[Rpm-maint] [rpm-software-management/rpm] Distinguish between trusted and untrusted signatures and keys. (PR #1993)

nwalfield notifications at github.com
Wed Apr 13 20:32:56 UTC 2022 

[Here, @DemiMarie wrote](https://github.com/rpm-software-management/rpm/issues/1978#issuecomment-1097712857):

> I suggest fixing these tests in the internal parser, provided that tests are added that make sure the Sequoia backend won’t actually verify a signature using the bad subkey. My PR https://github.com/rpm-software-management/rpm/pull/1993 should do most of it.

[I created three tests](https://github.com/nwalfield/rpm/tree/demi-handle-revocation):

  - A package signed with a subkey
  - A package signed with an expired subkey
  - A package signed with a revoked subkey

Using the Sequoia backend, all three of these tests pass.  It seems that not only is the internal OpenPGP parser unable to deal with this, but it can't even import the certificate:

```
269. rpmsigdig.at:304: testing rpmkeys --import, signed with a good subkey ...
../../tests/rpmsigdig.at:306:


if ! [ -d testing/ ]; then
    cp -aP "${RPMTEST}" .
    chmod -R u+w testing/
    mkdir -p testing/build
    ln -s ../data/SOURCES testing/build/
fi
export RPMTEST="${PWD}/testing"
export TOPDIR="${RPMTEST}/build"
export HOME="${RPMTEST}"

rm -rf "${RPMTEST}"`rpm --eval '%_dbpath'`/*
runroot rpm --initdb


echo Checking package before importing key:
runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
echo Importing key:
runroot rpmkeys --import /data/keys/alice.asc; echo $?
echo Checking for key:
runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version
echo Checking package after importing key:
runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
echo Checking package after importing key, no digest:
runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
echo Checking package after importing key, no signature:
runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?

--- /dev/null	2022-03-31 08:23:21.524275212 +0000
+++ /home/us/neal/work/pep/rpm/b/tests/rpmtests.dir/at-groups/269/stderr	2022-04-13 20:27:07.767226325 +0000
@@ -0,0 +1 @@
+error: /data/keys/alice.asc: key 1 import failed.
--- -	2022-04-13 20:27:08.159403250 +0000
+++ /home/us/neal/work/pep/rpm/b/tests/rpmtests.dir/at-groups/269/stdout	2022-04-13 20:27:08.151227005 +0000
@@ -10,22 +10,23 @@
     MD5 digest: OK
 1
 Importing key:
-0
+1
...
```

Any idea what is going on here?  Is it perhaps because the internal parser rejects certificates, because the primary key is not signing capable?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1993#issuecomment-1098461204
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1993/c1098461204 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220413/fc278aa3/attachment.html>

More information about the Rpm-maint mailing list