Ubuntu
apt package

Bug #356012
Comment #3

Comment 3 for bug 356012

Revision history for this message

Michael Vogt (mvo) wrote on 2009-04-06: Re: [SECURITY] APT does not properly handle expired or revoked key signatures

So it seems validsig is written on the status-fd but no goodsig for revoked/expired keys, here is what I see (I ran it with both gpgv and gpg to be able to compare the output):

Here is what gpgv/gpg outputs (on the status fd):

[valid]
$ gpgv --status-fd 1 --keyring /etc/apt/trusted.gpg /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_jaunty_Release.gpg /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_jaunty_Release
gpgv: Signature made 2009-01-21T20:40:58 CET using DSA key ID 437D05B5
[GNUPG:] SIG_ID yBuoChDxaZ0UKcDy7tLCPl5qQ2M 2009-01-21 1232566858
[GNUPG:] GOODSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key <email address hidden>"
[GNUPG:] VALIDSIG 630239CC130E1A7FD81A27B140976EAF437D05B5 2009-01-21 1232566858 0 3 0 17 2 00 630239CC130E1A7FD81A27B140976EAF437D05B5

$ gpg --verify --status-fd 1 --keyring /etc/apt/trusted.gpg /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_jaunty_Release.gpg /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_jaunty_Release
gpg: WARNING: unsafe ownership on configuration file `/home/egon/.gnupg/gpg.conf'
gpg: Signature made 2009-01-21T20:40:58 CET using DSA key ID 437D05B5
[GNUPG:] SIG_ID yBuoChDxaZ0UKcDy7tLCPl5qQ2M 2009-01-21 1232566858
[GNUPG:] GOODSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
gpg: Good signature from "Ubuntu Archive Automatic Signing Key <email address hidden>"
[GNUPG:] VALIDSIG 630239CC130E1A7FD81A27B140976EAF437D05B5 2009-01-21 1232566858 0 3 0 17 2 00 630239CC130E1A7FD81A27B140976EAF437D05B5
[GNUPG:] TRUST_UNDEFINED
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6302 39CC 130E 1A7F D81A 27B1 4097 6EAF 437D 05B5

[expired]
$ gpgv --status-fd 1 expired/lala.sig expired/lala
gpgv: Signature made Wed Apr 1 19:40:00 2009 UTC using DSA key ID 89F9D59A
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] SIG_ID Kzi0hzrQmTz3f+1M7m1VKTMAyeA 2009-04-01 1238614800
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] EXPKEYSIG 17427FB989F9D59A foo bar baz <email address hidden>
gpgv: Good signature from "foo bar baz <email address hidden>"
[GNUPG:] VALIDSIG 526A66FC781E11945CC532A817427FB989F9D59A 2009-04-01 1238614800 0 4 0 17 2 00 526A66FC781E11945CC532A817427FB989F9D59A

$ gpg --status-fd 1 --verify expired/lala.sig expired/lala
gpg: Signature made Wed Apr 1 19:40:00 2009 UTC using DSA key ID 89F9D59A
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] SIG_ID Kzi0hzrQmTz3f+1M7m1VKTMAyeA 2009-04-01 1238614800
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] EXPKEYSIG 17427FB989F9D59A foo bar baz <email address hidden>
gpg: Good signature from "foo bar baz <email address hidden>"
[GNUPG:] VALIDSIG 526A66FC781E11945CC532A817427FB989F9D59A 2009-04-01 1238614800 0 4 0 17 2 00 526A66FC781E11945CC532A817427FB989F9D59A
gpg: Note: This key has expired!
Primary key fingerprint: 526A 66FC 781E 1194 5CC5 32A8 1742 7FB9 89F9 D59A

[revoked]
$ gpgv --status-fd 1 revoked/lala.sig revoked/lala
gpgv: Signature made Mon Apr 6 20:05:24 2009 UTC using DSA key ID F13DB0C7
[GNUPG:] SIG_ID N7mrHuYJMd7pJVOrb8nj90UIYkA 2009-04-06 1239048324
[GNUPG:] REVKEYSIG 3E55466FF13DB0C7 revoke key2 <email address hidden>
gpgv: Good signature from "revoke key2 <email address hidden>"
[GNUPG:] VALIDSIG F455CC776CFB2F4AD4FB4AB13E55466FF13DB0C7 2009-04-06 1239048324 0 4 0 17 2 00 F455CC776CFB2F4AD4FB4AB13E55466FF13DB0C7

$ gpg --status-fd 1 --verify revoked/lala.sig revoked/lala
gpg: Signature made Mon Apr 6 20:05:24 2009 UTC using DSA key ID F13DB0C7
[GNUPG:] SIG_ID N7mrHuYJMd7pJVOrb8nj90UIYkA 2009-04-06 1239048324
gpg: checking the trustdb
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 3 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 3u
[GNUPG:] REVKEYSIG 3E55466FF13DB0C7 revoke key2 <email address hidden>
gpg: Good signature from "revoke key2 <email address hidden>"
[GNUPG:] VALIDSIG F455CC776CFB2F4AD4FB4AB13E55466FF13DB0C7 2009-04-06 1239048324 0 4 0 17 2 00 F455CC776CFB2F4AD4FB4AB13E55466FF13DB0C7
[GNUPG:] KEYREVOKED
gpg: WARNING: This key has been revoked by its owner!
gpg: This could mean that the signature is forged.
gpg: reason for revocation: Key has been compromised
gpg: revocation comment: test-revoke-reason
[GNUPG:] TRUST_ULTIMATE

So it seems validsig is written on the status-fd but no goodsig for revoked/expired keys, here is what I see (I ran it with both gpgv and gpg to be able to compare the output):

Here is what gpgv/gpg outputs (on the status fd):

[valid]
$ gpgv --status-fd 1 --keyring /etc/apt/trusted.gpg /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_jaunty_Release.gpg /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_jaunty_Release
gpgv: Signature made 2009-01-21T20:40:58 CET using DSA key ID 437D05B5
[GNUPG:] SIG_ID yBuoChDxaZ0UKcDy7tLCPl5qQ2M 2009-01-21 1232566858
[GNUPG:] GOODSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
gpgv: Good signature from "Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>"
[GNUPG:] VALIDSIG 630239CC130E1A7FD81A27B140976EAF437D05B5 2009-01-21 1232566858 0 3 0 17 2 00 630239CC130E1A7FD81A27B140976EAF437D05B5

$ gpg --verify --status-fd 1 --keyring /etc/apt/trusted.gpg /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_jaunty_Release.gpg /var/lib/apt/lists/archive.canonical.com_ubuntu_dists_jaunty_Release
gpg: WARNING: unsafe ownership on configuration file `/home/egon/.gnupg/gpg.conf'
gpg: Signature made 2009-01-21T20:40:58 CET using DSA key ID 437D05B5
[GNUPG:] SIG_ID yBuoChDxaZ0UKcDy7tLCPl5qQ2M 2009-01-21 1232566858
[GNUPG:] GOODSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
gpg: Good signature from "Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>"
[GNUPG:] VALIDSIG 630239CC130E1A7FD81A27B140976EAF437D05B5 2009-01-21 1232566858 0 3 0 17 2 00 630239CC130E1A7FD81A27B140976EAF437D05B5
[GNUPG:] TRUST_UNDEFINED
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6302 39CC 130E 1A7F D81A  27B1 4097 6EAF 437D 05B5

[expired]
$ gpgv --status-fd 1 expired/lala.sig expired/lala 
gpgv: Signature made Wed Apr  1 19:40:00 2009 UTC using DSA key ID 89F9D59A
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] SIG_ID Kzi0hzrQmTz3f+1M7m1VKTMAyeA 2009-04-01 1238614800
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] EXPKEYSIG 17427FB989F9D59A foo bar baz <foo@bar.com>
gpgv: Good signature from "foo bar baz <foo@bar.com>"
[GNUPG:] VALIDSIG 526A66FC781E11945CC532A817427FB989F9D59A 2009-04-01 1238614800 0 4 0 17 2 00 526A66FC781E11945CC532A817427FB989F9D59A

$ gpg --status-fd 1 --verify expired/lala.sig expired/lala
gpg: Signature made Wed Apr  1 19:40:00 2009 UTC using DSA key ID 89F9D59A
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] SIG_ID Kzi0hzrQmTz3f+1M7m1VKTMAyeA 2009-04-01 1238614800
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
[GNUPG:] EXPKEYSIG 17427FB989F9D59A foo bar baz <foo@bar.com>
gpg: Good signature from "foo bar baz <foo@bar.com>"
[GNUPG:] VALIDSIG 526A66FC781E11945CC532A817427FB989F9D59A 2009-04-01 1238614800 0 4 0 17 2 00 526A66FC781E11945CC532A817427FB989F9D59A
gpg: Note: This key has expired!
Primary key fingerprint: 526A 66FC 781E 1194 5CC5  32A8 1742 7FB9 89F9 D59A

[revoked]
$ gpgv --status-fd 1 revoked/lala.sig revoked/lala
gpgv: Signature made Mon Apr  6 20:05:24 2009 UTC using DSA key ID F13DB0C7
[GNUPG:] SIG_ID N7mrHuYJMd7pJVOrb8nj90UIYkA 2009-04-06 1239048324
[GNUPG:] REVKEYSIG 3E55466FF13DB0C7 revoke key2 <revoke2@example.com>
gpgv: Good signature from "revoke key2 <revoke2@example.com>"
[GNUPG:] VALIDSIG F455CC776CFB2F4AD4FB4AB13E55466FF13DB0C7 2009-04-06 1239048324 0 4 0 17 2 00 F455CC776CFB2F4AD4FB4AB13E55466FF13DB0C7

$ gpg --status-fd 1 --verify revoked/lala.sig revoked/lala
gpg: Signature made Mon Apr  6 20:05:24 2009 UTC using DSA key ID F13DB0C7
[GNUPG:] SIG_ID N7mrHuYJMd7pJVOrb8nj90UIYkA 2009-04-06 1239048324
gpg: checking the trustdb
[GNUPG:] KEYEXPIRED 1238701001
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   3  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 3u
[GNUPG:] REVKEYSIG 3E55466FF13DB0C7 revoke key2 <revoke2@example.com>
gpg: Good signature from "revoke key2 <revoke2@example.com>"
[GNUPG:] VALIDSIG F455CC776CFB2F4AD4FB4AB13E55466FF13DB0C7 2009-04-06 1239048324 0 4 0 17 2 00 F455CC776CFB2F4AD4FB4AB13E55466FF13DB0C7
[GNUPG:] KEYREVOKED
gpg: WARNING: This key has been revoked by its owner!
gpg:          This could mean that the signature is forged.
gpg: reason for revocation: Key has been compromised
gpg: revocation comment: test-revoke-reason
[GNUPG:] TRUST_ULTIMATE

Ubuntuapt package

Comment 3 for bug 356012

Ubuntu
apt package