Message ID | 20200730164932.1739-1-anatol.pomozov@gmail.com |
---|---|
State | Superseded, archived |
Headers | show
Return-Path: <pacman-dev-bounces@archlinux.org> Delivered-To: patchwork@archlinux.org Received: from apollo.archlinux.org (localhost [127.0.0.1]) by apollo.archlinux.org (Postfix) with ESMTP id AD8781A3DCEBD for <patchwork@archlinux.org>; Thu, 30 Jul 2020 16:49:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on apollo.archlinux.org X-Spam-Level: X-Spam-Status: No, score=-1.7 required=5.0 tests=DKIM_ADSP_CUSTOM_MED=0.001, DKIM_INVALID=1,DKIM_SIGNED=0.1,FREEMAIL_FROM=0.5,MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3,RCVD_IN_MSPIKE_H4=0.001,RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,T_DMARC_POLICY_NONE=0.01,T_DMARC_SIMPLE_DKIM=0.01 autolearn=ham autolearn_force=no version=3.4.4 X-Spam-BL-Results: <dns:70.91.198.88.wl.mailspike.net> [127.0.0.19] <dns:70.91.198.88.list.dnswl.org> [127.0.9.2] <dns:79.31.222.73.dnsbl.sorbs.net> [127.0.0.10] <dns:79.31.222.73.zen.spamhaus.org> [127.0.0.10] Received: from orion.archlinux.org (orion.archlinux.org [88.198.91.70]) by apollo.archlinux.org (Postfix) with ESMTPS for <patchwork@archlinux.org>; Thu, 30 Jul 2020 16:49:56 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id EC4641D364256A; Thu, 30 Jul 2020 16:49:51 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [IPv6:2a01:4f8:160:3033::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: luna) by orion.archlinux.org (Postfix) with ESMTPSA id B55961D3642563; Thu, 30 Jul 2020 16:49:51 +0000 (UTC) Authentication-Results: orion.archlinux.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZA6iEXA2 Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 7358B29CAC; Thu, 30 Jul 2020 16:49:51 +0000 (UTC) Authentication-Results: luna.archlinux.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZA6iEXA2 Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 56C8329CAB for <pacman-dev@lists.archlinux.org>; Thu, 30 Jul 2020 16:49:46 +0000 (UTC) Received: from orion.archlinux.org (orion.archlinux.org [IPv6:2a01:4f8:160:6087::1]) by luna.archlinux.org (Postfix) with ESMTPS for <pacman-dev@lists.archlinux.org>; Thu, 30 Jul 2020 16:49:46 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id 274EB1D364255E for <pacman-dev@archlinux.org>; Thu, 30 Jul 2020 16:49:45 +0000 (UTC) Received: from mail-pj1-x1041.google.com (mail-pj1-x1041.google.com [IPv6:2607:f8b0:4864:20::1041]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by orion.archlinux.org (Postfix) with ESMTPS for <pacman-dev@archlinux.org>; Thu, 30 Jul 2020 16:49:43 +0000 (UTC) Received: by mail-pj1-x1041.google.com with SMTP id t6so1219428pjr.0 for <pacman-dev@archlinux.org>; Thu, 30 Jul 2020 09:49:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=AUezYMCQixZLMnr+Mod46A4PopwdqgQTNX7Plct4e9s=; b=ZA6iEXA2f2rqOmsNRD4ZSDFRp5TIKFnbNnAC52VSY3jQJNT2kFAB3NU+iwk2oDGE6u o+YDKSzh4eJhtGgQICGWTtW2zGjPFxxNUiLjzlUuBgGD9Sffk3Y9NeWLmoqwTXg0bbsl 7k3DYO/60pjCAy2EBdbAy0eVVPgoWZn/H+rXThFn5iwRIXPtr98Fv+MdUEXdEn4IVNyl kZr7fvYqoM3DDEauvU5QmRHXeddBcWOpdr3XlTcQIss/HuPTIKgfHxFPT7UnA/eOd1gE Q+roH+aR69YvHGJo9oRfcdUXLxHQbFhPzlRD6x+gYxAOC3dhR5/aS5ja2vmIsCJsskGp whcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=AUezYMCQixZLMnr+Mod46A4PopwdqgQTNX7Plct4e9s=; b=lznPWPlKcQXABt20yaMxU4LJbBkbmhJRrY7Nuc7m2Nt9nA41ESLdA5LPFTNyozUgmc Cx7empF8a60QFJpdNqXEBW0wWLXlxU6YWUEP2SnbUi9PHNxw5Us0kHIbMpmOT2HTvIqR S/nz9Ki3byP4Dd1uD7NJCc4HFWhEsqE8xwUqq3/APcMfF7RBXtvStq3Zkl9GV+otiB9q 3v5hBpfaP9ZNRzphTjTvr0VnpT+dgbLKcEma8B9IODOzdPof8kThEfqyUEbna7HmFa5X JPa5CKlpfVxlBKT/HmIJSBtF7b7MkQ1HQ1c2nxvXepVj6owWoN1aHgOkkE0mLrIBfxZ+ sGTg== X-Gm-Message-State: AOAM531hwe+eNGh9J0jXVfA1Z3cYOBNiT6yJ+lN3EdhAiPmqliUHkN+g VuDTNQE/ddmqhrUHywwI9MRqKwv7rIc= X-Google-Smtp-Source: ABdhPJyzkrBhcZl/poppXV8qSMv5F2rb6L9l9q5I8+piaxkxwDURmiZl2ROtRDbZCIQqZPuRXI7zbg== X-Received: by 2002:a63:5906:: with SMTP id n6mr33904585pgb.278.1596127781716; Thu, 30 Jul 2020 09:49:41 -0700 (PDT) Received: from wolf.lan (c-73-222-31-79.hsd1.ca.comcast.net. [73.222.31.79]) by smtp.gmail.com with ESMTPSA id t17sm6877172pgu.30.2020.07.30.09.49.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Jul 2020 09:49:41 -0700 (PDT) From: Anatol Pomozov <anatol.pomozov@gmail.com> To: pacman-dev@archlinux.org Date: Thu, 30 Jul 2020 09:49:32 -0700 Message-Id: <20200730164932.1739-1-anatol.pomozov@gmail.com> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [pacman-dev] [PATCH] Enable sha256/md5 hash verification if detached signatures are used X-BeenThere: pacman-dev@archlinux.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussion list for pacman development <pacman-dev.archlinux.org> List-Unsubscribe: <https://lists.archlinux.org/options/pacman-dev>, <mailto:pacman-dev-request@archlinux.org?subject=unsubscribe> List-Archive: <https://lists.archlinux.org/pipermail/pacman-dev/> List-Post: <mailto:pacman-dev@archlinux.org> List-Help: <mailto:pacman-dev-request@archlinux.org?subject=help> List-Subscribe: <https://lists.archlinux.org/listinfo/pacman-dev>, <mailto:pacman-dev-request@archlinux.org?subject=subscribe> Reply-To: Discussion list for pacman development <pacman-dev@archlinux.org> Errors-To: pacman-dev-bounces@archlinux.org Sender: "pacman-dev" <pacman-dev-bounces@archlinux.org> |
Series |
[pacman-dev] Enable sha256/md5 hash verification if detached signatures are used
|
expand
|
diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index f98832f4..4dde7167 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -311,7 +311,7 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle, } } - if(syncpkg && !has_sig) { + if(syncpkg && (!has_sig || !syncpkg->base64_sig)) { if(syncpkg->md5sum && !syncpkg->sha256sum) { _alpm_log(handle, ALPM_LOG_DEBUG, "md5sum: %s\n", syncpkg->md5sum); _alpm_log(handle, ALPM_LOG_DEBUG, "checking md5sum for %s\n", pkgfile);
Pacman has multiple ways to verify package content integrity: - gpg signature - sha256 - md5 These verification mechanisms overlap each other. gpg signatures already contain hash value of the package content. So if a package signature is present then pacman ignored the other 2 hash values. This worked well with signtures embedded into pacman database. Recently pacman got an ability to handle detached signatures (*.sig files located next to the package files). If pacman verifies detached signature only then one can replace pkg+sig files with some other content and pacman still processes it as a valid package. It open doors for security attacks e.g. 'rollback attack'. To prevent it we need to verify database<->package integrity using hash values stored in the database. This commit fixes FS#67232 The new debug output is: checking package integrity... debug: found cached pkg: /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: sha256sum: 77baf61c62c5570b3a37cf0c3b16c5d9a97dde6fedd1a3528bf0cc5f96dd5e52 debug: checking sha256sum for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: sig data: <from .sig> debug: checking signature for /var/cache/pacman/pkg/ruby-2.7.1-2-x86_64.pkg.tar.zst debug: 1 signatures returned debug: fingerprint: B5971F2C5C10A9A08C60030F786C63F330D7CB92 Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> --- lib/libalpm/be_package.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)