Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RPM distrusts signatures done by previous versions of prolonged keys #50

Closed
praiskup opened this issue Aug 17, 2023 · 39 comments · Fixed by #52
Closed

RPM distrusts signatures done by previous versions of prolonged keys #50

praiskup opened this issue Aug 17, 2023 · 39 comments · Fixed by #52

Comments

@praiskup
Copy link
Member

praiskup commented Aug 17, 2023

In Copr, we "prolong" the expiration time of GPG keys with gpg --edit-key, with expire => 5y => save commands. See the Copr issue for more info. After this action, RPM stops trusting all the signatures done before the time of gpg --edit-key action, if checked with the updated pub key.

Steps to reproduce with prebuilt packages in Fedora Copr:

  1. Import the key, note the validity seems to be from 2019-08-15 to 2028-08-12:

    $ curl https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/pubkey.gpg > the-key
    $ gpg the-key
    gpg: WARNING: no command supplied.  Trying to guess what you mean ...
    pub   rsa2048 2019-08-15 [SCEA] [expires: 2028-08-12]
          3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456
    uid           iucar_cran (None) <iucar#[email protected]>
    $ rpm --import the-key
    
  2. Verify the key:

    $ rpm -v -K https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm
    https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm:
    error: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
      1. Certificate 9D60CBB71A3B4456 invalid: policy violation
          because: No binding signature at time 2023-08-11T08:00:22Z
      2. Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
    error: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
      1. Certificate 9D60CBB71A3B4456 invalid: policy violation
          because: No binding signature at time 2023-08-11T08:00:22Z
      2. Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
        Header V4 RSA/SHA256 Signature, key ID 1a3b4456: NOTTRUSTED
        Header SHA256 digest: OK
        Header SHA1 digest: OK
        Payload SHA256 digest: OK
        V4 RSA/SHA256 Signature, key ID 1a3b4456: NOTTRUSTED
        MD5 digest: OK
    

It is not quite obvous what to do about this. This seems like a too pedantic
policy requirement, or is the key prolonged a wrong way?

Reproducible both with Rawhide and 38. But the RPM package versions on Rawhide are here:

rpm-sequoia-1.4.1-2.fc39.x86_64
rpm-libs-4.18.92-1.fc39.x86_64
rpm-build-libs-4.18.92-1.fc39.x86_64
rpm-sign-libs-4.18.92-1.fc39.x86_64
python3-rpm-4.18.92-1.fc39.x86_64
rpm-4.18.92-1.fc39.x86_64

The files related to this bugreport.

@Enchufa2

This comment was marked as outdated.

@pmatilai
Copy link
Member

Yep, see #46

@pmatilai pmatilai transferred this issue from rpm-software-management/rpm Aug 17, 2023
@pmatilai
Copy link
Member

pmatilai commented Aug 17, 2023

This is of course basically a duplicate of #46, but...

This issue keeps popping up from many directions. As long as the predominant life-form in this field (gpg, to be clear) is stripping the old key when postponing expiry, in what appears to be the documented way of doing so, I don't think we can really swipe it under the "legacy" carpet.

@Enchufa2
Copy link

#46 was due to the use of SHA1, right? But the linter doesn't report anything wrong in this case.

@pmatilai
Copy link
Member

Oh, there was an SHA1 somewhere in there as well, but the key expiry thing was the big deal there too. But this ticket with the reproducer steps makes it nice and clear.

@Enchufa2
Copy link

So would you mind summarizing what's wrong with the prolonging of this key? Is this not allowed anymore? What should Copr do? It's not clear to me what's the expiry thing from reading #46, sorry.

@pmatilai
Copy link
Member

pmatilai commented Aug 17, 2023

Basically it's GPG and Sequoia disagreeing over RFC-4880 interpretation.

And as I already said here and in #46 (comment), I do think rpm-sequoia really just needs to accept the result as an OK (rather than legacy untrusted). Not because one interpretation is right and the other wrong, but because real-world usage requires it (not entirely unlike the situation with v3 signatures). It's not like accepting such signatures introduces some gigantic risk in the rpm context.

@Enchufa2
Copy link

Then, if this was fixed in rpm-sequoia 1.4.1, and this version is present in f38, why do we still get this issue?

@pmatilai
Copy link
Member

It's there in the ticket & PR details, but basically 1.4.1 changed the behavior to consider such packages "untrusted" rather than simply fail. It helps upgrading away from such packages which is enough for legacy packages, but this is not such a case really.

@Enchufa2
Copy link

Enchufa2 commented Aug 17, 2023

In F38, reverting this backport would workaround the issue. And OBS has the same issue as Copr, see e.g. openrazer/openrazer#2098.

@praiskup
Copy link
Member Author

I can see this output from gpg pub rsa2048 2019-08-15 [SCEA] [expires: 2028-08-12]. So there' is some additional info about the believed beginning of the key validity. Isn't that date anyhow useful to potentially "relax" the RPM rules for reporting invalid signatures?

@Enchufa2
Copy link

Note that verification works by downgrading rpm on f38 to version 4.18.1-1.fc38.

In F38, reverting this backport would workaround the issue.

No, this doesn't help. Maybe I saw that the error messages were missing but didn't see the GPG check FAILED at the end in my previous test? Sorry for the noise anyway.

@praiskup
Copy link
Member Author

praiskup commented Aug 17, 2023

You might be confused by having the older pubkey imported, as discussed here fedora-copr/copr#2878. Aka "importing the older pubkey" (not prolonged, but still valid, expires next year):

$ rpm -e gpg-pubkey-1a3b4456-5d54ab50 # remove the "new key" from the original reproducer
$ rpm --import https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/old-pubkey.gpg
$ rpm -K -v https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm
https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm:
    Header V4 RSA/SHA256 Signature, key ID 1a3b4456: OK
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: OK
    V4 RSA/SHA256 Signature, key ID 1a3b4456: OK
    MD5 digest: OK

This is though a bit unexpected. That RPM has been signed off by the updated/prolonged keypair, and RPM accepts it even with the old key installed:

$ rpm -K -v https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CRAN-YTAnalytics-0.0.4-1.fc39.copr6310497.noarch.rpm
https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CRAN-YTAnalytics-0.0.4-1.fc39.copr6310497.noarch.rpm:
    Header V4 RSA/SHA256 Signature, key ID 1a3b4456: OK
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: OK
    V4 RSA/SHA256 Signature, key ID 1a3b4456: OK
    MD5 digest: OK

@praiskup
Copy link
Member Author

Another problem we might have is that rpm --import doesn't update the key in DB (it has the same %{NAME}), it simply keeps the previous one in DB.

@praiskup
Copy link
Member Author

@Jakuje there was a relevant discussion in #46, but I don't think GPG maintainers were involved.
Isn't there a way to prolong keys with gpg --edit-key and expire without stripping the old signature from it?

@mlschroe how do you eventually handle this in SUSE, considering you depend on rpm-sequoia and you probably prolong keys/signatures the way we do? Have you relaxed some policies in the distro?

@nwalfield
Copy link
Collaborator

I was only vacation the previous few weeks and I'm only now catching up.

Basically it's GPG and Sequoia disagreeing over RFC-4880 interpretation.

And as I already said here and in #46 (comment), I do think rpm-sequoia really just needs to accept the result as an OK (rather than legacy untrusted). Not because one interpretation is right and the other wrong, but because real-world usage requires it (not entirely unlike the situation with v3 signatures). It's not like accepting such signatures introduces some gigantic risk in the rpm context.

When canonicalizing an OpenPGP certificate, GnuPG considers the newest self signature. This means that the validity of a data signature may change when a new self signature is introduced. Image Alice sends a signed message to Bob saying: "I owe you 100 Euro". She could create a new self signature that says that the signing key does not have the signing capability, which would invalidate the signature. Sequoia uses the self signature that was live at the time that the signature was generated. This makes the above harder (although not impossible). The point is less about security and more about consistency and robustness; users find it surprising when a signature that was once valid is suddenly considered invalid.

Given the practical problems, I'll change rpm-sequoia to accept self-signatures created after the data signature was generated.

@pmatilai
Copy link
Member

Sounds good. Hope you enjoyed your vacation!

nwalfield added a commit that referenced this issue Aug 24, 2023
  - When we verify a data signature, we canonicalize the signer's
    certificate to look as it did at the time of the data signature.

  - When exporting a certificate, GnuPG strips old self signatures.

  - This means that when a certificate's expiration time is extended,
    say, we are no longer able to verify old data signatures, because
    the certificate is not considered to be valid as of the data
    signature's creation time!

  - Relax this requirement.  Also allow a certificate, if it can be
    canonicalized as of the current time.

  - Fixes #50.
@nwalfield
Copy link
Collaborator

I'd be happy if someone (@praiskup, perhaps?) could confirm that #52 fixes the issue.

@nwalfield
Copy link
Collaborator

Sounds good. Hope you enjoyed your vacation!

It was great, thanks! 2 of 4 of us came back with corona, though :D.

@praiskup
Copy link
Member Author

From what I can tell, patch from #52 doesn't help (applied the patch on top of Fedora Rawhide package) in dnf copr enable praiskup/rpm-sequoia-prolonging-signatures (copr build):

error: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  1. Certificate 9D60CBB71A3B4456 invalid: policy violation
      because: No binding signature at time 2023-04-21T11:37:22Z
  2. Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.

@praiskup
Copy link
Member Author

Yeah, but I may be doing something wrong. Is the one-liner from #52 supposed to just work on top of v1.4.1?

@nwalfield
Copy link
Collaborator

My theory was that #52 is enough to fix the issue. There's only one other commit since 1.4.1 and that has to do with CI, so it is not relevant here.

The Verifying a signature... message that you see is from here:

    let r = pgp_verify_signature(key, sig, ctx, &mut lints);

    // Return any lint / error messages.
    if lints.len() > 0 {
        let mut s: String = if let Some(key) = key {
            format!(
                "Verifying a signature using certificate {} ({}):",

You can see that the lint is returned even if pgp_verify_signature returns success.

rpm should emit the lint unconditionally, but will change the log level accordingly:

	rc = pgpVerifySignature2(pgpkey, sig, ctx, &lints);
	if (lints) {
	    rpmlog(rc ? RPMLOG_ERR : RPMLOG_WARNING, "%s\n", lints);

I think RPMLOG_WARNING doesn't emit the error: prefix, so it looks like pgpVerifySignature2 is returning an error for some reason that I don't yet understand.

It would be helpful if you could provide the certificate as it is on your system and ideally a link to a package that I can use to recreate the issue.

Thanks for helping to debug this, @praiskup!

@praiskup
Copy link
Member Author

It would be helpful if you could provide the certificate as it is on your system and ideally a link to a package that I can use to recreate the issue.

I believe the original reproducer helps here:

[root@fe5fe87a0758 /]# rpm --import https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/pubkey.gpg 
[root@fe5fe87a0758 /]# rpm -K https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm
https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm:error: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  1. Certificate 9D60CBB71A3B4456 invalid: policy violation
      because: No binding signature at time 2023-08-11T08:00:22Z
  2. Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
error: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  1. Certificate 9D60CBB71A3B4456 invalid: policy violation
      because: No binding signature at time 2023-08-11T08:00:22Z
  2. Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
 digests SIGNATURES NOT OK

Throws error as well, not warning. Perhaps @pmatilai can comment on the rpmVerifySignature2 return value?

@nwalfield
Copy link
Collaborator

@praiskup, thanks for investigating this and reposting the reproducer.

I updated the PR. Here's what I see on Fedora 38:

$ sudo bash -c 'rpm -v -K https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm'
https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm:
    Header V4 RSA/SHA256 Signature, key ID 1a3b4456: BAD
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: OK
    V4 RSA/SHA256 Signature, key ID 1a3b4456: BAD
    MD5 digest: OK
$ sudo bash -c 'LD_PRELOAD=/home/neal/rpm-sequoia/target/release/librpm_sequoia.so rpm -v -K https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm'
https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm:
    Header V4 RSA/SHA256 Signature, key ID 1a3b4456: OK
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: OK
    V4 RSA/SHA256 Signature, key ID 1a3b4456: OK
    MD5 digest: OK

Can you please test that this fixes the issue. Thanks!

@praiskup
Copy link
Member Author

I rebuilt the updated package in dnf copr enable praiskup/rpm-sequoia-prolonging-signatures, and it seems to work fine now. Thank you for the update!

$ [root@a7e4a30f1c90 /]# rpm -v -K https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm
https://download.copr.fedorainfracloud.org/archive/issues/copr-issue-2878/R-CoprManager-0.5.4-1.fc38.copr6265747.noarch.rpm:
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
    Header V4 RSA/SHA256 Signature, key ID 1a3b4456: OK
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: OK
    V4 RSA/SHA256 Signature, key ID 1a3b4456: OK
    MD5 digest: OK

The situation with warning: makes RPM veeery verbose:

$ dnf -y install python3-dnf-plugins-core
$ dnf -y copr enable iucar/cran
$ dnf -y install R-CRAN-cornet
Last metadata expiration check: 0:03:48 ago on Mon Aug 28 09:02:21 2023.
Dependencies resolved.
============================================================================================================================================================================================================================================
 Package                                            Architecture                             Version                                                      Repository                                                                   Size
============================================================================================================================================================================================================================================
Installing:
 R-CRAN-cornet                                      noarch                                   0.0.9-1.fc38.copr6268007                                     copr:copr.fedorainfracloud.org:iucar:cran                                   108 k
Installing dependencies:
 R-CRAN-Matrix                                      x86_64                                   1.6.1-1.fc38.copr6276379                                     copr:copr.fedorainfracloud.org:iucar:cran                                   4.2 M
 R-CRAN-Rcpp                                        x86_64                                   1.0.11-1.fc38.copr6148288                                    copr:copr.fedorainfracloud.org:iucar:cran                                   2.0 M
 R-CRAN-codetools                                   noarch                                   0.2.19-1.fc38.copr5814825                                    copr:copr.fedorainfracloud.org:iucar:cran                                   102 k
 R-CRAN-foreach                                     noarch                                   1.5.2-1.fc38.copr5815655                                     copr:copr.fedorainfracloud.org:iucar:cran                                   142 k
 R-CRAN-glmnet                                      x86_64                                   4.1.8-1.fc38.copr6335907                                     copr:copr.fedorainfracloud.org:iucar:cran                                   1.9 M
 R-CRAN-iterators                                   noarch                                   1.0.14-1.fc38.copr5812211                                    copr:copr.fedorainfracloud.org:iucar:cran                                   348 k
 R-CRAN-lattice                                     x86_64                                   0.21.8-1.fc38.copr5814828                                    copr:copr.fedorainfracloud.org:iucar:cran                                   1.4 M
 R-CRAN-palasso                                     noarch                                   0.0.8-1.fc38.copr5821654                                     copr:copr.fedorainfracloud.org:iucar:cran                                   192 k
 R-CRAN-shape                                       noarch                                   1.4.6-1.fc38.copr5812421                                     copr:copr.fedorainfracloud.org:iucar:cran                                   775 k
 R-CRAN-survival                                    x86_64                                   3.5.7-1.fc38.copr6276404                                     copr:copr.fedorainfracloud.org:iucar:cran                                   6.0 M
 R-littler                                          x86_64                                   0.3.18-4.fc38                                                updates                                                                      76 k

Transaction Summary
============================================================================================================================================================================================================================================
Install  12 Packages

Total download size: 17 M
Installed size: 32 M
Is this ok [y/N]: y
Downloading Packages:
(1/12): R-CRAN-Rcpp-1.0.11-1.fc38.copr6148288.x86_64.rpm                                                                                                                                                    1.8 MB/s | 2.0 MB     00:01    
(2/12): R-CRAN-codetools-0.2.19-1.fc38.copr5814825.noarch.rpm                                                                                                                                                83 kB/s | 102 kB     00:01    
(3/12): R-CRAN-cornet-0.0.9-1.fc38.copr6268007.noarch.rpm                                                                                                                                                   132 kB/s | 108 kB     00:00    
(4/12): R-CRAN-foreach-1.5.2-1.fc38.copr5815655.noarch.rpm                                                                                                                                                  181 kB/s | 142 kB     00:00    
(5/12): R-CRAN-Matrix-1.6.1-1.fc38.copr6276379.x86_64.rpm                                                                                                                                                   1.7 MB/s | 4.2 MB     00:02    
(6/12): R-CRAN-iterators-1.0.14-1.fc38.copr5812211.noarch.rpm                                                                                                                                               547 kB/s | 348 kB     00:00    
(7/12): R-CRAN-glmnet-4.1.8-1.fc38.copr6335907.x86_64.rpm                                                                                                                                                   1.9 MB/s | 1.9 MB     00:01    
(8/12): R-CRAN-palasso-0.0.8-1.fc38.copr5821654.noarch.rpm                                                                                                                                                  280 kB/s | 192 kB     00:00    
(9/12): R-CRAN-lattice-0.21.8-1.fc38.copr5814828.x86_64.rpm                                                                                                                                                 1.7 MB/s | 1.4 MB     00:00    
(10/12): R-CRAN-shape-1.4.6-1.fc38.copr5812421.noarch.rpm                                                                                                                                                   574 kB/s | 775 kB     00:01    
(11/12): R-littler-0.3.18-4.fc38.x86_64.rpm                                                                                                                                                                  48 kB/s |  76 kB     00:01    
(12/12): R-CRAN-survival-3.5.7-1.fc38.copr6276404.x86_64.rpm                                                                                                                                                2.9 MB/s | 6.0 MB     00:02    
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                                                       3.1 MB/s |  17 MB     00:05     
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                                                    1/1 
  Installing       : R-littler-0.3.18-4.fc38.x86_64                                                                                                                                                                                    1/12 
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.

  Installing       : R-CRAN-Rcpp-1.0.11-1.fc38.copr6148288.x86_64                                                                                                                                                                      2/12 
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.

  Installing       : R-CRAN-shape-1.4.6-1.fc38.copr5812421.noarch                                                                                                                                                                      3/12 
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.

  Installing       : R-CRAN-lattice-0.21.8-1.fc38.copr5814828.x86_64                                                                                                                                                                   4/12 
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.

  Installing       : R-CRAN-Matrix-1.6.1-1.fc38.copr6276379.x86_64                                                                                                                                                                     5/12 
  Installing       : R-CRAN-survival-3.5.7-1.fc38.copr6276404.x86_64                                                                                                                                                                   6/12 
  Installing       : R-CRAN-iterators-1.0.14-1.fc38.copr5812211.noarch                                                                                                                                                                 7/12 
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.

  Installing       : R-CRAN-codetools-0.2.19-1.fc38.copr5814825.noarch                                                                                                                                                                 8/12 
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.

  Installing       : R-CRAN-foreach-1.5.2-1.fc38.copr5815655.noarch                                                                                                                                                                    9/12 
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.

  Installing       : R-CRAN-glmnet-4.1.8-1.fc38.copr6335907.x86_64                                                                                                                                                                    10/12 
  Installing       : R-CRAN-palasso-0.0.8-1.fc38.copr5821654.noarch                                                                                                                                                                   11/12 
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.

  Installing       : R-CRAN-cornet-0.0.9-1.fc38.copr6268007.noarch                                                                                                                                                                    12/12 
warning: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  Certificate has no valid binding signature as of the signature's creation time, but is valid now.  The certificate has probably been stripped or minimized.

  Running scriptlet: R-CRAN-cornet-0.0.9-1.fc38.copr6268007.noarch                                                                                                                                                                    12/12 
  Verifying        : R-CRAN-Matrix-1.6.1-1.fc38.copr6276379.x86_64                                                                                                                                                                     1/12 
  Verifying        : R-CRAN-Rcpp-1.0.11-1.fc38.copr6148288.x86_64                                                                                                                                                                      2/12 
  Verifying        : R-CRAN-codetools-0.2.19-1.fc38.copr5814825.noarch                                                                                                                                                                 3/12 
  Verifying        : R-CRAN-cornet-0.0.9-1.fc38.copr6268007.noarch                                                                                                                                                                     4/12 
  Verifying        : R-CRAN-foreach-1.5.2-1.fc38.copr5815655.noarch                                                                                                                                                                    5/12 
  Verifying        : R-CRAN-glmnet-4.1.8-1.fc38.copr6335907.x86_64                                                                                                                                                                     6/12 
  Verifying        : R-CRAN-iterators-1.0.14-1.fc38.copr5812211.noarch                                                                                                                                                                 7/12 
  Verifying        : R-CRAN-lattice-0.21.8-1.fc38.copr5814828.x86_64                                                                                                                                                                   8/12 
  Verifying        : R-CRAN-palasso-0.0.8-1.fc38.copr5821654.noarch                                                                                                                                                                    9/12 
  Verifying        : R-CRAN-shape-1.4.6-1.fc38.copr5812421.noarch                                                                                                                                                                     10/12 
  Verifying        : R-CRAN-survival-3.5.7-1.fc38.copr6276404.x86_64                                                                                                                                                                  11/12 
  Verifying        : R-littler-0.3.18-4.fc38.x86_64                                                                                                                                                                                   12/12 

Installed:
  R-CRAN-Matrix-1.6.1-1.fc38.copr6276379.x86_64             R-CRAN-Rcpp-1.0.11-1.fc38.copr6148288.x86_64             R-CRAN-codetools-0.2.19-1.fc38.copr5814825.noarch            R-CRAN-cornet-0.0.9-1.fc38.copr6268007.noarch             
  R-CRAN-foreach-1.5.2-1.fc38.copr5815655.noarch            R-CRAN-glmnet-4.1.8-1.fc38.copr6335907.x86_64            R-CRAN-iterators-1.0.14-1.fc38.copr5812211.noarch            R-CRAN-lattice-0.21.8-1.fc38.copr5814828.x86_64           
  R-CRAN-palasso-0.0.8-1.fc38.copr5821654.noarch            R-CRAN-shape-1.4.6-1.fc38.copr5812421.noarch             R-CRAN-survival-3.5.7-1.fc38.copr6276404.x86_64              R-littler-0.3.18-4.fc38.x86_64                            

Complete!

But I believe this is a short-term solution, though. We should find a way to "extend" keys without stripping. Should we track this somewhere?

@nwalfield
Copy link
Collaborator

Thanks for confirming that the fix now works. I should have tested my initial suggestion with your reproducer, but I didn't. I'm sorry about that.

The situation with warning: makes RPM veeery verbose:

The warnings are indeed a bit annoying and they are not really actionable. Perhaps it would be better to turn them off. @pmatilai, what do you think?

We should find a way to "extend" keys without stripping. Should we track this somewhere?

Good question. The problem isn't how certificates are extended, but that gpg strips on export. This behavior is reasonable in the context of email, but less so IMHO in the context of verifying archives. I doubt that we're going to be able to convince the gpg developers to change this behavior, or add an option to support it. sq and sequoia's gpg replacement do export old self signatures by default, but the latter isn't yet available for Fedora, and is unlikely to become default for a while, if ever.

@pmatilai
Copy link
Member

The warnings are indeed a bit annoying and they are not really actionable. Perhaps it would be better to turn them off. @pmatilai, what do you think?

Yeah, drowning the user in warnings they can't do anything about is not particularly useful. Let's just silence it for the time being.

As for gnupg, I think we should at least file a bug on that behavior there. Who knows how intentional (or not) that particular behavior is, gnupg is a pretty old piece of software too.

@praiskup
Copy link
Member Author

Thank you for fixing this. In the meantime I filled a gnupg bug against Red Hat Bugzilla, I'm not sure where to fill an upstream RFE. https://bugzilla.redhat.com/show_bug.cgi?id=2235323

@pmatilai
Copy link
Member

Upstream bug tracker is supposedly at https://dev.gnupg.org/

@nwalfield
Copy link
Collaborator

I suppressed the lint in #54 .

@Jakuje
Copy link

Jakuje commented Aug 29, 2023

I filled the upstream issue at least do see if this is intentional or not: https://dev.gnupg.org/T6689

sq and sequoia's gpg replacement do export old self signatures by default, but the latter isn't yet available for Fedora, and is unlikely to become default for a while, if ever.

Does the sequoia's gpg replacement or the sequoia-sop already supports this use case? Would copr support this as an alternative to use gnupg for start?

@nwalfield
Copy link
Collaborator

These fixes are included in the 1.5.0 release.

@Enchufa2
Copy link

@decathorpe ☝️🙏

@praiskup
Copy link
Member Author

I filled the upstream issue at least do see if this is intentional or not: https://dev.gnupg.org/T6689

Thank you for forwarding the issue!

Does the sequoia's gpg replacement or the sequoia-sop already supports this use case?

I don't know.

Would copr support this as an alternative to use gnupg for start?

Copr just uses obs-signd, @mlschroe could comment on this, but it would be nice to have an upstream issue filled by someone who better understands the benefits/motivation.

@decathorpe
Copy link

These fixes are included in the 1.5.0 release.

Can you publish 1.5.0 to crates.io too?

@nwalfield
Copy link
Collaborator

Fixed. It seems I forgot to remove the --dry-run when running cargo publish.

@decathorpe
Copy link

Thanks! Will push the update to Fedora later today.

@pmatilai
Copy link
Member

Thanks @nwalfield and @decathorpe !

It occurred to me that a possible to way to both eat and keep the cake might be only issuing the lints if there are more than one self-signature, ie assume that in that case it hasn't been stripped a'la gpg. I don't know if it's possible/meaningful in practise though.

@nwalfield
Copy link
Collaborator

It occurred to me that a possible to way to both eat and keep the cake might be only issuing the lints if there are more than one self-signature, ie assume that in that case it hasn't been stripped a'la gpg. I don't know if it's possible/meaningful in practise though.

@pmatilai, that's a pretty clever idea! That said, my feeling is that the case is pretty rare in practice, and detecting it would add more than a bit of implementation complexity. So, for now, I think I'll just leave it disabled.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants