|
|
9095768 |
From 242015e49c2050d8d3ab276140d3551dbfb7a025 Mon Sep 17 00:00:00 2001
|
|
|
efb0017 |
From: clime <clime@redhat.com>
|
|
|
efb0017 |
Date: Mon, 2 May 2016 21:05:43 +0200
|
|
|
391df68 |
Subject: [PATCH 2/2] fixes user-id matching to provide unique results
|
|
|
efb0017 |
|
|
|
efb0017 |
Supposing you have got these two keys (generated in this order) in the gpg homedir:
|
|
|
efb0017 |
pub rsa2048/DB5F2C7E 2016-05-02 [SCEA]
|
|
|
efb0017 |
uid [ultimate] abc (abc) <foobar@foobar.com>
|
|
|
efb0017 |
|
|
|
efb0017 |
pub rsa2048/9F129E90 2016-05-02 [SCEA]
|
|
|
efb0017 |
uid [ultimate] abc (abc) <bar@foobar.com>
|
|
|
efb0017 |
|
|
|
efb0017 |
and content of the phrases directory is the following:
|
|
|
efb0017 |
bar@foobar.com foobar@foobar.com
|
|
|
efb0017 |
|
|
|
efb0017 |
Then if you call /bin/sign -u bar@foobar.com -p, both keys are returned (| gpg2 --list-packets | grep 'user ID'):
|
|
|
efb0017 |
:user ID packet: "abc (abc) <foobar@foobar.com>"
|
|
|
efb0017 |
:user ID packet: "abc (abc) <bar@foobar.com>"
|
|
|
efb0017 |
|
|
|
efb0017 |
If you try to sign a rpm like this: /bin/sign -u bar@foobar.com -r unsigned35.rpm, you will get it signed by foobar's key:
|
|
|
efb0017 |
$ rpm -Kv unsigned35.rpm
|
|
|
efb0017 |
unsigned35.rpm:
|
|
|
efb0017 |
Header V3 RSA/SHA1 Signature, key ID db5f2c7e: NOKEY
|
|
|
efb0017 |
Header SHA1 digest: OK (6289e7d8d0a73be107945df48cefb762a5036eb1)
|
|
|
efb0017 |
V3 RSA/SHA1 Signature, key ID db5f2c7e: NOKEY
|
|
|
efb0017 |
MD5 digest: OK (3c8cafddad94a1e75adf52c59203cd3a)
|
|
|
efb0017 |
|
|
|
efb0017 |
If you generate a new key-pair with: /bin/sign -u bar@foobar.com -P test.priv -g rsa@2048 800 test test@test.cz > test.pub,
|
|
|
efb0017 |
then test.pub is again signed by foobar's key:
|
|
|
efb0017 |
|
|
|
efb0017 |
(Here I generated new keys in a different gpg homedir to test this with gpg-1.4.20)
|
|
|
efb0017 |
pub 2048R/12390294 2016-05-02
|
|
|
efb0017 |
uid abc (abc) <foobar@foobar.com>
|
|
|
efb0017 |
|
|
|
efb0017 |
pub 2048R/2CD4F3AA 2016-05-02
|
|
|
efb0017 |
uid abc (abc) <bar@foobar.com>
|
|
|
efb0017 |
|
|
|
efb0017 |
$ cat test.pub | gpg --list-packets | grep 'signature packet'
|
|
|
efb0017 |
:signature packet: algo 1, keyid 8CCC8E826051E7F0
|
|
|
efb0017 |
:signature packet: algo 1, keyid 2F34AD5812390294
|
|
|
efb0017 |
(the second signature has foobar's short key id: 12390294)
|
|
|
efb0017 |
|
|
|
efb0017 |
The problem is that without angle brackets (<>) around email, gpg performs substring match on user ids. With angle brackets, it performs exact matching,
|
|
|
efb0017 |
which produces the (I suppose) expected behaviour of signd.
|
|
|
efb0017 |
|
|
|
efb0017 |
An alternative to this patch is to keep all phrases' file names in form <email> (so that you can then call sign client with -u '<email>')
|
|
|
efb0017 |
but I don't think this was intended.
|
|
|
efb0017 |
---
|
|
|
efb0017 |
signd | 8 ++++----
|
|
|
efb0017 |
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
efb0017 |
|
|
|
92c9de1 |
diff -Naur obs-sign-2.6.1.orig/signd obs-sign-2.6.1/signd
|
|
|
92c9de1 |
--- obs-sign-2.6.1.orig/signd 2022-11-14 10:36:26.807971895 +0100
|
|
|
92c9de1 |
+++ obs-sign-2.6.1/signd 2022-11-14 10:40:50.214630869 +0100
|
|
|
92c9de1 |
@@ -788,7 +788,7 @@
|
|
|
92c9de1 |
my ($user, $purpose) = @_;
|
|
|
92c9de1 |
$purpose ||= 's';
|
|
|
92c9de1 |
$purpose = qr/$purpose/;
|
|
|
92c9de1 |
- my $lines = rungpg_fatal('/dev/null', undef, $gpg, '--locate-key', '--with-fingerprint', '--with-fingerprint', '--with-keygrip', '--with-colons', '--', $user);
|
|
|
92c9de1 |
+ my $lines = rungpg_fatal('/dev/null', undef, $gpg, '--locate-key', '--with-fingerprint', '--with-fingerprint', '--with-keygrip', '--with-colons', '--', "<$user>");
|
|
|
92c9de1 |
my $fpr;
|
|
|
92c9de1 |
my $grp;
|
|
|
92c9de1 |
my $keyid;
|
|
|
92c9de1 |
@@ -972,7 +972,7 @@
|
|
|
4ce1758 |
rungpg_fatal("$phrases/$user", $tdir, $gpg, '--batch', '--no-secmem-warning',
|
|
|
9095768 |
@pinentrymode,
|
|
|
4ce1758 |
"--passphrase-fd=0", "--yes",
|
|
|
4ce1758 |
- "-u", $user,
|
|
|
4ce1758 |
+ "-u", "<$user>",
|
|
|
4ce1758 |
'--default-cert-level', '3',
|
|
|
4ce1758 |
"--keyring", $pubring,
|
|
|
4ce1758 |
'--edit-key', $keyid,
|
|
|
92c9de1 |
@@ -992,7 +992,7 @@
|
|
|
4ce1758 |
close(F) || die("privkey close error\n");
|
|
|
efb0017 |
|
|
|
4ce1758 |
$ENV{GNUPGHOME} = $org_gnupghome;
|
|
|
4ce1758 |
- my $privkey = rungpg_fatal('/dev/null', $tdir, $gpg, '--batch', '--encrypt', '--no-verbose', '--no-secmem-warning', '--trust-model', 'always', '-o-', '-r', "$user", "$tdir/privkey");
|
|
|
4ce1758 |
+ my $privkey = rungpg_fatal('/dev/null', $tdir, $gpg, '--batch', '--encrypt', '--no-verbose', '--no-secmem-warning', '--trust-model', 'always', '-o-', '-r', "<$user>", "$tdir/privkey");
|
|
|
4ce1758 |
remove_tree($tdir);
|
|
|
efb0017 |
|
|
|
efb0017 |
# send back
|
|
|
92c9de1 |
@@ -1053,7 +1053,7 @@
|
|
|
4ce1758 |
sub cmd_pubkey {
|
|
|
4ce1758 |
my ($cmd, $user, $hashalgo, @args) = @_;
|
|
|
4ce1758 |
die("pubkey: one argument expected\n") if @args;
|
|
|
4ce1758 |
- my $pubkey = rungpg_fatal('/dev/null', undef, $gpg, '--export', '-a', $user);
|
|
|
4ce1758 |
+ my $pubkey = rungpg_fatal('/dev/null', undef, $gpg, '--export', '-a', "<$user>");
|
|
|
4ce1758 |
return (0, '', $pubkey);
|
|
|
4ce1758 |
}
|
|
|
4ce1758 |
|
|
|
92c9de1 |
@@ -1231,7 +1231,7 @@
|
|
|
92c9de1 |
if ($isprivsign) {
|
|
|
92c9de1 |
push @args, '--allow-non-selfsigned-uid';
|
|
|
92c9de1 |
} else {
|
|
|
92c9de1 |
- push @args, '-u', $user;
|
|
|
92c9de1 |
+ push @args, '-u', "<$user>";
|
|
|
efb0017 |
}
|
|
|
9015754 |
return rungpg($phrasesfile, undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", @pinentrymode, "--passphrase-fd=0", @args, "-sbo", "-", $hash);
|
|
|
92c9de1 |
}
|