[Libguestfs] [PATCH 05/10] builder: allow signatures from subkeys

Richard W.M. Jones rjones at redhat.com
Tue Jul 28 11:08:12 UTC 2015 

On Tue, Jul 28, 2015 at 11:24:45AM +0200, Pino Toscano wrote:
> When importing a key, read the list of the valid subkeys of it, and use
> it to check whether a signature was done by one of them.
> This allows index provides to sign them using a subkey instead of the
> main key.
> ---
>  builder/sigchecker.ml | 41 +++++++++++++++++++++++++++++++++++------
>  1 file changed, 35 insertions(+), 6 deletions(-)
> 
> diff --git a/builder/sigchecker.ml b/builder/sigchecker.ml
> index cb9144f..06c60ae 100644
> --- a/builder/sigchecker.ml
> +++ b/builder/sigchecker.ml
> @@ -27,6 +27,7 @@ open Unix
>  type t = {
>    gpg : string;
>    fingerprint : string;
> +  subkeys_fingerprints : string list;
>    check_signature : bool;
>    gpghome : string;
>  }
> @@ -63,7 +64,34 @@ let import_keyfile ~gpg ~gpghome ?(trust = true) keyfile =
>      if r <> 0 then
>        error (f_"GPG failure: could not trust the imported key\nUse the '-v' option and look for earlier error messages.");
>    );
> -  !fingerprint
> +  let subkeys =
> +    (* --with-fingerprint is specified twice so gpg outputs the full
> +     * fingerprint of the subkeys. *)
> +    let cmd = sprintf "%s --homedir %s --with-colons --with-fingerprint --with-fingerprint --list-keys %s"
> +      gpg gpghome !fingerprint in
> +    if verbose () then printf "%s\n%!" cmd;
> +    let lines = external_command cmd in
> +    let current = ref None in
> +    let subkeys = ref [] in
> +    List.iter (
> +      fun line ->
> +        let line = string_nsplit ":" line in
> +        match line with
> +        | "sub" :: ("u"|"-") :: _ :: _ :: id :: _ ->
> +          current := Some id
> +        | "fpr" :: _ :: _ :: _ :: _ :: _ :: _ :: _ :: _ :: id :: _ ->
> +          (match !current with
> +          | None -> ()
> +          | Some k ->
> +            if string_suffix id k then (
> +              subkeys := id :: !subkeys;
> +            );
> +            current := None
> +          )
> +        | _ -> ()
> +    ) lines;
> +    !subkeys in
> +  !fingerprint, subkeys
>  
>  let rec create ~gpg ~gpgkey ~check_signature =
>    (* Create a temporary directory for gnupg. *)
> @@ -74,7 +102,7 @@ let rec create ~gpg ~gpgkey ~check_signature =
>      match check_signature, gpgkey with
>      | true, No_Key -> false, No_Key
>      | x, y -> x, y in
> -  let fingerprint =
> +  let fingerprint, subkeys =
>      if check_signature then (
>        (* Run gpg so it can setup its own home directory, failing if it
>         * cannot.
> @@ -100,13 +128,13 @@ let rec create ~gpg ~gpgkey ~check_signature =
>          let r = Sys.command cmd in
>          if r <> 0 then
>            error (f_"could not export public key\nUse the '-v' option and look for earlier error messages.");
> -        ignore (import_keyfile gpg tmpdir filename);
> -        fp
> +        import_keyfile gpg tmpdir filename
>      ) else
> -      "" in
> +      "", [] in
>    {
>      gpg = gpg;
>      fingerprint = fingerprint;
> +    subkeys_fingerprints = subkeys;
>      check_signature = check_signature;
>      gpghome = tmpdir;
>    }
> @@ -177,6 +205,7 @@ and do_verify t args =
>        | _ -> ()
>    ) status;
>  
> -  if not (equal_fingerprints !fingerprint t.fingerprint) then
> +  if not (equal_fingerprints !fingerprint t.fingerprint) &&
> +    not (List.exists (equal_fingerprints !fingerprint) t.subkeys_fingerprints) then
>      error (f_"fingerprint of signature does not match the expected fingerprint!\n  found fingerprint: %s\n  expected fingerprint: %s")
>        !fingerprint t.fingerprint
> -- 

Looks reasonable, ACK.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

More information about the Libguestfs mailing list