Ubuntu
simplestreams package

Should use /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg if available for simplestreams validation

Bug #2011549 reported by Dimitri John Ledkov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Juju
Incomplete
Undecided
Unassigned
juju (Ubuntu)
Invalid
Undecided
Unassigned
simplestreams (Ubuntu)
New
Undecided
Unassigned

Bug Description

Should use /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg if available, instead of default user's keyrings.

Dimitri John Ledkov (xnox)
summary: Should use /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg if
- available
+ available for simplestreams validation
Revision history for this message
Ian Booth (wallyworld) wrote :

Can you describe the juju part of the bug? Juju is compiled with a public key which it uses to validate the inline signed json metadata containing the hash of the simplestreams agent binary. To my knowledge juju does not need or attempt to access any keyrings to do this.

Changed in juju (Ubuntu):
status: New → Invalid
Changed in juju:
status: New → Incomplete
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Dimitri,
the report is a bit ... short :-)
As you see in the question by Ian it isn't as clear to everyone else what you had in mind.
Hence let me also add a few clarifying questions.

Some Tools already default to the requested keyring:
  DEFAULT_KEYRING = "/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg"
That covers:
- bin/sstream-query
- bin/sstream-mirror-glance

And there is an argument that one can override if needed:
    parser.add_argument('--keyring', action='store', default=DEFAULT_KEYRING,
                        help='The keyring for gpg --keyring')

Others still have the --keyring argument, but have no default.
If the user specifies no --keyring it will use the default in their call to read_signed.
This covers:
- bin/sstream-sync
- bin/sstream-mirror

The actual function doing that is at
util.py:279
  279 def read_signed(content, keyring=None, checked=True):
  280 # ensure that content is signed by a key in keyring.
  281 # if no keyring given use default.

And "default" here means do not pass --keyring to gpg which is leading to the user keyring.

So are you asking for something like this?:
(maybe a bit smarter checking if the file exists)
$ git diff
diff --git a/simplestreams/util.py b/simplestreams/util.py
index 160e592..6ea1d9d 100644
--- a/simplestreams/util.py
+++ b/simplestreams/util.py
@@ -276,7 +276,8 @@ def has_gpgv():
     return _HAS_GPGV

-def read_signed(content, keyring=None, checked=True):
+DEFAULT_KEYRING = "/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg"
+def read_signed(content, keyring=DEFAULT_KEYRING, checked=True):
     # ensure that content is signed by a key in keyring.
     # if no keyring given use default.
     if content.startswith(PGP_SIGNED_MESSAGE_HEADER):

If that is what you ask, that will not be SRUed as it would change behavior.
Or is there an impact/reason that makes this SRUable?

Furthermore: The current partial default to that keyring came in by snap packaging [1] which also has a hard dep [2]. While suggesting the change to use ubuntu-cloudimage-keyring.gpg by default everywhere, do you think we should grow a dependency in the .deb to ubuntu-keyring (might overall be even better than some if-exists code).

And finally, I asked on MM but didn't see a response yet.
Is that:
- a report that you'll be working on yourself
- a report that you filed and expect to be solved under some deadline?
- a report that you filed as you've seen it, but has no particular urgency?

[1]: https://git.launchpad.net/simplestreams/commit/?id=c7220244197b484b78aac9b68e0d7ea4415a7d1d
[2]: https://git.launchpad.net/simplestreams/tree/snap/snapcraft.yaml#n55

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.