Bug#478123: --verify option (incomplete patch, RFC)

Sun, 27 Apr 2008 04:01:33 -0700 

Package: dpkg
Version: 1.13.25
Severity: wishlist
Tags: patch

This is an incomplete patch for implementing a --verify option.  I'd like
to receive feedback before completing it, to make sure you're comfortable
with this approach.

The problem I find is, that there's no way to actually verify signatures
with the current scheme.  Given a .deb, dpkg will only verify the signature
(and fail when it is invalid) if a signature is found.  So you can defeat
this security scheme by simply feeding a .deb without any signature, and
dpkg will happily process it.

My proposal is that "--verify" forces dpkg to reject the deb unless a
signature is found (and is valid).

The only complication was making this coexist with current behaviour
(checking for signature when one is found, even if it wasn't requested,
etc).  I think the attached patch archieves this.  Please let me know if
it looks good so I can complete it and test it properly.

Thanks

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=ca_AD.UTF-8, LC_CTYPE=ca_AD.UTF-8 (charmap=UTF-8)

Versions of packages dpkg depends on:
ii  coreutils              5.97-5.3          The GNU core utilities
ii  libc6                  2.3.6.ds1-13etch5 GNU C Library: Shared libraries

dpkg recommends no packages.

-- no debconf information

--- ../dpkg-1.14.18.old/src/processarc.c	2008-04-09 08:35:17.000000000 +0200
+++ src/processarc.c	2008-04-27 12:38:05.000000000 +0200
@@ -136,8 +136,12 @@
     }
   }
   
+{
+  int sig_was_checked = 0, sig_is_good = 0;
+
   /* Verify the package. */
   if (!f_nodebsig && (stat(DEBSIGVERIFY, &stab)==0)) {
+    sig_was_checked = 1;
     printf(_("Authenticating %s ...\n"), filename);
     fflush(stdout);
     c1 = m_fork();
@@ -148,16 +152,22 @@
       int status;
       waitpid(c1, &status, 0);
       if (!(WIFEXITED(status) && WEXITSTATUS(status) == 0)) {
-	if (! fc_badverify) {
-	  ohshit(_("Verification on package %s failed!"), filename);
-	} else {
-	  fprintf(stderr, _("Verification on package %s failed,\nbut installing anyway as you request.\n"), filename);
-	}
+	printf(_("failed\n"));
       } else {
+	sig_is_good = 1;
 	printf(_("passed\n"));
       }
     }
   }
+
+  if (! sig_is_good) {
+    if (f_verify || (sig_was_checked && ! fc_badverify)) {
+      ohshit(_("Verification on package %s failed!"), filename);
+    } else if (sig_was_checked) {
+      fprintf(stderr, _("Verification on package %s failed,\nbut installing anyway as you request.\n"), filename);
+    }
+  }
+}
     
 
   if (f_noact) {

Reply via email to