Re: apt security model
On Fri, Dec 03, 2004 at 08:42:18PM -0500, Daniel Burrows wrote:
> Hi,
Hi,
> I'm poking around at the new security stuff in apt 0.6, and I have
> a quick question: What exactly is the purpose of the IndexFile
> class, and how does it behave?
The metaIndex will always try to download a Release.gpg along with the
Release file. That is passed to the to the gpgv method to verify the
signature of the Release file (against the trusted keys in
/etc/apt/trusted.gpg). If that is successful the source is
"trusted". If not, the Release.gpg file is removed from the apt lists
directory and the source is not trusted.
> For instance, pkgAcqArchive::IsTrusted appears to assume that some
> index file will always be available for a given Version. Is that
> true? I mention this method because if no index file is found, it
> returns "true", so a complete lack of index files -- meaning nothing
> to check for trustedness -- results in the routine reporting that
> the item is trusted. If it was possible that no index files would
> be available, I would expect this to return "false", unless I
> completely misunderstand what's going on.
The latest version does no longer contains that lines. It now starts
with Trusted=false and if it finds a trusted source, it will switch to
"package is trusted" mode. That means it will only download it from a
trusted source (for cases like when the package is available from
various sources).
The code is available in Matt's arch archive [1] at
http://people.debian.org/~mdz/arch. You need tla or baz
(http://bazaar.canonical.com/). The archive name is
apt@packages.debian.org/apt--authentication--0.
thanks,
Michael
[1] http://lists.debian.org/deity/2004/09/msg00057.html
--
The first rule of holes is: when you find yourself in one, stop digging. - PJ
Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo
Reply to: