This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH setup draft 0/4] Improve setup.ini validation


This patch series presupposes the one posted starting at [1].

Currently, signatures are verified using the cygwin signing key and
other keys supplied by the user.  Validation with any key is accepted.
This patch series makes the following changes:

 - For official cygwin mirrors (those listed in mirrors.lst), only the
   cygwin key is tried.

 - For purported private mirrors (from the "last-mirror" user setting
   or the "Add URL box" or the command line), the cygwin key is tried
   first.  If this fails, then the remaining keys are tried.  If one
   of these succeeds, then the site is silently reclassified (with a
   message in the log file) as a 'user site' rather than a 'mirror'.
   The change takes effect on the next setup run or when the user
   selects 'Back'.

 - If the user turns off signature validation with the -X option, a
   weaker check is done: We look for "release: cygwin" in the
   setup.ini file.  If that fails for an official mirror, the file is
   rejected.  If it fails for a purported private mirror, the site is
   silently reclassified, as above.

The reclassification is done silently because it could easily be
necessary, through no fault of the user.  There are three reasons for
this.  First, the distinction between mirrors and user sites is new,
and it will take time for users to become accustomed to it.  Second,
for setup.rc files that were written before [1], "last-mirror"
includes all selected sites, whether mirrors or not.  Finally, sites
specified on the command line are initially assumed to be mirrors
until we can perform the above checks.

[1] https://sourceware.org/ml/cygwin-apps/2017-12/msg00051.html

Ken Brown (4):
  Allow validation of signatures using the cygwin key only
  Insist on cygwin signing key for official mirrors
  Try cygwin signing key for private mirrors
  If signature validation is turned off, check 'release:' tag

 crypto.cc  |  5 ++--
 crypto.h   |  3 ++-
 ini.cc     | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
 res.rc     |  1 +
 resource.h |  1 +
 site.h     |  2 ++
 6 files changed, 87 insertions(+), 12 deletions(-)

-- 
2.15.1


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]