From: Ken Brown <kbrown@cornell.edu>
To: cygwin-apps@cygwin.com
Subject: [PATCH setup draft 0/4] Improve setup.ini validation
Date: Mon, 11 Dec 2017 21:41:00 -0000 [thread overview]
Message-ID: <20171211214136.6500-1-kbrown@cornell.edu> (raw)
This patch series presupposes the one posted starting at [1].
Currently, signatures are verified using the cygwin signing key and
other keys supplied by the user. Validation with any key is accepted.
This patch series makes the following changes:
- For official cygwin mirrors (those listed in mirrors.lst), only the
cygwin key is tried.
- For purported private mirrors (from the "last-mirror" user setting
or the "Add URL box" or the command line), the cygwin key is tried
first. If this fails, then the remaining keys are tried. If one
of these succeeds, then the site is silently reclassified (with a
message in the log file) as a 'user site' rather than a 'mirror'.
The change takes effect on the next setup run or when the user
selects 'Back'.
- If the user turns off signature validation with the -X option, a
weaker check is done: We look for "release: cygwin" in the
setup.ini file. If that fails for an official mirror, the file is
rejected. If it fails for a purported private mirror, the site is
silently reclassified, as above.
The reclassification is done silently because it could easily be
necessary, through no fault of the user. There are three reasons for
this. First, the distinction between mirrors and user sites is new,
and it will take time for users to become accustomed to it. Second,
for setup.rc files that were written before [1], "last-mirror"
includes all selected sites, whether mirrors or not. Finally, sites
specified on the command line are initially assumed to be mirrors
until we can perform the above checks.
[1] https://sourceware.org/ml/cygwin-apps/2017-12/msg00051.html
Ken Brown (4):
Allow validation of signatures using the cygwin key only
Insist on cygwin signing key for official mirrors
Try cygwin signing key for private mirrors
If signature validation is turned off, check 'release:' tag
crypto.cc | 5 ++--
crypto.h | 3 ++-
ini.cc | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
res.rc | 1 +
resource.h | 1 +
site.h | 2 ++
6 files changed, 87 insertions(+), 12 deletions(-)
--
2.15.1
next reply other threads:[~2017-12-11 21:41 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-11 21:41 Ken Brown [this message]
2017-12-11 21:41 ` [PATCH setup draft 2/4] Insist on cygwin signing key for official mirrors Ken Brown
2017-12-11 21:41 ` [PATCH setup draft 4/4] If signature validation is turned off, check 'release:' tag Ken Brown
2017-12-11 21:41 ` [PATCH setup draft 1/4] Allow validation of signatures using the cygwin key only Ken Brown
2017-12-11 21:41 ` [PATCH setup draft 3/4] Try cygwin signing key for private mirrors Ken Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171211214136.6500-1-kbrown@cornell.edu \
--to=kbrown@cornell.edu \
--cc=cygwin-apps@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).