Requirements of the tool (dpkg) support for signed packages
Which are the requirements for package signing?
I have some ideas, I hope you find them useful, at least for starting a
discussion...:
* Generic semantics for package signing with as little hardcoded Debian
policy as posible.
Rationale: dpkg is not only used by Debian anymore. dpkg should be a
generic packaging tool. Besides this would give us greater flexibility.
On top of this raw functionality, there would be something that will
define what a trusted package means. Wether this would be part of dpkg
or part of apt can be discussed. But it would be nice to have these to
"levels": as I said, dpkg should be as a generic packaging tool as
posible.
* Multiple signatures. Each step in the chain should be able to add a
signature for the package.
Rationale: Packages should signed by the maintainer (or the
auto-builder) and dinstall. Even more: a big site could add one more
signature in order to "bless" packages (this could be used to implement
some computer-lab management system, dunno). The security policy which
defines what does "trusted" mean would be implemented at the client (by
a tool or by the user), so the package should provide as much signature
info as it can.
* The signature must be included *inside* the deb.
Rationale: To make make security transparent to the newbie. To prevent
the distribution of a .deb without the sig.
* Not only do the package files need to be signed, but also the control
files.
Rationale: It's trivial to invent something to sign the data.tar.gz, but
that would be clearly wrong. The maintainer address, the dependencies
and the maintainer scripts must be signed too. I would even say that the
sign tool should sign every component of the ar file, allowing for
future expansion. If we add more components to the ar they should be
signed too. Signature components would have to be excempted of being
signed.
* Backward compatibility would be important. Packages in woody should be
able to be unpacked with a potato dpkg.
Rationale: People will need to upgrade to woody someday. =)
Reply to: