Ubuntu system image

Accept self-signed certificates

Bug #1218954 reported by Javier Collado
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu system image
New
Undecided
Unassigned

Bug Description

It would be nice if it were possible to enable some configuration or command
line flag to accept self-signed certificates since this would make testing
easier.

In particular, a testing server could be used with update files created to test
different upgrade paths.

Revision history for this message
Stéphane Graber (stgraber) wrote :

It'd work for the download part but would fail on GPG as your test server won't be able to provide updates and index files signed by a key with a trust path to the Ubuntu Archive master key.

Revision history for this message
Javier Collado (javier.collado) wrote :

In the gpg section of the client.ini configuration file it's possible to
specify the path to an alternative archive-master keyring. In my test I expect
to generate keys for archive-master (signed by itself), image-master (signed by
the archive-master') and image-signing (signed by image-master).

As long as the client doesn't try to use the archive-master keyring provided by
system-image-common package, I think it should work fine.

Please let me know if I'm missing something.

Revision history for this message
Stéphane Graber (stgraber) wrote :

You are missing the archive-master that's hardcoded in the recovery partition.

So you'll be able to download the updates and copy them to recovery but when rebooting the upgrader will refuse to use them.

Revision history for this message
Javier Collado (javier.collado) wrote :

That's a good point, thanks.

Is there any way to workaround that problem? I mean, the same way as the
updates are copied to the recovery partition, wouldn't be possible to update
the archive-master keyring?

Revision history for this message
Stéphane Graber (stgraber) wrote :

Unfortunately, no, otherwise it'd be possible for the user to pass a new key and bypass the validation, which would defeat its purpose.

The plan for the ports where they'll need to do something like that is to have them include a different master key in their android build which will then result in a different android tarball with a different recovery image.
It'll be fine for them since they need a custom android anyway (different hardware) but for QA, that'd mean testing images that are different from the real thing, which I doubt you'd want.

Revision history for this message
Barry Warsaw (barry) wrote :

I think this bug does not affect the client since it is entirely possible to use a custom crafted archive-master key, which in fact the s-i test suite does. I'll retag this for recovery, and leave it to stgraber to possibly mark as Won't Fix.

tags: added: recovery
removed: client
Revision history for this message
Stéphane Graber (stgraber) wrote :

Based on the title this appears to be about the https connection, nothing to do with GPG, so nothing to do with the recovery environment.

Though with the switch to the download manager, I'm not sure it's something that's under the client's control anyway...

Revision history for this message
Barry Warsaw (barry) wrote : Re: [Bug 1218954] Re: Accept self-signed certificates

On Oct 02, 2013, at 09:26 PM, Stéphane Graber wrote:

>Though with the switch to the download manager, I'm not sure it's
>something that's under the client's control anyway...

It's not, although ubuntu-download-manager has a testing mode that allows for
specifying self-signed SSL certificates. s-i's testing framework uses this.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.