Bug#723763: monkeysign should not sign revoked uids

2016-09-01 Thread anarcat 
On Thu, Sep 01, 2016 at 11:11:57AM -0400, Antoine Beaupré wrote:
> On 2016-08-01 17:53:11, Antoine Beaupré wrote:
> > Control: tags -1 +moreinfo
> >
> > Could you provide unit tests coverage for this and verify that the tests
> > pass after the patch is applied?
> 
> Also, after discussing with the Geysigning people, it seems that I
> missed another patch that was already made here:
> 
> https://lists.riseup.net/www/arc/monkeysphere/2015-02/msg9.html
> 
> It seems that his patchset is a little more complete, although it still
> doesn't feature unit tests, which I would prefer to have before merging
> this in.
> 
> Please consider reviewing his work before going forward - it seems that
> running --list-keys twice is necessary, unless we're running GPG 2.1
> (which I am starting to think we should depend on :/).

Sigh... disregard that - the above patches make sure that we don't sign
*with* revoked keys - a different issue (which I'll track in #766129).

a.
-- 
L'homme construit des maisons parce qu'il est vivant, mais il écrit des
livres parce qu'il se sait mortel.
- Daniel Pennac, Comme un roman


signature.asc
Description: Digital signature

Bug#723763: monkeysign should not sign revoked uids

2016-09-01 Thread Antoine Beaupré 
On 2016-08-01 17:53:11, Antoine Beaupré wrote:
> Control: tags -1 +moreinfo
>
> Could you provide unit tests coverage for this and verify that the tests
> pass after the patch is applied?

Also, after discussing with the Geysigning people, it seems that I
missed another patch that was already made here:

https://lists.riseup.net/www/arc/monkeysphere/2015-02/msg9.html

It seems that his patchset is a little more complete, although it still
doesn't feature unit tests, which I would prefer to have before merging
this in.

Please consider reviewing his work before going forward - it seems that
running --list-keys twice is necessary, unless we're running GPG 2.1
(which I am starting to think we should depend on :/).

A.

-- 
Any sufficiently advanced technology is indistinguishable from magic.
- Arthur C. Clarke

Bug#723763: monkeysign should not sign revoked uids

2016-08-07 Thread Antoine Beaupré 
On 2016-08-06 17:09:11, Nicholas D Steeves wrote:
> Hi Antoine,
>
> I think by default Monkeysign still signs revoked keys and sends
> emails to addresses that might no longer be active.  I just ran a
> monkeysign 7B75921E, and I think you have received a signed key for a
> few of your revoked ones.

Yes, the bug is definitely still not fixed. Jerome sent a patch for this
(in cc), available here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723763#35

The patch is incomplete: we need unit test coverage for it, and just
make sure it passes tests.

But you could try it out and report if it works for you, that would
certainly be useful! :)

Thanks for the feedback,

A.

-- 
It is a miracle that curiosity survives formal education
- Albert Einstein

Bug#723763: monkeysign should not sign revoked uids

2016-08-06 Thread Nicholas D Steeves 
Control: found -1 monkeysign/2.0.2

Hi Antoine,

I think by default Monkeysign still signs revoked keys and sends
emails to addresses that might no longer be active.  I just ran a
monkeysign 7B75921E, and I think you have received a signed key for a
few of your revoked ones.

Cheers,
Nicholas

Bug#723763: monkeysign should not sign revoked uids

2016-08-01 Thread Antoine Beaupré 
Control: tags -1 +moreinfo

Could you provide unit tests coverage for this and verify that the tests
pass after the patch is applied?

Thanks!
-- 
Never attribute to malice that which can be adequately explained by
stupidity, but don't rule out malice.
 - Albert Einstein

Bug#723763: monkeysign should not sign revoked uids

2016-07-19 Thread Jerome Charaoui 
tags patch
thanks

Please review the attached patches fixing the two issues mentioned in
this thread:

* Remove revoked uids from keys before processing
* Refuse to sign on a revoked primary key

Thanks!

-- Jerome
From a78ebe82bd16f228f1649790f03e0f91e66cbf2c Mon Sep 17 00:00:00 2001
From: Jerome Charaoui 
Date: Tue, 19 Jul 2016 16:38:47 -0400
Subject: [PATCH 2/2] Refuse to sign a revoked primary key.

---
 monkeysign/ui.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/monkeysign/ui.py b/monkeysign/ui.py
index 6b34eb9..1289bcd 100644
--- a/monkeysign/ui.py
+++ b/monkeysign/ui.py
@@ -292,6 +292,9 @@ work.
 self.log(_('found %d keys matching your request') % len(keys))
 
 for key in keys:
+if keys[key].trust == 'r':
+self.log(_('not signing revoked key %s') % keys[key].keyid())
+continue
 alluids = self.yes_no(_("""\
 Signing the following key
 
-- 
2.8.1

From a94a87e8a99b95b158dc4557ab74118d0e4b2072 Mon Sep 17 00:00:00 2001
From: Jerome Charaoui 
Date: Tue, 19 Jul 2016 15:12:55 -0400
Subject: [PATCH 1/2] Always delete revoked UIDs (closes #723763)

Finds and deletes all revoked UIDs after finding
a public key.
---
 monkeysign/gpg.py |  2 +-
 monkeysign/ui.py  | 13 +
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/monkeysign/gpg.py b/monkeysign/gpg.py
index 456cf3b..1350ed6 100644
--- a/monkeysign/gpg.py
+++ b/monkeysign/gpg.py
@@ -434,7 +434,7 @@ class Keyring():
 # end of copy-paste from sign_key()
 self.context.write(proc.stdin, 'deluid')
 self.context.expect(proc.stderr, 'GOT_IT')
-self.context.expect(proc.stderr, 'GET_BOOL keyedit.remove.uid.okay')
+self.context.expect(proc.stderr, r'GET_LINE keyedit.prompt|GET_BOOL keyedit.remove.uid.okay')
 self.context.write(proc.stdin, 'y')
 self.context.expect(proc.stderr, 'GOT_IT')
 self.context.expect(proc.stderr, 'GET_LINE keyedit.prompt')
diff --git a/monkeysign/ui.py b/monkeysign/ui.py
index c9b6a30..6b34eb9 100644
--- a/monkeysign/ui.py
+++ b/monkeysign/ui.py
@@ -243,6 +243,19 @@ this should not interrupt the flow of the program, but must be visible to the us
 if not self.tmpkeyring.fetch_keys(self.pattern):
 self.abort(_('could not find key %s in your keyring or keyservers') % self.pattern)
 
+"""we should never sign a revoked UID"""
+self.del_revoked_uids()
+
+def del_revoked_uids(self):
+"""this will remove all revoked UIDs"""
+for fpr, key in self.tmpkeyring.get_keys().iteritems():
+todelete = []
+for uid in key.uids.values():
+if uid.trust == 'r':
+todelete.append(uid.uid)
+for uid in todelete:
+self.tmpkeyring.del_uid(fpr, uid)
+
 def copy_secrets(self):
 """import secret keys (but only the public part) from your keyring
 
-- 
2.8.1



signature.asc
Description: OpenPGP digital signature

Bug#723763: monkeysign should not sign revoked uids

2013-10-16 Thread Philip Jägenstedt 
On Sat, 2013-10-05 at 16:27 -0400, Antoine Beaupré wrote:
 On 2013-09-19 12:23:14, Philip Jägenstedt wrote:
  It looks like monkeysign doesn't care that a uid is
  revoked, it signs and sends out an email anyway.
 
  Could probably be fixed by first cleaning the key.
 
  (Also need to check that monkeysign won't sign a
  uid where the master key is revoked.)
 
 This is a known issue: revoked, expired, disabled or invalid keys are
 not detected by the underlying gpg library.
 
 This is especially a problem when listing private keys because gpg, in
 all its wizdom, doesn't actually provide those details in the key
 listing.
 
 You can see it for yourself here:
 
 anarcat@angela:monkeysign[dev/ux]*$ LANG=C gpg --list-secret-keys 4023702F
 sec   1024D/4023702F 2005-03-08 [expired: 2010-03-12]
 uid  The Anarcat anar...@anarcat.ath.cx
 uid  The Anarcat anar...@koumbit.org
 uid  Antoine Beaupré anto...@koumbit.org
 ssb   2048g/EB8D47BB 2005-03-08 [expires: 2010-03-12]
 
 anarcat@angela:monkeysign[dev/ux]*$ LANG=C gpg --list-keys 4023702F
 pub   1024D/4023702F 2005-03-08 [revoked: 2005-03-11]
 uid  The Anarcat anar...@anarcat.ath.cx
 uid  The Anarcat anar...@koumbit.org
 uid  Antoine Beaupré anto...@koumbit.org
 
 Notice how the secret key listing doesn't mention the key is revoked...
 
 But you are right, this should be fixed.

I looks to me --with-colons will show both revocation of the public keys
and uids, e.g. here's my old revoked key:

pub:r:1024:17:C8D53F30F42163A4:2006-08-25:::-:Philip Jägenstedt
phi...@foolip.org::sca:
uid:r2008-06-30::FB9A4CAE39D8CE6BADFFF3E7D87D69568335E1FD::Philip
Jägenstedt phil...@opera.com:
sub:r:1024:16:2D587BA5340611CA:2006-08-25::e:

It's true that --list-secret-keys --with-colons doesn't show which uids
are revoked, but I don't think that's relevant when trying to determine
(programatically) whether or not the key/uid is revoked/expired.

Philip 


signature.asc
Description: This is a digitally signed message part

Bug#723763: monkeysign should not sign revoked uids

2013-10-16 Thread Antoine Beaupré 
On 2013-10-16 15:28:46, Philip Jägenstedt wrote:
 I looks to me --with-colons will show both revocation of the public keys
 and uids, e.g. here's my old revoked key:

 pub:r:1024:17:C8D53F30F42163A4:2006-08-25:::-:Philip Jägenstedt
 phi...@foolip.org::sca:
 uid:r2008-06-30::FB9A4CAE39D8CE6BADFFF3E7D87D69568335E1FD::Philip
 Jägenstedt phil...@opera.com:
 sub:r:1024:16:2D587BA5340611CA:2006-08-25::e:

That looks like the --list-keys output, not --list-secret-keys.

 It's true that --list-secret-keys --with-colons doesn't show which uids
 are revoked, but I don't think that's relevant when trying to determine
 (programatically) whether or not the key/uid is revoked/expired.

So yes, it's possible to extract that information, but that would
involve re-running --list-keys for every secret key imported, really
annoying.

A.

-- 
Semantics is the gravity of abstraction.


pgpM_a7G7fFax.pgp
Description: PGP signature

Bug#723763: monkeysign should not sign revoked uids

2013-10-16 Thread Philip Jägenstedt 
On Wed, 2013-10-16 at 15:44 -0400, Antoine Beaupré wrote:
 On 2013-10-16 15:28:46, Philip Jägenstedt wrote:
  I looks to me --with-colons will show both revocation of the public keys
  and uids, e.g. here's my old revoked key:
 
  pub:r:1024:17:C8D53F30F42163A4:2006-08-25:::-:Philip Jägenstedt
  phi...@foolip.org::sca:
  uid:r2008-06-30::FB9A4CAE39D8CE6BADFFF3E7D87D69568335E1FD::Philip
  Jägenstedt phil...@opera.com:
  sub:r:1024:16:2D587BA5340611CA:2006-08-25::e:
 
 That looks like the --list-keys output, not --list-secret-keys.

Indeed it is.

  It's true that --list-secret-keys --with-colons doesn't show which uids
  are revoked, but I don't think that's relevant when trying to determine
  (programatically) whether or not the key/uid is revoked/expired.
 
 So yes, it's possible to extract that information, but that would
 involve re-running --list-keys for every secret key imported, really
 annoying.

I don't understand, why is --list-secret-keys involved at all when
inspecting the key you're signing? Signing your own keys using
monkeysign sounds a bit weird, is that supported?

Philip


signature.asc
Description: This is a digitally signed message part

Bug#723763: monkeysign should not sign revoked uids

2013-10-16 Thread Antoine Beaupré 
On 2013-10-16 15:49:29, Philip Jägenstedt wrote:
 On Wed, 2013-10-16 at 15:44 -0400, Antoine Beaupré wrote:
 On 2013-10-16 15:28:46, Philip Jägenstedt wrote:
  I looks to me --with-colons will show both revocation of the public keys
  and uids, e.g. here's my old revoked key:
 
  pub:r:1024:17:C8D53F30F42163A4:2006-08-25:::-:Philip Jägenstedt
  phi...@foolip.org::sca:
  uid:r2008-06-30::FB9A4CAE39D8CE6BADFFF3E7D87D69568335E1FD::Philip
  Jägenstedt phil...@opera.com:
  sub:r:1024:16:2D587BA5340611CA:2006-08-25::e:
 
 That looks like the --list-keys output, not --list-secret-keys.

 Indeed it is.

  It's true that --list-secret-keys --with-colons doesn't show which uids
  are revoked, but I don't think that's relevant when trying to determine
  (programatically) whether or not the key/uid is revoked/expired.
 
 So yes, it's possible to extract that information, but that would
 involve re-running --list-keys for every secret key imported, really
 annoying.

 I don't understand, why is --list-secret-keys involved at all when
 inspecting the key you're signing? Signing your own keys using
 monkeysign sounds a bit weird, is that supported?

Oh, wait - I was confused by another unrelated issue: monkeysign allows
you to sign keys *with* a revoked secret key...

So yes, you are right...

A.

-- 
Le péché est né avant la vertu, comme le moteur avant le frein.
 - Jean-Paul Sartre


pgpdUnyQCVetr.pgp
Description: PGP signature

Bug#723763: monkeysign should not sign revoked uids

2013-10-05 Thread Antoine Beaupré 
On 2013-09-19 12:23:14, Philip Jägenstedt wrote:
 It looks like monkeysign doesn't care that a uid is
 revoked, it signs and sends out an email anyway.

 Could probably be fixed by first cleaning the key.

 (Also need to check that monkeysign won't sign a
 uid where the master key is revoked.)

This is a known issue: revoked, expired, disabled or invalid keys are
not detected by the underlying gpg library.

This is especially a problem when listing private keys because gpg, in
all its wizdom, doesn't actually provide those details in the key
listing.

You can see it for yourself here:

anarcat@angela:monkeysign[dev/ux]*$ LANG=C gpg --list-secret-keys 4023702F
sec   1024D/4023702F 2005-03-08 [expired: 2010-03-12]
uid  The Anarcat anar...@anarcat.ath.cx
uid  The Anarcat anar...@koumbit.org
uid  Antoine Beaupré anto...@koumbit.org
ssb   2048g/EB8D47BB 2005-03-08 [expires: 2010-03-12]

anarcat@angela:monkeysign[dev/ux]*$ LANG=C gpg --list-keys 4023702F
pub   1024D/4023702F 2005-03-08 [revoked: 2005-03-11]
uid  The Anarcat anar...@anarcat.ath.cx
uid  The Anarcat anar...@koumbit.org
uid  Antoine Beaupré anto...@koumbit.org

Notice how the secret key listing doesn't mention the key is revoked...

But you are right, this should be fixed.

A.
-- 
That's one of the remarkable things about life: it's never so bad that
it can't get worse.
- Calvin


pgpDtUWYi0aLQ.pgp
Description: PGP signature

Bug#723763: monkeysign should not sign revoked uids

2013-09-19 Thread Philip Jägenstedt 
Package: monkeysign
Version: 1.0
Severity: important

It looks like monkeysign doesn't care that a uid is
revoked, it signs and sends out an email anyway.

Could probably be fixed by first cleaning the key.

(Also need to check that monkeysign won't sign a
uid where the master key is revoked.)

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.10-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages monkeysign depends on:
ii  gnupg   1.4.14-1
ii  python  2.7.5-4

Versions of packages monkeysign recommends:
ii  python-gtk2   2.24.0-3+b1
ii  python-qrencode   1.01-2+b1
ii  python-zbar   0.10+doc-9+b1
ii  python-zbarpygtk  0.10+doc-9+b1

monkeysign suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org