From 6a4958d3134a3a61c036bc9ccaccc393c2bb99f2 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 28 Mar 2016 03:34:54 +0200 Subject: Allow lowering trust level of a hash via config Introduces APT::Hashes:: with entries Untrusted and Weak which can be set to true to cause the hash to be treated as untrusted and/or weak. --- apt-pkg/contrib/hashes.cc | 11 ++++++++++- methods/gpgv.cc | 24 ++++++++++++------------ test/integration/test-releasefile-verification | 8 ++++---- 3 files changed, 26 insertions(+), 17 deletions(-) diff --git a/apt-pkg/contrib/hashes.cc b/apt-pkg/contrib/hashes.cc index f2b91501e..755ad2035 100644 --- a/apt-pkg/contrib/hashes.cc +++ b/apt-pkg/contrib/hashes.cc @@ -129,12 +129,21 @@ APT_PURE bool HashString::empty() const /*{{{*/ return (Type.empty() || Hash.empty()); } /*}}}*/ + +APT_PURE static bool IsConfigured(const char *name, const char *what) +{ + std::string option; + strprintf(option, "APT::Hashes::%s::%s", name, what); + return _config->FindB(option, false); +} + APT_PURE bool HashString::usable() const /*{{{*/ { return ( (Type != "Checksum-FileSize") && (Type != "MD5Sum") && - (Type != "SHA1") + (Type != "SHA1") && + !IsConfigured(Type.c_str(), "Untrusted") ); } /*}}}*/ diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 43f1df878..60a7d4719 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -45,19 +45,20 @@ struct Digest { Untrusted, Weak, Trusted, - Configureable } state; char name[32]; State getState() const { - if (state != Digest::State::Configureable) - return state; - std::string const digestconfig = _config->Find("Debug::Acquire::gpgv::configdigest::truststate", "trusted"); - if (digestconfig == "weak") - return State::Weak; - else if (digestconfig == "untrusted") + std::string optionUntrusted; + std::string optionWeak; + strprintf(optionUntrusted, "APT::Hashes::%s::Untrusted", name); + strprintf(optionWeak, "APT::Hashes::%s::Weak", name); + if (_config->FindB(optionUntrusted, state == State::Untrusted) == true) return State::Untrusted; - return State::Trusted; + if (_config->FindB(optionWeak, state == State::Weak) == true) + return State::Weak; + + return state; } }; @@ -73,9 +74,8 @@ static constexpr Digest Digests[] = { {Digest::State::Trusted, "SHA256"}, {Digest::State::Trusted, "SHA384"}, {Digest::State::Trusted, "SHA512"}, - {Digest::State::Configureable, "SHA224"}, + {Digest::State::Trusted, "SHA224"}, }; -static_assert(Digests[_count(Digests) - 1].state == Digest::State::Configureable, "the last digest algo isn't the configurable one which we expect for tests"); static Digest FindDigest(std::string const & Digest) { @@ -234,8 +234,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, if (Debug == true) std::clog << "Got untrusted VALIDSIG, key ID: " << sig << std::endl; break; - case Digest::State::Configureable: - case Digest::State::Trusted: + + case Digest::State::Trusted: if (Debug == true) std::clog << "Got trusted VALIDSIG, key ID: " << sig << std::endl; break; diff --git a/test/integration/test-releasefile-verification b/test/integration/test-releasefile-verification index ffb5073b6..c349c4428 100755 --- a/test/integration/test-releasefile-verification +++ b/test/integration/test-releasefile-verification @@ -258,7 +258,7 @@ runtest2() { } runtest3() { - echo "Debug::Acquire::gpgv::configdigest::truststate \"$1\";" > rootdir/etc/apt/apt.conf.d/truststate + echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::$1 \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate msgmsg "Running base test with $1 digest" runtest2 @@ -280,16 +280,16 @@ export APT_TESTS_DIGEST_ALGO='SHA224' successfulaptgetupdate() { testsuccess aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 } -runtest3 'trusted' +runtest3 'Trusted' successfulaptgetupdate() { testwarning aptget update -o Debug::pkgAcquire::Worker=1 -o Debug::Acquire::gpgv=1 testsuccess grep 'uses weak digest algorithm' rootdir/tmp/testwarning.output } -runtest3 'weak' +runtest3 'Weak' msgmsg "Running test with apt-untrusted digest" -echo "Debug::Acquire::gpgv::configdigest::truststate \"untrusted\";" > rootdir/etc/apt/apt.conf.d/truststate +echo "APT::Hashes::$APT_TESTS_DIGEST_ALGO::Untrusted \"yes\";" > rootdir/etc/apt/apt.conf.d/truststate runfailure() { for DELETEFILE in 'InRelease' 'Release.gpg'; do msgmsg 'Cold archive signed by' 'Joe Sixpack' -- cgit v1.2.3