From c8ceb9bae00bbeb8328b22dd31b3e8f8e16275f2 Mon Sep 17 00:00:00 2001 From: Panu Matilainen Date: Tue, 10 Sep 2024 13:17:10 +0300 Subject: [PATCH] Don't consider header SHA1 digest for package verification by default Similar to the MD5 change of previous commit, SHA1 is widely considered obsolete and insecure. This would be equally dramatic to the MD5 change if that hadn't already been done: it renders all v3 and v4 content built with older than rpm 4.14 unverifiable and uninstallable based on digest. Add a note for restoring full v4 compatibility in the main macros file. Update tests to match the new expectation, no surprises here. Related: #1292 --- macros.in | 3 ++- tests/pinned/rpmsigdig.txt | 1 - tests/rpmsigdig.at | 38 +++++++------------------------------- 3 files changed, 9 insertions(+), 33 deletions(-) diff --git a/macros.in b/macros.in index 65967dd54d..8966dc71f7 100644 --- a/macros.in +++ b/macros.in @@ -688,7 +688,8 @@ Supplements: (%{name} = %{version}-%{release} and langpacks-%{1})\ %_pkgverify_level digest # Disabler flags for package verification (similar to vsflags) -%_pkgverify_flags 0x20000 +# Set to 0x0 for full compatibility with v4 packages. +%_pkgverify_flags 0x20100 # Minimize writes during transactions (at the cost of more reads) to # conserve eg SSD disks (EXPERIMENTAL). diff --git a/tests/pinned/rpmsigdig.txt b/tests/pinned/rpmsigdig.txt index e4196ed32c..50299c7e97 100644 --- a/tests/pinned/rpmsigdig.txt +++ b/tests/pinned/rpmsigdig.txt @@ -7,6 +7,5 @@ PAYLOADSIZE: (none) PAYLOADSIZEALT: (none) /build/RPMS/4/noarch/attrtest-1.0-1.noarch.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 ALT digest: OK Payload SHA256 digest: OK diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index 995fa0e0c4..ccb66999d7 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -17,7 +17,6 @@ runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm [0], [/data/RPMS/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK ], []) @@ -27,7 +26,8 @@ runroot rpmkeys -Kv /data/RPMS/hello-1.0-1.i386.rpm ], [1], [/data/RPMS/hello-1.0-1.i386.rpm: - Header SHA1 digest: OK + Header SHA256 digest: NOTFOUND + Header SHA1 digest: NOTFOUND Payload SHA256 digest: NOTFOUND Payload SHA256 ALT digest: NOTFOUND MD5 digest: NOTFOUND @@ -63,7 +63,6 @@ runroot rpmkeys -Kv /tmp/hello-c.rpm [0], [/tmp/hello-c.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK ], []) @@ -74,7 +73,6 @@ runroot rpmkeys -Kv /tmp/hello-uc.rpm [0], [/tmp/hello-uc.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 ALT digest: OK ], []) @@ -110,7 +108,6 @@ runroot rpmkeys -Kv /tmp/${pkg} [0], [/tmp/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK ], []) @@ -143,7 +140,7 @@ runroot rpmkeys -Kv /tmp/${pkg} [1], [/tmp/hello-2.0-1.x86_64.rpm: Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82) - Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba) + Header SHA1 digest: NOTFOUND Payload SHA256 digest: OK MD5 digest: NOTFOUND ], @@ -166,7 +163,6 @@ runroot rpmkeys -Kv /tmp/${pkg} [1], [/tmp/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc) Payload SHA256 ALT digest: NOTFOUND MD5 digest: NOTFOUND @@ -347,7 +343,6 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY Header DSA signature: NOTFOUND Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK RSA signature: NOTFOUND DSA signature: NOTFOUND @@ -360,7 +355,6 @@ Checking package after importing key: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: Header V4 RSA/SHA512 Signature, key ID 15217ee0: OK Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK 0 Checking package after importing key, no digest: @@ -374,7 +368,6 @@ Checking package after importing key, no digest: Checking package after importing key, no signature: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK 0 ]], @@ -408,7 +401,6 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY Header DSA signature: NOTFOUND Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK RSA signature: NOTFOUND DSA signature: NOTFOUND @@ -427,7 +419,6 @@ RPMOUTPUT_SEQUOIA([ because: Expired on 2022-04-12T00:00:15Z])dnl Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header DSA signature: NOTFOUND Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK RSA signature: NOTFOUND DSA signature: NOTFOUND @@ -447,7 +438,6 @@ RPMOUTPUT_SEQUOIA([ because: Expired on 2022-04-12T00:00:15Z])dnl Checking package after importing key, no signature: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK 0 ], @@ -481,7 +471,6 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOKEY Header DSA signature: NOTFOUND Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK RSA signature: NOTFOUND DSA signature: NOTFOUND @@ -498,7 +487,6 @@ RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 is invalid: key is revoked])dnl Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED Header DSA signature: NOTFOUND Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK RSA signature: NOTFOUND DSA signature: NOTFOUND @@ -516,7 +504,6 @@ RPMOUTPUT_SEQUOIA([ Key 1F71177215217EE0 is invalid: key is revoked])dnl Checking package after importing key, no signature: /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK 0 ], @@ -690,14 +677,12 @@ runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo [/data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm: Header V3 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK V3 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY 1 /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY 1 @@ -705,14 +690,12 @@ runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo /data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm: Header V3 RSA/SHA256 Signature, key ID 1964c5fc: OK Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK V3 RSA/SHA256 Signature, key ID 1964c5fc: OK 0 /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: OK 0 @@ -726,12 +709,10 @@ runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo 0 /data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK 0 /data/RPMS/hello-2.0-1.x86_64-signed.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK 0 ], @@ -763,7 +744,6 @@ RPMOUTPUT_SEQUOIA([ Failed to parse Signature Packet])dnl RPMOUTPUT_SEQUOIA([ because: Signature appears to be created by a non-conformant OpenPGP implementation, see .])dnl RPMOUTPUT_SEQUOIA([ because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))])dnl Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY /tmp/hello-2.0-1.x86_64-signed.rpm: @@ -773,7 +753,6 @@ RPMOUTPUT_SEQUOIA([ Failed to parse Signature Packet])dnl RPMOUTPUT_SEQUOIA([ because: Signature appears to be created by a non-conformant OpenPGP implementation, see .])dnl RPMOUTPUT_SEQUOIA([ because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))])dnl Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: OK ], @@ -801,14 +780,14 @@ runroot rpmkeys -Kv /tmp/${pkg} [/tmp/hello-2.0-1.x86_64-v3-signed.rpm: Header V3 RSA/SHA256 Signature, key ID 1964c5fc: BAD Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 63a0502eb7f5eaa07d43fe8fa805665b86e58d53db38ccf625bbbf01e3cd67ab) - Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != fe227d93273221c252c6bb45e67a8489fcb48f88) + Header SHA1 digest: NOTFOUND Payload SHA256 digest: OK V3 RSA/SHA256 Signature, key ID 1964c5fc: BAD MD5 digest: NOTFOUND /tmp/hello-2.0-1.x86_64-v3-signed.rpm: Header V3 RSA/SHA256 Signature, key ID 1964c5fc: BAD Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 63a0502eb7f5eaa07d43fe8fa805665b86e58d53db38ccf625bbbf01e3cd67ab) - Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != fe227d93273221c252c6bb45e67a8489fcb48f88) + Header SHA1 digest: NOTFOUND Payload SHA256 digest: OK V3 RSA/SHA256 Signature, key ID 1964c5fc: BAD MD5 digest: NOTFOUND @@ -836,14 +815,14 @@ runroot rpmkeys -Kv /tmp/${pkg} [/tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82) - Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba) + Header SHA1 digest: NOTFOUND Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD MD5 digest: NOTFOUND /tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82) - Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba) + Header SHA1 digest: NOTFOUND Payload SHA256 digest: OK V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD MD5 digest: NOTFOUND @@ -872,7 +851,6 @@ runroot rpmkeys -Kv /tmp/${pkg} [/tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc) Payload SHA256 ALT digest: NOTFOUND V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD @@ -880,7 +858,6 @@ runroot rpmkeys -Kv /tmp/${pkg} /tmp/hello-2.0-1.x86_64-signed.rpm: Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc) Payload SHA256 ALT digest: NOTFOUND V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD @@ -1095,7 +1072,6 @@ runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm [1], [/tmp/hello-2.0-1.x86_64.rpm: Header SHA256 digest: OK - Header SHA1 digest: OK Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc) Payload SHA256 ALT digest: NOTFOUND MD5 digest: NOTFOUND