Automatic printer driver download should support signed packages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
jockey (Ubuntu) |
Fix Released
|
Medium
|
Martin Pitt | ||
Natty |
Fix Released
|
Medium
|
Martin Pitt |
Bug Description
We have decided on doing signing of printer driver packages as described on
section "Build a trusted path to distributions", point 3.
I have completed the support for signed packages on the OpenPrinting web site now. Manufacturers provide the signature key fingerprints are on their https://... web sites and the links to them are registered in the OpenPrinting database following this scheme:
In the Foomatic XML files for the drivers one simply adds 'fingerprint="[URL of key fingerprint]"' to the <package> tags. See the README files of foomatic-db and foomatic-db-engine.
Then on the OpenPrinting web site there appear "Signed" links. These links, lead to the correct key fingerprint as referenced in the Foomatic XML file. The links appear near all package download links, on both printer and driver pages. For an example see
http://
http://
Also the web query API makes the URLs to the key fingerprints available. See
http://
for an example (<fingerprint> tags). Note that only the epson-escpr driver has signed packages, the gutenprint packages are not signed.
In addition, a new "onlysigneddriv
See the example:
Here you see that only packages of the epson-escpr driver are listed, and no packages of gutenprint, because only the epson-escpr packages are signed.
Can you add appropriate signature support to Jockey? If other packages need to be changed (like trusted signature lists), please add an appropriate task to this bug report.
Related branches
Changed in jockey (Ubuntu): | |
assignee: | nobody → Martin Pitt (pitti) |
Changed in jockey (Ubuntu): | |
status: | New → Triaged |
Changed in jockey (Ubuntu): | |
status: | Triaged → In Progress |
assignee: | Martin Pitt (pitti) → Till Kamppeter (till-kamppeter) |
Changed in jockey (Ubuntu): | |
assignee: | Till Kamppeter (till-kamppeter) → Martin Pitt (pitti) |
tags: |
added: patch-rejected removed: patch |
Changed in jockey (Ubuntu): | |
status: | Triaged → Fix Committed |
Attached is a patch which also accepts signed packages from the OpenPrinting web server.