @@ -242,6 +243,25 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, PushEntryWithUID(Signers.Worthless, buffer, Debug); else if (strncmp(buffer, GNUPGREVKEYSIG, sizeof(GNUPGREVKEYSIG)-1) == 0) PushEntryWithUID(Signers.Worthless, buffer, Debug); + else if (strncmp(buffer, GNUPGASSERT_PUBKEY_ALGO, sizeof(GNUPGASSERT_PUBKEY_ALGO) - 1) == 0) + { + std::istringstream iss(buffer + sizeof(GNUPGASSERT_PUBKEY_ALGO)); + vector tokens{std::istream_iterator{iss}, + std::istream_iterator{}}; + + auto const fpr = tokens[0]; + auto const asserted = atoi(tokens[1].c_str()); + auto const pkstr = tokens[2]; + if (not asserted) + { + std::string reason; + strprintf(reason, _("untrusted public key algorithm: %s"), pkstr.c_str()); + Signers.Worthless.push_back({fpr, reason}); + Signers.Good.erase(std::remove_if(Signers.Good.begin(), Signers.Good.end(), [&](std::string const &goodsig) + { return IsTheSameKey(fpr, goodsig); }), + Signers.Good.end()); + } + } else if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0) PushEntryWithKeyID(Signers.Good, buffer, Debug); else if (strncmp(buffer, GNUPGVALIDSIG, sizeof(GNUPGVALIDSIG)-1) == 0) diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom index 01680c461..e8ccb10a4 100755 --- a/test/integration/test-apt-cdrom +++ b/test/integration/test-apt-cdrom @@ -40,6 +40,24 @@ aptcdromlog() { } aptautotest_aptcdromlog_add() { aptautotest_aptget_update "$@"; } + +msgtest "Checking --assert-pubkey-algo support" +gpgv_msg="" +test="$(LC_ALL=C.UTF-8 gpgv --assert-pubkey-algo 2>&1 || :)" +case "$test" in + *"missing argument"*) + gpgv_msg=" +gpgv: asserted signer '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' with algo rsa2048" + msgpass + ;; + *[Ii]"nvalid option"*"assert-pubkey-algo"*) + msgskip + ;; + *) + msgfail "Unknown response from gpgv to --assert-pubkey-algo check: $test" + ;; +esac + CDROM_PRE="Using CD-ROM mount point $(readlink -f ./rootdir/media)/cdrom/ Unmounting CD-ROM... Waiting for disc... @@ -47,7 +65,7 @@ Please insert a Disc in the drive and press [Enter] Mounting CD-ROM... Scanning disc for index files..." CDROM_POST="This disc is called: -'Debian APT Testdisk 0.8.15' +'Debian APT Testdisk 0.8.15'$gpgv_msg Writing new source list Source list entries for this disc are: deb cdrom:[Debian APT Testdisk 0.8.15]/ stable main diff --git a/test/integration/test-method-gpgv b/test/integration/test-method-gpgv index 99bffd6ab..4fd72d256 100755 --- a/test/integration/test-method-gpgv +++ b/test/integration/test-method-gpgv @@ -41,6 +41,13 @@ testrun() { testgpgv 'Good signed with fingerprint' 'Good: GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' + testgpgv 'Good signed with long keyid and asserted' 'Good: GOODSIG 5A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) +[GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE +[GNUPG:] ASSERT_PUBKEY_ALGO 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 1 rsa1024' + testgpgv 'Good signed with fingerprint and asserted' 'Good: GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) +[GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE +[GNUPG:] ASSERT_PUBKEY_ALGO 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 1 rsa1024' + testgpgv 'Good subkey signed with long keyid' 'Good: GOODSIG 5B6896415D44C43E' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, 4281DEDBD466EAE8C1F4157E5B6896415D44C43E!' '[GNUPG:] GOODSIG 5B6896415D44C43E Sebastian Subkey [GNUPG:] VALIDSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E 2018-08-16 1534459673 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' testgpgv 'Good subkey signed with fingerprint' 'Good: GOODSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, 4281DEDBD466EAE8C1F4157E5B6896415D44C43E!' '[GNUPG:] GOODSIG 4281DEDBD466EAE8C1F4157E5B6896415D44C43E Sebastian Subkey @@ -48,12 +55,20 @@ testrun() { testgpgv 'Untrusted signed with long keyid' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, ' '' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 1 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' - exit testsuccess grep '^\s\+Good:\s\+$' method.output testgpgv 'Untrusted signed with fingerprint' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, ' '' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 1 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' testsuccess grep '^\s\+Good:\s\+$' method.output + testgpgv 'Unasserted signed with long keyid' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, ' '' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) +[GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE +[GNUPG:] ASSERT_PUBKEY_ALGO 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 0 rsa1024' + testsuccess grep '^\s\+Good:\s\+$' method.output + testgpgv 'Unaserted signed with fingerprint' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, ' '' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) +[GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE +[GNUPG:] ASSERT_PUBKEY_ALGO 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 0 rsa1024' + testsuccess grep '^\s\+Good:\s\+$' method.output + testgpgv 'Weak signed with long keyid' 'Good: GOODSIG 5A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 2 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' testsuccess grep '^Message: Signature by key 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE uses weak digest algorithm (SHA1)$' method.output -- cgit v1.2.3-70-g09d2 From 8a14c18c5b487139948dcb22abd37bffdd9cf5f4 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 28 Feb 2024 16:52:33 +0100 Subject: Rename 'weak digest algorithm' to 'weak algorithm' This allows us to render public key algorithms as weak as well. --- methods/gpgv.cc | 2 +- test/integration/test-method-gpgv | 4 ++-- test/integration/test-releasefile-verification | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 8b365b6d4..20ef2861d 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -562,7 +562,7 @@ bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm) { std::string msg; // TRANSLATORS: The second %s is the reason and is untranslated for repository owners. - strprintf(msg, _("Signature by key %s uses weak digest algorithm (%s)"), Signer.key.c_str(), Signer.note.c_str()); + strprintf(msg, _("Signature by key %s uses weak algorithm (%s)"), Signer.key.c_str(), Signer.note.c_str()); Warning(std::move(msg)); } } diff --git a/test/integration/test-method-gpgv b/test/integration/test-method-gpgv index 4fd72d256..0f014e3d1 100755 --- a/test/integration/test-method-gpgv +++ b/test/integration/test-method-gpgv @@ -71,10 +71,10 @@ testrun() { testgpgv 'Weak signed with long keyid' 'Good: GOODSIG 5A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 2 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' - testsuccess grep '^Message: Signature by key 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE uses weak digest algorithm (SHA1)$' method.output + testsuccess grep '^Message: Signature by key 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE uses weak algorithm (SHA1)$' method.output testgpgv 'Weak signed with fingerprint' 'Good: GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 2 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' - testsuccess grep '^Message: Signature by key 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE uses weak digest algorithm (SHA1)$' method.output + testsuccess grep '^Message: Signature by key 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE uses weak algorithm (SHA1)$' method.output testgpgv 'No Pubkey with long keyid' 'NoPubKey: NO_PUBKEY E8525D47528144E2' '' '[GNUPG:] ERRSIG E8525D47528144E2 1 11 00 1472744666 9 [GNUPG:] NO_PUBKEY E8525D47528144E2' diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index 5f873b82c..810427620 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -465,7 +465,7 @@ successfulaptgetupdate() { if [ -n "$1" ]; then testsuccess grep "$1" rootdir/tmp/testwarning.output fi - testsuccess grep 'uses weak digest algorithm' rootdir/tmp/testwarning.output + testsuccess grep 'uses weak algorithm' rootdir/tmp/testwarning.output } runtest3 'Weak' -- cgit v1.2.3-70-g09d2 From 66998ed3d299bede651ad40368bdb270f5f5b0f9 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 28 Feb 2024 17:04:05 +0100 Subject: Temporarily downgrade key assertions to "soon worthless" This will only issue warnings instead of errors while we continue cleaning up our repositories. --- methods/gpgv.cc | 9 +-------- test/integration/test-method-gpgv | 8 ++++---- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 20ef2861d..e465c3595 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -253,14 +253,7 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, auto const asserted = atoi(tokens[1].c_str()); auto const pkstr = tokens[2]; if (not asserted) - { - std::string reason; - strprintf(reason, _("untrusted public key algorithm: %s"), pkstr.c_str()); - Signers.Worthless.push_back({fpr, reason}); - Signers.Good.erase(std::remove_if(Signers.Good.begin(), Signers.Good.end(), [&](std::string const &goodsig) - { return IsTheSameKey(fpr, goodsig); }), - Signers.Good.end()); - } + Signers.SoonWorthless.push_back({fpr, pkstr}); } else if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0) PushEntryWithKeyID(Signers.Good, buffer, Debug); diff --git a/test/integration/test-method-gpgv b/test/integration/test-method-gpgv index 0f014e3d1..4793b012e 100755 --- a/test/integration/test-method-gpgv +++ b/test/integration/test-method-gpgv @@ -60,14 +60,14 @@ testrun() { [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 1 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' testsuccess grep '^\s\+Good:\s\+$' method.output - testgpgv 'Unasserted signed with long keyid' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, ' '' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) + testgpgv 'Unasserted signed with long keyid' 'Good: GOODSIG 5A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE [GNUPG:] ASSERT_PUBKEY_ALGO 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 0 rsa1024' - testsuccess grep '^\s\+Good:\s\+$' method.output - testgpgv 'Unaserted signed with fingerprint' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, ' '' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) + testsuccess grep '^Message: Signature by key 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE uses weak algorithm (rsa1024)$' method.output + testgpgv 'Unaserted signed with fingerprint' 'Good: GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE [GNUPG:] ASSERT_PUBKEY_ALGO 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 0 rsa1024' - testsuccess grep '^\s\+Good:\s\+$' method.output + testsuccess grep '^Message: Signature by key 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE uses weak algorithm (rsa1024)$' method.output testgpgv 'Weak signed with long keyid' 'Good: GOODSIG 5A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 2 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' -- cgit v1.2.3-70-g09d2