FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 02-19-2011, 01:02 AM
Denis A. Altoé Falqueto
 
Default repo-add and access to pacman keyring

Hi,

Well, it seems I'm busy lately, doesn't it?

I was implementing the first TODO list for repo-add in (see
https://wiki.archlinux.org/index.php/User:Allan/Package_Signing) and
stuck in a point where I need some opinions on what to do.

repo-add should verify if the signature is valid and if it is from
someone from a list of valid keys. I think that list should be
pacman's keyring, because it is the keyring the final user will use to
verify the signatures, right?

So, repo-add needs read access to pacman's keyring, so the keyring
would need to be readable for anyone. gpg emits a warning when the
keyring dir and files have insecure permissions (any permissions for
group owner and other users). In my opinion, this could be ignored,
because pacman's keyring doesn't have any private information. Of
course, writing permissions should be granted only to root, the owner
of the keyring.

After all, do you agree with my reasoning? Can we make pacman's
keyring readable for anyone?

Thanks,

--
A: Because it obfuscates the reading.
Q: Why is top posting so bad?

-------------------------------------------
Denis A. Altoe Falqueto
Linux user #524555
-------------------------------------------
 
Old 03-01-2011, 03:25 AM
Allan McRae
 
Default repo-add and access to pacman keyring

On 19/02/11 12:02, Denis A. Altoé Falqueto wrote:

Hi,

Well, it seems I'm busy lately, doesn't it?

I was implementing the first TODO list for repo-add in (see
https://wiki.archlinux.org/index.php/User:Allan/Package_Signing) and
stuck in a point where I need some opinions on what to do.

repo-add should verify if the signature is valid and if it is from
someone from a list of valid keys. I think that list should be
pacman's keyring, because it is the keyring the final user will use to
verify the signatures, right?

So, repo-add needs read access to pacman's keyring, so the keyring
would need to be readable for anyone. gpg emits a warning when the
keyring dir and files have insecure permissions (any permissions for
group owner and other users). In my opinion, this could be ignored,
because pacman's keyring doesn't have any private information. Of
course, writing permissions should be granted only to root, the owner
of the keyring.

After all, do you agree with my reasoning? Can we make pacman's
keyring readable for anyone?



The more I think about this, I am beginning to lean towards just leaving
this at the moment. I think we should wait for some actual usage of the
signing system before we can decide exactly what to do here. Once a
workflow is figured out for when a distribution starts using this
signing system, we will know when the repo db is being signed (in a
central location, on the developers computer and then uploaded, etc) and
by what key (repo master key, developers key) and then we can see where
improvements can be made.


So lets just skip that TODO item for now.

Allan
 

Thread Tools




All times are GMT. The time now is 06:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org