From 81c65f7e86b8f16eaaa91d9c205a594b0ebde159 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Tue, 9 Apr 2024 19:56:26 +0200 Subject: Revert "Temporarily downgrade key assertions to "soon worthless"" We temporarily downgraded the errors to warnings to give the launchpad PPAs time to be fixed, but warnings are not safe: Untrusted keys could be hiding on your system, but just not used at the moment. Hence revert this so we get the errors we want. This reverts commit 66998ed3d299bede651ad40368bdb270f5f5b0f9. LP: #2060721 Gbp-Dch: full --- methods/gpgv.cc | 9 ++++++++- test/integration/test-method-gpgv | 8 ++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/methods/gpgv.cc b/methods/gpgv.cc index e465c3595..20ef2861d 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -253,7 +253,14 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, auto const asserted = atoi(tokens[1].c_str()); auto const pkstr = tokens[2]; if (not asserted) - Signers.SoonWorthless.push_back({fpr, pkstr}); + { + std::string reason; + strprintf(reason, _("untrusted public key algorithm: %s"), pkstr.c_str()); + Signers.Worthless.push_back({fpr, reason}); + Signers.Good.erase(std::remove_if(Signers.Good.begin(), Signers.Good.end(), [&](std::string const &goodsig) + { return IsTheSameKey(fpr, goodsig); }), + Signers.Good.end()); + } } else if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0) PushEntryWithKeyID(Signers.Good, buffer, Debug); diff --git a/test/integration/test-method-gpgv b/test/integration/test-method-gpgv index 4793b012e..0f014e3d1 100755 --- a/test/integration/test-method-gpgv +++ b/test/integration/test-method-gpgv @@ -60,14 +60,14 @@ testrun() { [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 1 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' testsuccess grep '^\s\+Good:\s\+$' method.output - testgpgv 'Unasserted signed with long keyid' 'Good: GOODSIG 5A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) + testgpgv 'Unasserted signed with long keyid' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, ' '' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE [GNUPG:] ASSERT_PUBKEY_ALGO 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 0 rsa1024' - testsuccess grep '^Message: Signature by key 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE uses weak algorithm (rsa1024)$' method.output - testgpgv 'Unaserted signed with fingerprint' 'Good: GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) + testsuccess grep '^\s\+Good:\s\+$' method.output + testgpgv 'Unaserted signed with fingerprint' 'Worthless: 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE, ' '' '[GNUPG:] GOODSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 11 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE [GNUPG:] ASSERT_PUBKEY_ALGO 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 0 rsa1024' - testsuccess grep '^Message: Signature by key 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE uses weak algorithm (rsa1024)$' method.output + testsuccess grep '^\s\+Good:\s\+$' method.output testgpgv 'Weak signed with long keyid' 'Good: GOODSIG 5A90D141DBAC8DAE' '34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE!' '[GNUPG:] GOODSIG 5A90D141DBAC8DAE Joe Sixpack (APT Testcases Dummy) [GNUPG:] VALIDSIG 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE 2016-09-01 1472742625 0 4 0 1 2 00 34A8E9D18DB320F367E8EAA05A90D141DBAC8DAE' -- cgit v1.2.3-70-g09d2