|
|
efb0017 |
From 62caf3db341c5b23abebfe7540ce85c2fec7705b Mon Sep 17 00:00:00 2001
|
|
|
efb0017 |
From: clime <clime@redhat.com>
|
|
|
efb0017 |
Date: Mon, 2 May 2016 21:05:43 +0200
|
|
|
efb0017 |
Subject: [PATCH] fixes user-id matching to provide unique results
|
|
|
efb0017 |
|
|
|
efb0017 |
Supposing you have got these two keys (generated in this order) in the gpg homedir:
|
|
|
efb0017 |
pub rsa2048/DB5F2C7E 2016-05-02 [SCEA]
|
|
|
efb0017 |
uid [ultimate] abc (abc) <foobar@foobar.com>
|
|
|
efb0017 |
|
|
|
efb0017 |
pub rsa2048/9F129E90 2016-05-02 [SCEA]
|
|
|
efb0017 |
uid [ultimate] abc (abc) <bar@foobar.com>
|
|
|
efb0017 |
|
|
|
efb0017 |
and content of the phrases directory is the following:
|
|
|
efb0017 |
bar@foobar.com foobar@foobar.com
|
|
|
efb0017 |
|
|
|
efb0017 |
Then if you call /bin/sign -u bar@foobar.com -p, both keys are returned (| gpg2 --list-packets | grep 'user ID'):
|
|
|
efb0017 |
:user ID packet: "abc (abc) <foobar@foobar.com>"
|
|
|
efb0017 |
:user ID packet: "abc (abc) <bar@foobar.com>"
|
|
|
efb0017 |
|
|
|
efb0017 |
If you try to sign a rpm like this: /bin/sign -u bar@foobar.com -r unsigned35.rpm, you will get it signed by foobar's key:
|
|
|
efb0017 |
$ rpm -Kv unsigned35.rpm
|
|
|
efb0017 |
unsigned35.rpm:
|
|
|
efb0017 |
Header V3 RSA/SHA1 Signature, key ID db5f2c7e: NOKEY
|
|
|
efb0017 |
Header SHA1 digest: OK (6289e7d8d0a73be107945df48cefb762a5036eb1)
|
|
|
efb0017 |
V3 RSA/SHA1 Signature, key ID db5f2c7e: NOKEY
|
|
|
efb0017 |
MD5 digest: OK (3c8cafddad94a1e75adf52c59203cd3a)
|
|
|
efb0017 |
|
|
|
efb0017 |
If you generate a new key-pair with: /bin/sign -u bar@foobar.com -P test.priv -g rsa@2048 800 test test@test.cz > test.pub,
|
|
|
efb0017 |
then test.pub is again signed by foobar's key:
|
|
|
efb0017 |
|
|
|
efb0017 |
(Here I generated new keys in a different gpg homedir to test this with gpg-1.4.20)
|
|
|
efb0017 |
pub 2048R/12390294 2016-05-02
|
|
|
efb0017 |
uid abc (abc) <foobar@foobar.com>
|
|
|
efb0017 |
|
|
|
efb0017 |
pub 2048R/2CD4F3AA 2016-05-02
|
|
|
efb0017 |
uid abc (abc) <bar@foobar.com>
|
|
|
efb0017 |
|
|
|
efb0017 |
$ cat test.pub | gpg --list-packets | grep 'signature packet'
|
|
|
efb0017 |
:signature packet: algo 1, keyid 8CCC8E826051E7F0
|
|
|
efb0017 |
:signature packet: algo 1, keyid 2F34AD5812390294
|
|
|
efb0017 |
(the second signature has foobar's short key id: 12390294)
|
|
|
efb0017 |
|
|
|
efb0017 |
The problem is that without angle brackets (<>) around email, gpg performs substring match on user ids. With angle brackets, it performs exact matching,
|
|
|
efb0017 |
which produces the (I suppose) expected behaviour of signd.
|
|
|
efb0017 |
|
|
|
efb0017 |
An alternative to this patch is to keep all phrases' file names in form <email> (so that you can then call sign client with -u '<email>')
|
|
|
efb0017 |
but I don't think this was intended.
|
|
|
efb0017 |
---
|
|
|
efb0017 |
signd | 8 ++++----
|
|
|
efb0017 |
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
efb0017 |
|
|
|
efb0017 |
diff --git a/signd b/signd
|
|
|
efb0017 |
index bf79b22..c9e013b 100755
|
|
|
efb0017 |
--- a/signd
|
|
|
efb0017 |
+++ b/signd
|
|
|
efb0017 |
@@ -570,7 +570,7 @@ sub rungpg_fatal {
|
|
|
efb0017 |
|
|
|
efb0017 |
if ($cmd eq 'pubkey') {
|
|
|
efb0017 |
die("pubkey: one argument expected\n") if @argv != 2;
|
|
|
efb0017 |
- my $pubkey = rungpg_fatal('/dev/null', undef, $gpg, '--export', '-a', $user);
|
|
|
efb0017 |
+ my $pubkey = rungpg_fatal('/dev/null', undef, $gpg, '--export', '-a', "<$user>");
|
|
|
efb0017 |
if (!$oldproto) {
|
|
|
efb0017 |
$pubkey = pack('nn', 1, length($pubkey)).$pubkey;
|
|
|
efb0017 |
}
|
|
|
efb0017 |
@@ -619,7 +619,7 @@ if ($cmd eq 'keygen') {
|
|
|
efb0017 |
$keyid = $keyid[0];
|
|
|
efb0017 |
|
|
|
efb0017 |
# add user sig to pubkey
|
|
|
efb0017 |
- rungpg_fatal("$phrases/$user", ["$tmpdir/pubkey.$$", "$tmpdir/privkey.$$"], $gpg, '--batch', '--no-secmem-warning', "--keyring=$tmpdir/pubkey.$$", "--passphrase-fd=0", "-u", $user, '--yes', '--trustdb-name', "$tmpdir/trustdb.$$", '--default-cert-level', '3', '--edit-key', $keyid, 'sign', 'save');
|
|
|
efb0017 |
+ rungpg_fatal("$phrases/$user", ["$tmpdir/pubkey.$$", "$tmpdir/privkey.$$"], $gpg, '--batch', '--no-secmem-warning', "--keyring=$tmpdir/pubkey.$$", "--passphrase-fd=0", "-u", "<$user>", '--yes', '--trustdb-name', "$tmpdir/trustdb.$$", '--default-cert-level', '3', '--edit-key', $keyid, 'sign', 'save');
|
|
|
efb0017 |
unlink("$tmpdir/pubkey.$$~");
|
|
|
efb0017 |
unlink("$tmpdir/trustdb.$$");
|
|
|
efb0017 |
|
|
|
efb0017 |
@@ -628,7 +628,7 @@ if ($cmd eq 'keygen') {
|
|
|
efb0017 |
unlink("$tmpdir/pubkey.$$");
|
|
|
efb0017 |
|
|
|
efb0017 |
# encrypt privkey
|
|
|
efb0017 |
- my $privkey = rungpg_fatal('/dev/null', ["$tmpdir/privkey.$$"], $gpg, '--batch', '--encrypt', '--no-verbose', '--no-secmem-warning', '--trust-model', 'always', '-o-', '-r', "$user", "$tmpdir/privkey.$$");
|
|
|
efb0017 |
+ my $privkey = rungpg_fatal('/dev/null', ["$tmpdir/privkey.$$"], $gpg, '--batch', '--encrypt', '--no-verbose', '--no-secmem-warning', '--trust-model', 'always', '-o-', '-r', "<$user>", "$tmpdir/privkey.$$");
|
|
|
efb0017 |
unlink("$tmpdir/privkey.$$");
|
|
|
efb0017 |
|
|
|
efb0017 |
# send back
|
|
|
efb0017 |
@@ -737,7 +737,7 @@ if ($cmd eq 'sign' || $cmd eq 'privsign') {
|
|
|
efb0017 |
if (@keyargs) {
|
|
|
efb0017 |
($status, $lout, $lerr) = rungpg('/dev/null', ["$tmpdir/privkey.$$", "$tmpdir/pubkey.$$"], $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--allow-non-selfsigned-uid", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--passphrase-fd=0", @keyargs, "-sbo", "-", $argv[2]);
|
|
|
efb0017 |
} else {
|
|
|
efb0017 |
- ($status, $lout, $lerr) = rungpg("$phrases/$user", undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--passphrase-fd=0", "-u", $user, "-sbo", "-", $argv[2]);
|
|
|
efb0017 |
+ ($status, $lout, $lerr) = rungpg("$phrases/$user", undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--passphrase-fd=0", "-u", "<$user>", "-sbo", "-", $argv[2]);
|
|
|
efb0017 |
}
|
|
|
efb0017 |
$lout = patchclasstime($lout, $classtime) if $classtime && !$status;
|
|
|
efb0017 |
splice(@argv, 2, 1);
|
|
|
efb0017 |
--
|
|
|
efb0017 |
2.5.5
|
|
|
efb0017 |
|