More nuanced public key algorithm revocation

Bug #2073126 reported by Julian Andres Klode
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Status tracked in Oracular
Noble
Fix Committed
Undecided
Unassigned
Oracular
Fix Released
Undecided
Julian Andres Klode

Bug Description

(This is uploaded to noble as 2.8.1 per https://wiki.ubuntu.com/AptUpdates)

[Impact]
We have received feedback from users that use NIST-P256 keys for their repositories that are upset about receiving a warning. APT 2.8.0 in noble-proposed would bump the warning to an error, breaking them.

We also revoked additional ECC curves, which may still be considered trusted, so we should not bump them to errors.

Also existing users may have third-party repositories that use 1024-bit RSA keys and we have not adequately informed them yet perhaps.

[Solution]
Hence we will restore all elliptic curve keys of 256 or more bit to trusted:

    ">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512,brainpoolP256r1,brainpoolP320r1,brainpoolP384r1,brainpoolP512r1,secp256k1";

At the same time we will also introduce a more nuanced approach to revocations by introducing a 'next' level that issues a warning if the key is not allowed in it and a 'future' level that will issue an audit message with the --audit option.

For the next level, we will set it to:

    ">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512"

This means we restrict warnings to Brainpool curves and the secp256k1 key, which we have not received any feedback about them being used yet.

For the future level, we will take a strong approach to best practices as it is only seen when explictly running with --audit and the intention is to highlight best practices. It will be set to

    ">=rsa3072,ed25519,ed448";

Which corresponds to the NIST recommendations for 2031 (and as little curves as possible).

We are also introducing a mitigation for existing 24.04 systems to not upgrade the policy yet; by creating an apt.conf.d configuration file that temporarily allows the 1024-bit RSA keys if upgraded from apt 2.7.x; with the plan to remove them in 24.04.2.

[Test plan]
Tests are included in the library unit tests for parsing the specification strings; we have also included a test for the gpgv method to ensure that it produces the correct outcome for both 'next' and 'future' revoked keys.

The manual test cases are the same as for LP: #2060721.

Test Case A: Existing noble system (warning)

0. Update an existing noble container to the new APT
1. Observe/etc/apt/apt.conf.d/00-temporary-rsa1024 being created
2. Add a PPA with an old 1024-bit signing key
3. Run apt update
4. Observe that the PPA is updated with a warning

Test Case B: New noble system (error)

0. Bootstrap a new noble system including apt from proposed (using e.g. mmdebstrap)
1. Observe NO /etc/apt/apt.conf.d/00-temporary-rsa1024
2. Add a PPA with an old 1024-bit signing key
3. Run apt update
4. Observe that the PPA is not updated, but the other repositories are

Test Case C: mantic -> noble (error)

0. Upgrade mantic to noble w/ apt from proposed, observe behavior as in B

Test Case D: jammy -> noble (error)

0. Upgrade jammy to noble w/ apt from proposed, observe behavior as in B

[Where problems could occur]
There could of course be bugs in the implementation of the new feature; this could result in verification of files failing. This also happens if you specify an invalid `next` or `future` string.

There cannot be any false positives: The new levels are only *additional* checks, anything not in the `Assert-Pubkey-Algo` list is still revoked.

tags: added: foundations-todo
Changed in apt (Ubuntu):
assignee: nobody → Julian Andres Klode (juliank)
Revision history for this message
Julian Andres Klode (juliank) wrote :
summary: - Only revoke RSA explicitly
+ More nuanced public key algorithm revocation
Changed in apt (Ubuntu Noble):
milestone: none → ubuntu-24.04.1
description: updated
description: updated
description: updated
description: updated
description: updated
Changed in apt (Ubuntu Oracular):
status: New → Fix Committed
tags: added: regression-proposed
description: updated
description: updated
description: updated
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Julian, or anyone else affected,

Accepted apt into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.8.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in apt (Ubuntu Noble):
status: New → Fix Committed
tags: added: verification-needed verification-needed-noble
Revision history for this message
Timo Aaltonen (tjaalton) wrote (last edit ):

this upload is not to be accepted to -updates before the discussion on ubuntu-release@ is concluded

tags: added: block-proposed
tags: added: block-proposed-noble
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (apt/2.8.1)

All autopkgtests for the newly accepted apt (2.8.1) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

apport/2.28.1-0ubuntu3 (s390x)
auto-apt-proxy/14.1 (armhf, s390x)
cron/3.0pl1-184ubuntu2 (arm64)
dgit/11.8 (arm64)
gcc-10/10.5.0-4ubuntu2 (arm64)
gcc-11/11.4.0-9ubuntu1 (armhf)
gcc-13/13.2.0-23ubuntu4 (arm64, armhf)
gcc-13/unknown (s390x)
gcc-14/14-20240412-0ubuntu1 (armhf)
gcc-snapshot/1:20240117-1ubuntu1 (arm64, armhf)
ubiquity/24.04.5 (armhf)
update-notifier/unknown (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Timo Aaltonen (tjaalton)
tags: removed: block-proposed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 2.9.7

---------------
apt (2.9.7) unstable; urgency=medium

  [ sid ]
  * Show installed version (not candidate version) while removing a package

  [ David Kalnischkies ]
  * Parse snapshot option for apt show/list (Closes: #1075819)

  [ Frans Spiesschaert ]
  * Dutch program translation update (Closes: #1075874)
  * Dutch manpages translation update (Closes: #1075875)

  [ Michał Kułach ]
  * Polish program translation update (Closes: #1075975)

  [ Julian Andres Klode ]
  * worker: Add an audit level to log audit messages
  * gpgv: Add a LaterWorthless level, a SoonWorthless but at 'audit' level
  * gpgv: Add IsAssertedPubKeyAlgo() function
  * Only revoke weak RSA keys for now, add 'next' and 'future' levels
    (LP: #2073126)
  * solver3: Refactor Reason.Pkg()/Reason.Ver() use with iterator
  * Add note that redundant 'CLI interface' is intentional

 -- Julian Andres Klode <email address hidden> Tue, 30 Jul 2024 13:19:24 +0900

Changed in apt (Ubuntu Oracular):
status: Fix Committed → Fix Released
Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello Julian, or anyone else affected,

Accepted apt into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.8.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (apt/2.8.2)

All autopkgtests for the newly accepted apt (2.8.2) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

apport/2.28.1-0ubuntu3.1 (armhf)
apt/2.8.2 (armhf, s390x)
auto-apt-proxy/14.1 (ppc64el, s390x)
cron/3.0pl1-184ubuntu2 (arm64, s390x)
dgit/11.8 (arm64, s390x)
gcc-11/11.4.0-9ubuntu1 (arm64)
gcc-12/12.3.0-17ubuntu1 (amd64, s390x)
gcc-13/13.2.0-23ubuntu4 (arm64, armhf)
gcc-14/unknown (armhf, s390x)
gcc-snapshot/1:20240117-1ubuntu1 (amd64, arm64, s390x)
open-build-service/unknown (armhf, s390x)
postgresql-debversion/unknown (s390x)
python-apt/unknown (s390x)
reportbug/unknown (s390x)
reprotest/unknown (s390x)
ubuntu-advantage-tools/unknown (s390x)
unattended-upgrades/unknown (s390x)
update-notifier/unknown (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

description: updated
description: updated
description: updated
Changed in apt (Ubuntu Noble):
milestone: ubuntu-24.04.1 → none
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.