RFC: apt_deb channel gpg authentication handling

Michael Vogt mvogt at acm.org
Mon Jun 12 09:08:35 PDT 2006


Dear Friends,

Today I had a bit of time to play with smart in ubuntu :) I had a
look at the authentication handling for the apt_deb channels.

I would like to improve the gpg verification handling in the apt_deb
smart channel. Currently it works by checking a given list of
fingerprints against the Release.gpg. The list of availalbe keys is
obtained from the gpg keyring of the current user runing smart.

I would like to change this as follow:
* Have the keys in /etc/smart/keys (or a similar name) 
* Provide a smart-key [add|rm|list] utility (similar to the one in
  current debian-apt) to manipulate the list keys
* If no value is given in the "fingerprint" field assume any valid
  signature from a key in /etc/smart/keys is enough to verify the 
  channel, if a value is given, that value must be matched
* only skip signature checking if:
  - /etc/smart/keys is empty
  - a special "NO_AUTHENTICATE" flag is set (either via a magic value
    in the fingerprint field or a new flag in the channel)

This makes it more consitent with how the current debian-apt
authentication support works. I'm also pondering if I should add a
sysconf variable for this ("strict-apt-channel-gpg-checking" or
something like this). So that people/distros how do not want it can
turn it off. OTOH I maintain both the debian and ubuntu package and
would enable it for both distros :) What do the others think about
this?

I would also like (in medium/longer term) to always warn if a package
from a non-authenticated source is marked for install if there are any
authenticated packages available. The idea here is that a single
non-authenticated package can undermine the authentication system
because maintainer scripts are run as root and can possibly do
anything. Opinions on this are welcome too :)

Cheers,
 Michael

-- 
Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo



More information about the Smart mailing list