Add pgpVerifySignature2 #2453
Add pgpVerifySignature2 #2453
Conversation
rpmio/rpmkeyring.c
Outdated
| rpmlog(RPMLOG_ERR, "Error verifying signature: %s", | ||
| errormsg); | ||
| } else { | ||
| rpmlog(RPMLOG_WARNING, "Warning verifying signature: %s", |
There was a problem hiding this comment.
rpmlog() prefixes ERR and WARNING with error: and warning: respectively so these will appear a bit redundant, eg error: Error verifying signature: <explanation>
Not that I have any particularly bright ideas for better messages.
There was a problem hiding this comment.
Good point, I'll remove the error and warning. Verifying signature is enough. errormsg will contain the actual text.
There was a problem hiding this comment.
Having now tested this, I wonder if even that is necessary because that context is already supplied by the Sequoia message:
/home/pmatilai/Downloads/anydesk-6.1.1-1.el8.x86_64.rpm:
error: Error verifying signature: Verifying a signature using certificate D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
No binding signature at time 2021-04-13T11:08:37Z
error: Error verifying signature: Verifying a signature using certificate D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29:
I think we should decide which side emits the "verifying signature" context and drop it from the other entirely. I'd be fine with letting the Sequoia side handle it all because it has far more information available.
There was a problem hiding this comment.
Here's what the new output looks like:
$ sudo update-crypto-policies --set DEFAULT
$ LD_PRELOAD=$HOME/rpm-sequoia/target/release/librpm_sequoia.so RPM_TRACE=0 ./rpm -i ~/anydesk-6.1.1-1.el7.x86_64.rpm
error: Verifying a signature using certificate D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29 (philandro Software GmbH <[email protected]>):
Certificate 18DF3741CDFFDE29 invalid: policy violation
because: No binding signature at time 2021-04-13T11:08:37Z
error: /home/neal/anydesk-6.1.1-1.el7.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID cdffde29: BAD
error: /home/neal/anydesk-6.1.1-1.el7.x86_64.rpm cannot be installed
$ sudo update-crypto-policies --set FUTURE
$ LD_PRELOAD=$HOME/rpm-sequoia/target/release/librpm_sequoia.so ./rpm -i ~/anydesk-6.1.1-1.el7.x86_64.rpm
error: Verifying a signature using certificate D56311E5FF3B6F39D5A16ABE18DF3741CDFFDE29 (philandro Software GmbH <[email protected]>):
1. Signature 155143, created at Tue Apr 13 11:08:37 2021 invalid: it relies on legacy cryptography
because: Policy rejected non-revocation signature (Binary) requiring collision resistance
because: SHA1 is not considered secure since 1970-01-01T00:00:00Z
2. Certificate 18DF3741CDFFDE29 invalid: policy violation
because: No binding signature at time 2021-04-13T11:08:37Z
error: /home/neal/anydesk-6.1.1-1.el7.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID cdffde29: BAD
error: /home/neal/anydesk-6.1.1-1.el7.x86_64.rpm cannot be installed
$ LD_PRELOAD=$HOME/rpm-sequoia/target/release/librpm_sequoia.so RPM_TRACE=0 ./rpm -i ~/google-chrome-stable-109.0.5414.119-1.x86_64.rpm
error: Verifying a signature using certificate 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 (Google, Inc. Linux Package Signing Key <[email protected]>):
1. Signature 2179, created at Mon Jan 23 21:23:32 2023 invalid: it relies on legacy cryptography
because: Policy rejected non-revocation signature (Binary) requiring collision resistance
because: SHA1 is not considered secure since 1970-01-01T00:00:00Z
2. Certificate A040830F7FAC5991 invalid: policy violation
because: No binding signature at time 2023-01-23T21:23:32Z
because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
because: SHA1 is not considered secure since 1970-01-01T00:00:00Z
warning: /home/neal/google-chrome-stable-109.0.5414.119-1.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 7fac5991: NOTTRUSTED
error: Failed dependencies:
rpmlib(PayloadIsXz) <= 5.2-1 is needed by google-chrome-stable-109.0.5414.119-1.x86_64
I think that resolves this issue.
|
Some minor wrinkles to sort out on both sides, but this indeed makes a world of difference for understanding what's going on:
This seems more than adequate for 4.18.x but I'm now wondering if we shouldn't go ahead and wire this up all the way through in 4.19, there's a long-standing need for a saner package verification public API anyway... (#2041) Mind you, I'm not expecting you to do that work, just thinking out loud. |
|
The change is relative straightforward, and is a major UX improvement, I'd say. I think it makes a lot of sense to add it to master and publish it with 4.19. |
|
Oh absolutely it will go into 4.19 as well, what I'm wondering is if we shouldn't go the extra step further there. |
|
On a loosely related note, this starts getting into territory where we may want to support multiple versions of rpm-sequoia, ie test whether Verify2 is available and fall back to old if not. I'll look into that, don't worry about it. |
nwalfield
force-pushed
the
pgp-verify-signature2
branch
2 times, most recently
from
31c8068 to
5498d2b
Compare
Add a new function, pgpVerifySignature2, which is like pgpVerifySignature, but optionally returns descriptive error messages (in the case of failure) or lints (in the case of success). This requires rpm-sequoia 1.4 or later. See rpm-software-management/rpm-sequoia#39 and rpm-software-management#2127 (comment)
nwalfield
force-pushed
the
pgp-verify-signature2
branch
from
5498d2b to
b74ad98
Compare
|
This is basically done. (CI is failing, because rpm-sequoia 1.4 is not yet available.) @pmatilai if you are happy, I'll release rpm-sequoia 1.4. Otherwise, I'm happy to iterate some more. |
Add a new function, `pgpPrtParams2`, which is like `pgpPrtParams`, but optionally returns descriptive error messages (in the case of failure) or lints (in the case of success). This requires rpm-sequoia 1.4 or later. Fixes rpm-software-management#2483.
|
FYI, I've also released 1.4.0 of rpm-sequoia |
|
And thanks to @decathorpe, 1.4.0 already in rawhide: https://packages.fedoraproject.org/pkgs/rust-rpm-sequoia/rpm-sequoia/ |
|
I took this, adjusted the tests to match + fixed some minor issues such as indentation and missing prototype for pgpPrtParams2(), added temporary tweak to pull the new rpm-sequoia from updates-testing and merged it into one commit (separate commits didn't seem particularly beneficial): #2493 |
|
Thanks for the initial work! |
|
@pmatilai : Thanks a lot for revising this! It's a bit embarrassing that I failed to commit the adjustments to the tests :/. I'm sorry for making work for you. |
|
@nwalfield , not at all. You've certainly done more than your share on this all, and I knew you had other commitments in April. |
Add a new function, pgpVerifySignature2. pgpVerifySignature2 is like pgpVerifySignature, but optionally returns a descriptive error message (in the case of failure) or a lint (in the case of success).
This requires rpm-sequoia 1.4 or later.
See rpm-software-management/rpm-sequoia#39 and
#2127 (comment)