This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
[PATCH setup draft 0/4] Improve setup.ini validation
- From: Ken Brown <kbrown at cornell dot edu>
- To: cygwin-apps at cygwin dot com
- Date: Mon, 11 Dec 2017 16:41:32 -0500
- Subject: [PATCH setup draft 0/4] Improve setup.ini validation
- Authentication-results: sourceware.org; auth=none
This patch series presupposes the one posted starting at [1].
Currently, signatures are verified using the cygwin signing key and
other keys supplied by the user. Validation with any key is accepted.
This patch series makes the following changes:
- For official cygwin mirrors (those listed in mirrors.lst), only the
cygwin key is tried.
- For purported private mirrors (from the "last-mirror" user setting
or the "Add URL box" or the command line), the cygwin key is tried
first. If this fails, then the remaining keys are tried. If one
of these succeeds, then the site is silently reclassified (with a
message in the log file) as a 'user site' rather than a 'mirror'.
The change takes effect on the next setup run or when the user
selects 'Back'.
- If the user turns off signature validation with the -X option, a
weaker check is done: We look for "release: cygwin" in the
setup.ini file. If that fails for an official mirror, the file is
rejected. If it fails for a purported private mirror, the site is
silently reclassified, as above.
The reclassification is done silently because it could easily be
necessary, through no fault of the user. There are three reasons for
this. First, the distinction between mirrors and user sites is new,
and it will take time for users to become accustomed to it. Second,
for setup.rc files that were written before [1], "last-mirror"
includes all selected sites, whether mirrors or not. Finally, sites
specified on the command line are initially assumed to be mirrors
until we can perform the above checks.
[1] https://sourceware.org/ml/cygwin-apps/2017-12/msg00051.html
Ken Brown (4):
Allow validation of signatures using the cygwin key only
Insist on cygwin signing key for official mirrors
Try cygwin signing key for private mirrors
If signature validation is turned off, check 'release:' tag
crypto.cc | 5 ++--
crypto.h | 3 ++-
ini.cc | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
res.rc | 1 +
resource.h | 1 +
site.h | 2 ++
6 files changed, 87 insertions(+), 12 deletions(-)
--
2.15.1