Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add --keyring and --fingerprint options #32

Open
wants to merge 7 commits into
base: main
Choose a base branch
from

Conversation

josch
Copy link

@josch josch commented Jul 17, 2024

Building on the work of #1 and #31 it is possible to further refactor the gpg verification code and add additional verification mechanisms other than using the python gpgme binding. With these changes, it is possible to pass a gpg keyring to bmaptool. So now I can instruct consumers of my disk images to run this:

bmaptool copy --keyring=/usr/share/keyrings/debian-keyring.gpg http://disk.img /dev/sda

And they will have the assurance that whatever they download, extract and copy to their disk was signed by the same gpg keys as their Debian OS. For even more paranoid people there is the --fingerprint option which forces the bmap file to be signed by the given fingerprint.

What do you think?

josch and others added 7 commits July 16, 2024 18:15
 - avoid expiration of keys by re-creating them
 - prevent gnupg version being incompatible with $GNUPGHOME in git

Storing binary data is bad because:

 - git is not good at handling binary data
 - binary data is harder to inspect (remember the xz incident)
Passing 0xFFFFFFFFFFFFFFFF to read causes python to complain about:

    OverflowError: cannot fit 'int' into an index-sized integer

Signed-off-by: Jörg Sommer <[email protected]>
The current tests do not take into account whether the `gpg` package has
been installed or not. If it is missing, the tests should be skipped.

Furthermore, the output of the tests must be checked in order to decide
whether tests fail due to an exception or whether the desired error message
is displayed.

Signed-off-by: Jörg Sommer <[email protected]>
The verification of PGP signatures had some flaws and didn't work, because
the Python API and the GPG interface have changed. Inline signatures were
not detected, because of a comparison of string and byte array. And even
after this the code failed, because `sig.status` is no longer available.

Signed-off-by: Jörg Sommer <[email protected]>
@josch
Copy link
Author

josch commented Jul 25, 2024

Should bmaptool error out if the user supplied the --keyring or --fingerprint options but then bmaptool did not manage to discover a gpg signature? I think doing so would be a sane default, agreed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants