Juju Charms Collection

Bug #799879
Comment #11

Comment 11 for bug 799879

Revision history for this message

Mark Mims (mark-mims) wrote on 2012-11-13:

#11

I think we can add config to set the security policy for the charm.

Here's a snippet from some docs:

{{{
The culprit here is the security policy. RubyGems has several different
security policies. Let’s take a short break and go over the security
policies. Here’s a list of the available security policies, and a brief
description of each one:

NoSecurity – Well, no security at all. Signed packages are treated like unsigned packages.

LowSecurity – Pretty much no security. If a package is signed then RubyGems will make sure the signature matches the signing certificate, and that the signing certificate hasn’t expired, but that’s it. A malicious user could easily circumvent this kind of security.

MediumSecurity – Better than LowSecurity and NoSecurity, but still fallible. Package contents are verified against the signing certificate, and the signing certificate is checked for validity, and checked against the rest of the certificate chain (if you don’t know what a certificate chain is, stay tuned, we’ll get to that). The biggest improvement over LowSecurity is that MediumSecurity won’t install packages that are signed by untrusted sources. Unfortunately, MediumSecurity still isn’t totally secure — a malicious user can still unpack the gem, strip the signatures, and distribute the gem unsigned.

HighSecurity – Here’s the bugger that got us into this mess. The HighSecurity policy is identical to the MediumSecurity policy, except that it does not allow unsigned gems. A malicious user doesn’t have a whole lot of options here; he can’t modify the package contents without invalidating the signature, and he can’t modify or remove signature or the signing certificate chain, or RubyGems will simply refuse to install the package. Oh well, maybe he’ll have better luck causing problems for CPAN users instead :).

}}}

and also

{{{
Usage: gem cert [options]

  Options:
    -a, --add CERT Add a trusted certificate.
    -l, --list List trusted certificates.
    -r, --remove STRING Remove trusted certificates containing STRING.
    -b, --build EMAIL_ADDR Build private key and self-signed certificate
                            for EMAIL_ADDR.
    -C, --certificate CERT Certificate for --sign command.
    -K, --private-key KEY Private key for --sign command.
    -s, --sign NEWCERT Sign a certificate with my key and certificate.
}}}

I think we can add config to set the security policy for the charm.

Here's a snippet from some docs:

NoSecurity – Well, no security at all. Signed packages are treated like unsigned packages.

}}}

and also

{{{
Usage: gem cert [options]

Options:
    -a, --add CERT          Add a trusted certificate.
    -l, --list              List trusted certificates.
    -r, --remove STRING     Remove trusted certificates containing STRING.
    -b, --build EMAIL_ADDR  Build private key and self-signed certificate 
                            for EMAIL_ADDR.
    -C, --certificate CERT  Certificate for --sign command.
    -K, --private-key KEY   Private key for --sign command.
    -s, --sign NEWCERT      Sign a certificate with my key and certificate.
}}}