mock: enable gpgcheck for f8 config file
Michael E Brown
Michael_E_Brown at dell.com
Thu Jan 3 21:31:30 UTC 2008
On Sat, Dec 15, 2007 at 08:40:25PM +0100, Till Maas wrote:
> On Saturday 15 December 2007 16:34:44 Jesse Keating wrote:
>
> > Couldn't the repo configs just point to the online version of it, and
> > have yum download the key when needed? (or if it's already on the file
> > system use it?)
>
> It is possible afaik, but it is less secure, because yum can not check,
> whether or not the downloaded key is really the wanted. It would work, if the
> download url is an https one and there is a good certificate used and yum
> verifies whether or not the certificate is valid. But imho shipping the gpg
> keys with mock is less error-prone.
So lets see if we can work this out.
It looks to me like the goal of adding gpg key support is to add some
stricter security guarantees around mock builds. It would be nice if you
could codify exactly what you think the security guarantee should look
like, and what are the possible attack vectors against this. This should
guide us in resolving this.
Yum uses urllib underneath to download stuff. I assume it would support
https, but I dont know anything about how it verifies certificates.
On the other hand, shipping the GPG keys with mock creates a maintenance
overhead, but one that I dont think is very large. These keys dont ever
(afaik) change, so it should be just a one time thing to get them in and
the configs set up.
--
Michael
More information about the Fedora-buildsys-list
mailing list