1 |
On 6/12/20 6:48 PM, Brian Dolbec wrote: |
2 |
> On Fri, 12 Jun 2020 16:51:51 -0700 |
3 |
> Zac Medico <zmedico@g.o> wrote: |
4 |
> |
5 |
>> Add a sync-openpgp-key-refresh option that makes it possible to |
6 |
>> disable key refresh, which may be useful in cases when it is not |
7 |
>> possible to refresh keys. |
8 |
>> |
9 |
>> Key refresh is enabled by default, and if it is disabled then |
10 |
>> the SyncBase._refresh_keys method will output an ewarn message |
11 |
>> like this when the --quiet option is not enabled: |
12 |
>> |
13 |
>> * Key refresh is disabled via a repos.conf sync-openpgp-key-refresh |
14 |
>> * setting, and this is a security vulnerability because it prevents |
15 |
>> * detection of revoked keys! |
16 |
>> |
17 |
>> Bug: https://bugs.gentoo.org/661518 |
18 |
>> Signed-off-by: Zac Medico <zmedico@g.o> |
19 |
>> --- |
20 |
>> lib/portage/repository/config.py | 10 +++++++++- |
21 |
>> lib/portage/sync/syncbase.py | 9 ++++++++- |
22 |
>> man/portage.5 | 9 ++++++++- |
23 |
>> 3 files changed, 25 insertions(+), 3 deletions(-) |
24 |
>> |
25 |
>> diff --git a/lib/portage/repository/config.py |
26 |
>> b/lib/portage/repository/config.py index 50ab18026..6155c130a 100644 |
27 |
>> --- a/lib/portage/repository/config.py |
28 |
>> +++ b/lib/portage/repository/config.py |
29 |
>> @@ -1,4 +1,4 @@ |
30 |
>> -# Copyright 2010-2019 Gentoo Authors |
31 |
>> +# Copyright 2010-2020 Gentoo Authors |
32 |
>> # Distributed under the terms of the GNU General Public License v2 |
33 |
>> |
34 |
>> from __future__ import unicode_literals |
35 |
>> @@ -113,6 +113,7 @@ class RepoConfig(object): |
36 |
>> 'sync_hooks_only_on_change', |
37 |
>> 'sync_openpgp_keyserver', |
38 |
>> 'sync_openpgp_key_path', |
39 |
>> + 'sync_openpgp_key_refresh', |
40 |
>> 'sync_openpgp_key_refresh_retry_count', |
41 |
>> 'sync_openpgp_key_refresh_retry_delay_exp_base', |
42 |
>> 'sync_openpgp_key_refresh_retry_delay_max', |
43 |
>> @@ -233,6 +234,9 @@ class RepoConfig(object): |
44 |
>> self.sync_openpgp_key_path = repo_opts.get( |
45 |
>> 'sync-openpgp-key-path', None) |
46 |
>> |
47 |
>> + self.sync_openpgp_key_refresh = repo_opts.get( |
48 |
>> + 'sync-openpgp-key-refresh', 'true').lower() |
49 |
>> in ('true', 'yes') + |
50 |
>> for k in ('sync_openpgp_key_refresh_retry_count', |
51 |
>> 'sync_openpgp_key_refresh_retry_delay_exp_base', |
52 |
>> 'sync_openpgp_key_refresh_retry_delay_max', |
53 |
>> @@ -497,6 +501,8 @@ class RepoConfig(object): |
54 |
>> repo_msg.append(indent + "location: " + |
55 |
>> self.location) if not self.strict_misc_digests: |
56 |
>> repo_msg.append(indent + |
57 |
>> "strict-misc-digests: false") |
58 |
>> + if not self.sync_openpgp_key_refresh: |
59 |
>> + repo_msg.append(indent + |
60 |
>> "sync-openpgp-key-refresh: no") if self.sync_type: |
61 |
>> repo_msg.append(indent + "sync-type: " + |
62 |
>> self.sync_type) if self.sync_umask: |
63 |
>> @@ -609,6 +615,7 @@ class RepoConfigLoader(object): |
64 |
>> 'sync_hooks_only_on_change', |
65 |
>> 'sync_openpgp_keyserver', |
66 |
>> 'sync_openpgp_key_path', |
67 |
>> + |
68 |
>> 'sync_openpgp_key_refresh', 'sync_openpgp_key_refresh_retry_count', |
69 |
>> 'sync_openpgp_key_refresh_retry_delay_exp_base', |
70 |
>> 'sync_openpgp_key_refresh_retry_delay_max', |
71 |
>> @@ -1047,6 +1054,7 @@ class RepoConfigLoader(object): |
72 |
>> bool_keys = ( |
73 |
>> "strict_misc_digests", |
74 |
>> "sync_allow_hardlinks", |
75 |
>> + "sync_openpgp_key_refresh", |
76 |
>> "sync_rcu", |
77 |
>> ) |
78 |
>> str_or_int_keys = ( |
79 |
>> diff --git a/lib/portage/sync/syncbase.py |
80 |
>> b/lib/portage/sync/syncbase.py index 46644d68e..74818a420 100644 |
81 |
>> --- a/lib/portage/sync/syncbase.py |
82 |
>> +++ b/lib/portage/sync/syncbase.py |
83 |
>> @@ -1,4 +1,4 @@ |
84 |
>> -# Copyright 2014-2018 Gentoo Foundation |
85 |
>> +# Copyright 2014-2020 Gentoo Authors |
86 |
>> # Distributed under the terms of the GNU General Public License v2 |
87 |
>> |
88 |
>> ''' |
89 |
>> @@ -252,6 +252,13 @@ class SyncBase(object): |
90 |
>> @type openpgp_env: gemato.openpgp.OpenPGPEnvironment |
91 |
>> """ |
92 |
>> out = portage.output.EOutput(quiet=('--quiet' in |
93 |
>> self.options['emerge_config'].opts)) + |
94 |
>> + if not self.repo.sync_openpgp_key_refresh: |
95 |
>> + out.ewarn('Key refresh is disabled via a |
96 |
>> repos.conf sync-openpgp-key-refresh') |
97 |
>> + out.ewarn('setting, and this is a security |
98 |
>> vulnerability because it prevents') |
99 |
>> + out.ewarn('detection of revoked keys!') |
100 |
>> + return |
101 |
>> + |
102 |
>> out.ebegin('Refreshing keys via WKD') |
103 |
>> if openpgp_env.refresh_keys_wkd(): |
104 |
>> out.eend(0) |
105 |
>> diff --git a/man/portage.5 b/man/portage.5 |
106 |
>> index 36c871123..136ebaafe 100644 |
107 |
>> --- a/man/portage.5 |
108 |
>> +++ b/man/portage.5 |
109 |
>> @@ -1,4 +1,4 @@ |
110 |
>> -.TH "PORTAGE" "5" "Apr 2019" "Portage VERSION" "Portage" |
111 |
>> +.TH "PORTAGE" "5" "Jun 2020" "Portage VERSION" "Portage" |
112 |
>> .SH NAME |
113 |
>> portage \- the heart of Gentoo |
114 |
>> .SH "DESCRIPTION" |
115 |
>> @@ -1124,6 +1124,13 @@ Path to the OpenPGP key(ring) used to verify |
116 |
>> received repository. Used only for protocols supporting cryptographic |
117 |
>> verification, provided that the respective verification option is |
118 |
>> enabled. If unset, the user's keyring is used. |
119 |
>> +.TP |
120 |
>> +.B sync\-openpgp\-key\-refresh = yes |
121 |
>> +Enable OpenPGP key(ring) refresh. This option is enabled by default. |
122 |
>> + |
123 |
>> +\fBWarning\fR: It is a security vulnerability to disable this option |
124 |
>> +because this will prevent detection of revoked keys! |
125 |
>> + |
126 |
>> .TP |
127 |
>> .B sync\-openpgp\-key\-refresh\-retry\-count = 40 |
128 |
>> Maximum number of times to retry key refresh if it fails. Between |
129 |
>> each |
130 |
> |
131 |
> |
132 |
> Is this something we can override with emaint sync in order to refresh |
133 |
> the keys on demand? This would be the same as emaint sync ability to |
134 |
> ignore the sync = no for manaual syncing on demand only. |
135 |
> |
136 |
> Possibly add an option to emaint sync that causes a refresh of the key. |
137 |
|
138 |
These are questions for Rick since I never plan to use this feature myself. |
139 |
-- |
140 |
Thanks, |
141 |
Zac |