Skip to content

Commit

Permalink
Don't consider header SHA1 digest for package verification by default
Browse files Browse the repository at this point in the history 
Similar to the MD5 change of previous commit, SHA1 is widely considered
obsolete and insecure. This would be equally dramatic to the MD5 change
if that hadn't already been done: it renders all v3 and v4 content built
with older than rpm 4.14 unverifiable and uninstallable based on digest.
Add a note for restoring full v4 compatibility in the main macros file.

Update tests to match the new expectation, no surprises here.

Related: rpm-software-management#1292
  • Loading branch information
@pmatilai @ffesti
pmatilai authored and ffesti committed Sep 13, 2024
1 parent e4b3ffb commit c8ceb9b
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 33 deletions.
3 changes: 2 additions & 1 deletion macros.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -688,7 +688,8 @@ Supplements: (%{name} = %{version}-%{release} and langpacks-%{1})\
%_pkgverify_level digest

# Disabler flags for package verification (similar to vsflags)
%_pkgverify_flags 0x20000
# Set to 0x0 for full compatibility with v4 packages.
%_pkgverify_flags 0x20100

# Minimize writes during transactions (at the cost of more reads) to
# conserve eg SSD disks (EXPERIMENTAL).
Expand Down
1 change: 0 additions & 1 deletion tests/pinned/rpmsigdig.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,5 @@ PAYLOADSIZE: (none)
PAYLOADSIZEALT: (none)
/build/RPMS/4/noarch/attrtest-1.0-1.noarch.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 ALT digest: OK
Payload SHA256 digest: OK
38 changes: 7 additions & 31 deletions tests/rpmsigdig.at
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm
[0],
[/data/RPMS/hello-2.0-1.x86_64.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
],
[])
Expand All @@ -27,7 +26,8 @@ runroot rpmkeys -Kv /data/RPMS/hello-1.0-1.i386.rpm
],
[1],
[/data/RPMS/hello-1.0-1.i386.rpm:
Header SHA1 digest: OK
Header SHA256 digest: NOTFOUND
Header SHA1 digest: NOTFOUND
Payload SHA256 digest: NOTFOUND
Payload SHA256 ALT digest: NOTFOUND
MD5 digest: NOTFOUND
Expand Down Expand Up @@ -63,7 +63,6 @@ runroot rpmkeys -Kv /tmp/hello-c.rpm
[0],
[/tmp/hello-c.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
],
[])
Expand All @@ -74,7 +73,6 @@ runroot rpmkeys -Kv /tmp/hello-uc.rpm
[0],
[/tmp/hello-uc.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 ALT digest: OK
],
[])
Expand Down Expand Up @@ -110,7 +108,6 @@ runroot rpmkeys -Kv /tmp/${pkg}
[0],
[/tmp/hello-2.0-1.x86_64.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
],
[])
Expand Down Expand Up @@ -143,7 +140,7 @@ runroot rpmkeys -Kv /tmp/${pkg}
[1],
[/tmp/hello-2.0-1.x86_64.rpm:
Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82)
Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
Header SHA1 digest: NOTFOUND
Payload SHA256 digest: OK
MD5 digest: NOTFOUND
],
Expand All @@ -166,7 +163,6 @@ runroot rpmkeys -Kv /tmp/${pkg}
[1],
[/tmp/hello-2.0-1.x86_64.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
Payload SHA256 ALT digest: NOTFOUND
MD5 digest: NOTFOUND
Expand Down Expand Up @@ -347,7 +343,6 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY
Header DSA signature: NOTFOUND
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
RSA signature: NOTFOUND
DSA signature: NOTFOUND
Expand All @@ -360,7 +355,6 @@ Checking package after importing key:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
Header V4 RSA/SHA512 Signature, key ID 15217ee0: OK
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
0
Checking package after importing key, no digest:
Expand All @@ -374,7 +368,6 @@ Checking package after importing key, no digest:
Checking package after importing key, no signature:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
0
]],
Expand Down Expand Up @@ -408,7 +401,6 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY
Header DSA signature: NOTFOUND
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
RSA signature: NOTFOUND
DSA signature: NOTFOUND
Expand All @@ -427,7 +419,6 @@ RPMOUTPUT_SEQUOIA([ because: Expired on 2022-04-12T00:00:15Z])dnl
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
RSA signature: NOTFOUND
DSA signature: NOTFOUND
Expand All @@ -447,7 +438,6 @@ RPMOUTPUT_SEQUOIA([ because: Expired on 2022-04-12T00:00:15Z])dnl
Checking package after importing key, no signature:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
0
],
Expand Down Expand Up @@ -481,7 +471,6 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY
Header DSA signature: NOTFOUND
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
RSA signature: NOTFOUND
DSA signature: NOTFOUND
Expand All @@ -498,7 +487,6 @@ RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 is invalid: key is revoked])dnl
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
RSA signature: NOTFOUND
DSA signature: NOTFOUND
Expand All @@ -516,7 +504,6 @@ RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 is invalid: key is revoked])dnl
Checking package after importing key, no signature:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
0
],
Expand Down Expand Up @@ -690,29 +677,25 @@ runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo
[/data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm:
Header V3 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
V3 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
1
/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
1
0
/data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm:
Header V3 RSA/SHA256 Signature, key ID 1964c5fc: OK
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
V3 RSA/SHA256 Signature, key ID 1964c5fc: OK
0
/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
0
Expand All @@ -726,12 +709,10 @@ runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo
0
/data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
0
/data/RPMS/hello-2.0-1.x86_64-signed.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
0
],
Expand Down Expand Up @@ -763,7 +744,6 @@ RPMOUTPUT_SEQUOIA([ Failed to parse Signature Packet])dnl
RPMOUTPUT_SEQUOIA([ because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.])dnl
RPMOUTPUT_SEQUOIA([ because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))])dnl
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
/tmp/hello-2.0-1.x86_64-signed.rpm:
Expand All @@ -773,7 +753,6 @@ RPMOUTPUT_SEQUOIA([ Failed to parse Signature Packet])dnl
RPMOUTPUT_SEQUOIA([ because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.])dnl
RPMOUTPUT_SEQUOIA([ because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))])dnl
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
],
Expand Down Expand Up @@ -801,14 +780,14 @@ runroot rpmkeys -Kv /tmp/${pkg}
[/tmp/hello-2.0-1.x86_64-v3-signed.rpm:
Header V3 RSA/SHA256 Signature, key ID 1964c5fc: BAD
Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 63a0502eb7f5eaa07d43fe8fa805665b86e58d53db38ccf625bbbf01e3cd67ab)
Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != fe227d93273221c252c6bb45e67a8489fcb48f88)
Header SHA1 digest: NOTFOUND
Payload SHA256 digest: OK
V3 RSA/SHA256 Signature, key ID 1964c5fc: BAD
MD5 digest: NOTFOUND
/tmp/hello-2.0-1.x86_64-v3-signed.rpm:
Header V3 RSA/SHA256 Signature, key ID 1964c5fc: BAD
Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 63a0502eb7f5eaa07d43fe8fa805665b86e58d53db38ccf625bbbf01e3cd67ab)
Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != fe227d93273221c252c6bb45e67a8489fcb48f88)
Header SHA1 digest: NOTFOUND
Payload SHA256 digest: OK
V3 RSA/SHA256 Signature, key ID 1964c5fc: BAD
MD5 digest: NOTFOUND
Expand Down Expand Up @@ -836,14 +815,14 @@ runroot rpmkeys -Kv /tmp/${pkg}
[/tmp/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82)
Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
Header SHA1 digest: NOTFOUND
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
MD5 digest: NOTFOUND
/tmp/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82)
Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
Header SHA1 digest: NOTFOUND
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
MD5 digest: NOTFOUND
Expand Down Expand Up @@ -872,15 +851,13 @@ runroot rpmkeys -Kv /tmp/${pkg}
[/tmp/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
Payload SHA256 ALT digest: NOTFOUND
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
MD5 digest: NOTFOUND
/tmp/hello-2.0-1.x86_64-signed.rpm:
Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
Payload SHA256 ALT digest: NOTFOUND
V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
Expand Down Expand Up @@ -1095,7 +1072,6 @@ runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm
[1],
[/tmp/hello-2.0-1.x86_64.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
Payload SHA256 ALT digest: NOTFOUND
MD5 digest: NOTFOUND
Expand Down

0 comments on commit c8ceb9b

Please sign in to comment.