From unknown Mon Aug 18 19:34:47 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#77667] guix-install.sh: Check fingerprint of downloaded PGP keys before importing Resent-From: Scott Tankard Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 09 Apr 2025 08:00:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 77667 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 77667@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.174418560014121 (code B ref -1); Wed, 09 Apr 2025 08:00:03 +0000 Received: (at submit) by debbugs.gnu.org; 9 Apr 2025 08:00:00 +0000 Received: from localhost ([127.0.0.1]:37178 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u2QLn-0003ff-TM for submit@debbugs.gnu.org; Wed, 09 Apr 2025 04:00:00 -0400 Received: from lists.gnu.org ([2001:470:142::17]:58788) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u2LEW-00013j-6x for submit@debbugs.gnu.org; Tue, 08 Apr 2025 22:32:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u2LEQ-0004pL-8s for guix-patches@gnu.org; Tue, 08 Apr 2025 22:32:02 -0400 Received: from mail-pg1-x533.google.com ([2607:f8b0:4864:20::533]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1u2LEO-0007IY-1u for guix-patches@gnu.org; Tue, 08 Apr 2025 22:32:02 -0400 Received: by mail-pg1-x533.google.com with SMTP id 41be03b00d2f7-af50f56b862so4298344a12.1 for ; Tue, 08 Apr 2025 19:31:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1744165918; x=1744770718; darn=gnu.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=9CwkVWL7KIBa3u8N3QzJFg1dWRI203PPUUc2LVwo5pU=; b=IZLAxz4y9LBW+0KeMnpL+foCTrP4Mabao8HZltTseae1Vjop66YGwW5L++JjLym+cU pR9oFhXQZ5lVzt6oR+RXX0IYwx4zDSa/7RK2tDDaXiacrFgrZSc2viG6RA9jvrIUGOm4 vIq8DPzuzlVdwkWZ8K2mkm34H7+2ziFaDx3q9EpViTjxJ4t8mMONDgaBa9kM4cbwnIIT /jVXgOFXe28nSXUim9IIzdkKvjBU4bytlCrLu0JPQesxd9i9YZ/lPP0BW+CDL4WYgjkT 9EYe9hiGEqF2OX6kyB2JjUj00affTIl7otBy7Ot2X9Kl88rAto60sIIeYhdDkd9did4n MmIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744165918; x=1744770718; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=9CwkVWL7KIBa3u8N3QzJFg1dWRI203PPUUc2LVwo5pU=; b=MeYwqe5gXU8cIQMl1IaHtC7h1p9mYlmtQq2IUjdseVU1b47ZAphBnNZXYyxRzGgr3c e7EupSKScGjuKu9wPiDuQAk6hOc6XcOUcsu73WIYN8lWHCT0NJRy9pPW3eq1Zsm16r49 YqTGKCltGMIOJbuOJzoj83PxiO9kzcJAnK7Ye7aDgMJ2WYo2mEiYmnuZ2/cStDdQkVug wA5HjKgSuLAieZUGdMPaMRlJ09LN8MV9cQDm00vBhloYugnu+ydQOYU6Os9lVws19HyP KrFqrm0tDU0FVjiHgV1sH9WQNzoKckarstobdd25NImiXcyasoP2/TgW0QLss/tAaVlB sx/w== X-Gm-Message-State: AOJu0Yxdg1Qvm1/1PPbM7e91AT5Qyj2LCOOW70YKXDEf5arPADNG8S9c yK6FmKE3UDQ895g8zBWwdlSy4tAHEfbIxP7YjW4wZspX3LhMK2Ko0LqyyuANLlJVjAIPqMy6K5D LvxMNZZJH0J8KWbD2t0UADUWmLKAeUQ== X-Gm-Gg: ASbGncvxVlO7r+FbJDkjD5Dit61+K/bF/aIzXy1akINNC8TrwF0+/Bba7tE+2jvRSGH ef64KvqzmRdcwLOmU+3Nj5+7GRKORU18V2g14q4fwJTwWuRfqfZXxrMKe5gcDRndjFFxnPA78ld FCoegcYhUw3qCIqro/n2/fNqZ1pA== X-Google-Smtp-Source: AGHT+IFOV6yUEx1ntet05+PxiLoXc1G4tk+vruVUZEyiFTY7FvWGiVRa+8mi7px/n9cS3r2pTxuEym2AK0oJfVkRjQs= X-Received: by 2002:a05:6a20:c89b:b0:1f5:79c4:5da2 with SMTP id adf61e73a8af0-2015afdb49cmr1265603637.31.1744165917656; Tue, 08 Apr 2025 19:31:57 -0700 (PDT) MIME-Version: 1.0 From: Scott Tankard Date: Tue, 8 Apr 2025 19:30:00 -0700 X-Gm-Features: ATxdqUHEPG3DV5vxZdlUg9_-sAgBJY7r3Y7BgMDI9F7Zdi5SC_yr4ONJaa9N0wA Message-ID: Content-Type: multipart/mixed; boundary="000000000000f3a7c806324f4567" Received-SPF: pass client-ip=2607:f8b0:4864:20::533; envelope-from=sptankard@gmail.com; helo=mail-pg1-x533.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Mailman-Approved-At: Wed, 09 Apr 2025 03:59:58 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --000000000000f3a7c806324f4567 Content-Type: multipart/alternative; boundary="000000000000f3a7c706324f4565" --000000000000f3a7c706324f4565 Content-Type: text/plain; charset="UTF-8" Hello, First of all, a thank you to all those who make Guix. Attached is a patch for etc/guix-install.sh. With this patch, the script checks the fingerprint of the downloaded PGP keyfiles, before importing them. This patch is a rough draft. (This is not yet an actual patch submission.) The patch is against commit 6a2a78fde19683f07c8b10f492cda67447bc99eb or similar: https://git.savannah.gnu.org/cgit/guix.git/tree/etc/guix-install.sh?id=6a2a78fde19683f07c8b10f492cda67447bc99eb ## Background I noticed that while the script does already include hardcoded PGP fingerprints, it does not use those fingerprints to check that downloaded keyfiles are correct before importing them. In current implementation: The fingerprints are only used to check whether keys are already present in keyring. If keys are not present, they are downloaded from savannah.gnu.org and directly imported, without checking the fingerprints. This means that if for any reason an incorrect keyfile is received from the server (for example, if the server is compromised), then the incorrect key will be imported. The script guix-install.sh effectively serves as a root of trust for bootstrapping the installation. With this patch, it can do so more reliably. This also means that for example, a user can pin the guix-install.sh file by checksum, and rely on that checksum to ensure integrity of the entire guix installation and all packages. (Of course, this is assuming there are no other breaks in the chain further on.) Cf. also a prior issue ( https://issues.guix.gnu.org/34125) that mentioned securing the install script with a gpg signature... pinning by checksum seems more versatile for certain contexts. ## Implementation details The patch adds two new functions: get_gpg_fpr_of_keyfile import_key It also includes modifications to two functions: chk_gpg_keyring main The current implementation of get_gpg_fpr_of_keyfile() includes some unsightly grep regexes. It could be made simpler by using awk -- this would mean adding awk into REQUIRES. If that's acceptable, I can submit a revised patch. ## Additional notes I have tested this patch ad-hoc/manually. I didn't find any automated tests for guix-install.sh, but let me know if I missed them. I am unsure of whether it is possible for a malicious keyfile to spoof its fingerprint, whether gpg can be trusted to accurately report a keyfile's fingerprint, and for what versions of GPG. I haven't looked into it. In any case, checking seems better than not checking. In case someone suggests just completely changing to `gpg --recv-keys` instead... I think the combination of download from URL + verify fingerprint is superior, in that it includes two verification factors, one of which (the URL) is actually human-readable. --000000000000f3a7c706324f4565 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,

First of all, a thank you to= all those who make Guix.

Attached is a patch for = etc/guix-install.sh. With this patch, the script checks the fingerprint of = the downloaded PGP keyfiles, before importing them.=C2=A0

This patch is a rough draft. (This is not yet an actual patch submi= ssion.) The patch is against commit 6a2a78fde19683f07c8b10f492cda67447bc99e= b or similar:

=
## Background

I noticed that while the = script does already include hardcoded PGP fingerprints, it does not use tho= se fingerprints to check that downloaded keyfiles are correct before import= ing them.=C2=A0

In current implementation: The fin= gerprints are only used to check whether keys are already present in keyrin= g. If keys are not present, they are downloaded from savannah.gnu.org and directly imported,= without checking the fingerprints. This means that if for any reason an in= correct keyfile is received from the server (for example, if the server is = compromised), then the incorrect key will be imported.

=
The script guix-install.sh effectively serves as a root of trust for b= ootstrapping the installation.=C2=A0With this patch, it can do so more reli= ably.=C2=A0

This also means that for example, a us= er can pin the guix-install.sh file by checksum, and rely on that checksum = to ensure integrity of the entire guix installation and all packages. (Of c= ourse, this is assuming there are no other breaks in the chain further on.)= Cf. also a prior issue (https://issues.guix.gnu.org/34125) that mentioned=20 securing the install script with a gpg signature... pinning by checksum=20 seems more versatile for certain contexts.

##= Implementation details

The patch adds two ne= w functions:
get_gpg_fpr_of_keyfile
import_key

It also includes modifications to two functions:
chk_gpg_keyring
main

The = current implementation of=C2=A0get_gpg_fpr_of_keyfile() includes some unsig= htly grep regexes. It could be made simpler by using awk -- this would mean= adding awk into REQUIRES. If that's acceptable, I can submit a revised= patch.

## Additional notes
I have tested this patch ad-hoc/manually. I didn't find any= automated tests for guix-install.sh, but let me know if I missed them.
=

I am unsure of whether it is possible for = a malicious keyfile to spoof its fingerprint, whether gpg can be trusted to= accurately report a keyfile's fingerprint, and for what versions of GP= G. I haven't looked into it. In any case, checking seems better than no= t checking.

In case someone suggests just comp= letely changing to `gpg --recv-keys` instead... I think the combination of = download from URL + verify fingerprint is superior, in that it includes two= verification factors, one of which (the URL) is actually human-readable.= =C2=A0

--000000000000f3a7c706324f4565-- --000000000000f3a7c806324f4567 Content-Type: application/x-patch; name="guix-install.patch" Content-Disposition: attachment; filename="guix-install.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_m999e8uz0 ZGlmZiAtLWdpdCBhL2V0Yy9ndWl4LWluc3RhbGwuc2ggYi9ldGMvZ3VpeC1pbnN0YWxsLnNoCmlu ZGV4IGI1ZDgzM2MuLjg3MTc4NDUgMTAwNzU1Ci0tLSBhL2V0Yy9ndWl4LWluc3RhbGwuc2gKKysr IGIvZXRjL2d1aXgtaW5zdGFsbC5zaApAQCAtMTA1LDYgKzEwNSwxMiBAQCBkZWNsYXJlIC1BIEdQ R19TSUdOSU5HX0tFWVMKIEdQR19TSUdOSU5HX0tFWVNbMTUxNDVdPTNDRTQ2NDU1OEE4NEZEQzY5 REI0MENGQjA5MEIxMTk5M0Q5QUVCQjUgICMgbHVkbwogR1BHX1NJR05JTkdfS0VZU1sxMjc1NDdd PTI3RDU4NkE0Rjg5MDA4NTQzMjlGRjA5RjEyNjBFNDY0ODJFNjM1NjIgIyBtYXhpbQogCisjIFRF U1RfRkFJTF9GRVRDSF9LRVk9bm8KKyMgaWYgWyAiJHtURVNUX0ZBSUxfRkVUQ0hfS0VZfSIgPSAn eWVzJyBdOyB0aGVuCisjIAlHUEdfU0lHTklOR19LRVlTWzE1MTQ1XT1BQUFBQUFBQUFBQUFBQUFB QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBCisjIAlHUEdfU0lHTklOR19LRVlTWzEyNzU0N109QkJC QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQgorIyBmaQorCiAjIC0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLQogIytVVElMSVRJRVMKIApAQCAtMTg5LDEyICsxOTUsNDkgQEAgYWRkX2lu aXRfc3lzX3JlcXVpcmUoKQogICAgIGZpCiB9CiAKK2dldF9ncGdfZnByX29mX2tleWZpbGUoKQor eworICAgIGxvY2FsIGtleWZpbGU9IiQxIgorICAgIGxvY2FsIHRtcF9kaXIKKyAgICB0bXBfZGly PSIkKG1rdGVtcCAtdCAtZCBndWl4LmdudXBnLnRtcGhvbWVkaXIuWFhYWFhYKSIKKyAgICBncGcg LXFxIC0taG9tZWRpciAiJHRtcF9kaXIiIC0tZHJ5LXJ1biAtLW5vLWtleXJpbmcgXAorICAgICAg ICAtLXdpdGgtY29sb25zIC0tc2hvdy1rZXlzICIka2V5ZmlsZSIgXAorICAgICAgICB8IGdyZXAg J15wdWI6JyAtQSAxIHwgdGFpbCAtbiAxIFwKKyAgICAgICAgfCBncmVwIC1vRSAnXihbXjpdKjop ezEwfScgfCBncmVwIC1vRSAnW146XSo6JCcgfCB0ciAtZCAnOicKKyAgICAjIGF3ayAtRjogJy9e cHViOi8geyBnZXRsaW5lOyBwcmludCAkMTAgfScKKworICAgICMgRXhwbGFuYXRpb246IEdldCB0 aGUgbGluZSBpbW1lZGlhdGVseSBhZnRlciB0aGUgbGluZSB0aGF0IHN0YXJ0cworICAgICMgd2l0 aCBgcHViOmAuIFRoZW4gZ2V0IHRoZSAxMHRoIGZpZWxkIGZyb20gdGhhdCBsaW5lLCB3aXRoIGNv bG9ucyBhcworICAgICMgZmllbGQgc2VwYXJhdG9ycy4KK30KKworIyBDaGVjayB0aGF0IGEga2V5 ZmlsZSBoYXMgZXhwZWN0ZWQgZmluZ2VycHJpbnQgYW5kIGltcG9ydCBpdCB0byBHUEcga2V5cmlu ZworIyBvbmx5IGlmIHNvLiBJZiBrZXlmaWxlIHBhdGggaXMgZ2l2ZW4gYXMgJy0nLCBpdCByZWFk cyBmcm9tIFNURElOLiBSZXR1cm5zIDAKKyMgb3IgMSBkZXBlbmRpbmcgaW4gaXRzIG91dGNvbWUs IHNvIGl0IGNhbiBiZSB1c2VkIGluIGNvbmRpdGlvbiB0ZXN0cy4KK2ltcG9ydF9rZXkoKQorewor ICAgIGxvY2FsIGtleWZpbGU9IiQxIgorICAgIGxvY2FsIGZwcj0iJDIiCisgICAgbG9jYWwgdG1w X2RpcgorCisgICAgWyAiJGtleWZpbGUiID0gIi0iIF0gJiYga2V5ZmlsZT0vZGV2L3N0ZGluCisg ICAgdG1wX2Rpcj0iJChta3RlbXAgLXQgLWQgZ3VpeC5ncGcuWFhYWFhYKSIKKyAgICBjcCAiJGtl eWZpbGUiICIkdG1wX2Rpci9rZXkuZ3BnIgorICAgICMgQ29weWluZyB0byBhIHRlbXAgZGlyIGVu c3VyZXMgbm8gdW5wcml2aWxlZ2VkIHByb2Nlc3MgY2FuIHRhbXBlcgorICAgICMgd2l0aCBpdCBi ZXR3ZWVuIHRoZSB0aW1lIHdlIGNoZWNrIHRoZSBmaW5nZXJwcmludCBhbmQgZ3BnLWltcG9ydCBp dC4KKyAgICBpZiBbICIkZnByIiA9ICIkKGdldF9ncGdfZnByX29mX2tleWZpbGUgIiR0bXBfZGly L2tleS5ncGciKSIgXTsgdGhlbgorICAgICAgICBncGcgLS1pbXBvcnQgIiR0bXBfZGlyL2tleS5n cGciICYmIHJldHVybiAwCisgICAgZmkKKyAgICByZXR1cm4gMQorfQorCiBjaGtfZ3BnX2tleXJp bmcoKQogeyAjIENoZWNrIHdoZXRoZXIgdGhlIEd1aXggcmVsZWFzZSBzaWduaW5nIHB1YmxpYyBr ZXkgaXMgcHJlc2VudC4KICAgICBfZGVidWcgIi0tLSBbICR7RlVOQ05BTUVbMF19IF0gLS0tIgog ICAgIGxvY2FsIHVzZXJfaWQKICAgICBsb2NhbCBncGdfa2V5X2lkCiAgICAgbG9jYWwgZXhpdF9m bGFnCisgICAgbG9jYWwgdG1wX2RpcgogCiAgICAgZm9yIHVzZXJfaWQgaW4gIiR7IUdQR19TSUdO SU5HX0tFWVNbQF19IjsgZG8KICAgICAgICAgZ3BnX2tleV9pZD0ke0dQR19TSUdOSU5HX0tFWVNb JHVzZXJfaWRdfQpAQCAtMjA5LDE3ICsyNTIsMTggQEAgV291bGQgeW91IGxpa2UgbWUgdG8gZmV0 Y2ggaXQgZm9yIHlvdT8iOyB0aGVuCiAgICAgICAgICAgICAjIFVzZSBhIHJlYXNvbmFibGUgdGlt ZS1vdXQgaGVyZSBzbyB1c2VycyBkb24ndCByZXBvcnQgc2lsZW50CiAgICAgICAgICAgICAjIOKA mGZyZWV6ZXPigJkgd2hlbiBTYXZhbm5haCBnb2VzIG91dCB0byBsdW5jaCwgYXMgaGFzIGhhcHBl bmVkLgogICAgICAgICAgICAgaWYgd2dldCAiaHR0cHM6Ly9zdi5nbnUub3JnL3Blb3BsZS92aWV3 Z3BnLnBocD91c2VyX2lkPSR1c2VyX2lkIiBcCi0gICAgICAgICAgICAgICAgICAgIC0tdGltZW91 dD0zMCAtLW5vLXZlcmJvc2UgLU8tIHwgZ3BnIC0taW1wb3J0IC07IHRoZW4KKyAgICAgICAgICAg ICAgICAtLXRpbWVvdXQ9MzAgLS1uby12ZXJib3NlIC1PIC0gfCBpbXBvcnRfa2V5IC0gIiRncGdf a2V5X2lkIjsgdGhlbgogICAgICAgICAgICAgICAgIGNvbnRpbnVlCiAgICAgICAgICAgICBmaQog ICAgICAgICBmaQotCSMgSWYgd2UgcmVhY2ggdGhpcyBwb2ludCwgdGhlIGtleSBpcyAoc3RpbGwp IG1pc3NpbmcuICBSZXBvcnQgZnVydGhlcgotCSMgbWlzc2luZyBrZXlzLCBpZiBhbnksIGJ1dCB0 aGVuIGFib3J0IHRoZSBpbnN0YWxsYXRpb24uCisgICAgICAgICMgSWYgd2UgcmVhY2ggdGhpcyBw b2ludCwgdGhlIGtleSBpcyAoc3RpbGwpIG1pc3NpbmcuICBSZXBvcnQgZnVydGhlcgorICAgICAg ICAjIG1pc3Npbmcga2V5cywgaWYgYW55LCBidXQgdGhlbiBhYm9ydCB0aGUgaW5zdGFsbGF0aW9u LgogICAgICAgICBfZXJyICJNaXNzaW5nIE9wZW5QR1AgcHVibGljIGtleSAoJGdwZ19rZXlfaWQp LgogRmV0Y2ggaXQgd2l0aCB0aGlzIGNvbW1hbmQ6CiAKLSAgd2dldCBcImh0dHBzOi8vc3YuZ251 Lm9yZy9wZW9wbGUvdmlld2dwZy5waHA/dXNlcl9pZD0kdXNlcl9pZFwiIC1PIC0gfCBcCi1zdWRv IC1pIGdwZyAtLWltcG9ydCAtIgord2dldCAnaHR0cHM6Ly9zdi5nbnUub3JnL3Blb3BsZS92aWV3 Z3BnLnBocD91c2VyX2lkPSR7dXNlcl9pZH0nIC1PIC0gfCBzdWRvIHNoICQwIGltcG9ydF9rZXkg LSAnJGdwZ19rZXlfaWQnCisKKyIKICAgICAgICAgZXhpdF9mbGFnPXllcwogICAgIGRvbmUKICAg ICBpZiBbICIkZXhpdF9mbGFnIiA9IHllcyBdOyB0aGVuCkBAIC0xMDMwLDE0ICsxMDc0LDE1IEBA IG1haW5fdW5pbnN0YWxsKCkKIAogbWFpbigpCiB7Ci0gICAgIyBleHBlY3Qgbm8gcGFyYW1ldGVy cwotICAgICMgb3IgJy0tdW5pbnN0YWxsJwogICAgIGlmIFsgMCAtZXEgJCMgXTsgdGhlbgogICAg ICAgICBtYWluX2luc3RhbGwKICAgICBlbHNlCi0gICAgICAgIGxvY2FsIHVuaW5zdGFsbF9mbGFn PSIkMSIKLSAgICAgICAgaWYgWyAnLS11bmluc3RhbGwnID0gIiR7dW5pbnN0YWxsX2ZsYWd9IiBd OyB0aGVuCisgICAgICAgIGxvY2FsIF9mbGFnPSIkMSIKKyAgICAgICAgaWYgWyAiJHtfZmxhZ30i ID0gJy0tdW5pbnN0YWxsJyBdOyB0aGVuCiAgICAgICAgICAgICBtYWluX3VuaW5zdGFsbAorICAg ICAgICBlbGlmIFsgIiR7X2ZsYWd9IiA9ICJpbXBvcnRfa2V5IiBdOyB0aGVuCisgICAgICAgICAg ICBpbXBvcnRfa2V5ICIkMiIgIiQzIiAmJiBleGl0IDAKKyAgICAgICAgICAgIGV4aXQgMQogICAg ICAgICBlbHNlCiAgICAgICAgICAgICBlY2hvICJ1bnN1cHBvcnRlZCBwYXJhbWV0ZXJzOiAkKiIK ICAgICAgICAgICAgIGV4aXQgMQo= --000000000000f3a7c806324f4567-- From unknown Mon Aug 18 19:34:47 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#77667] guix-install.sh: Check fingerprint of downloaded PGP keys before importing References: In-Reply-To: Resent-From: Scott Tankard Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 06 May 2025 03:44:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77667 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 77667@debbugs.gnu.org Received: via spool by 77667-submit@debbugs.gnu.org id=B77667.174650298421874 (code B ref 77667); Tue, 06 May 2025 03:44:04 +0000 Received: (at 77667) by debbugs.gnu.org; 6 May 2025 03:43:04 +0000 Received: from localhost ([127.0.0.1]:45301 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uC9Cx-0005gh-2l for submit@debbugs.gnu.org; Mon, 05 May 2025 23:43:04 -0400 Received: from mail-pj1-x1032.google.com ([2607:f8b0:4864:20::1032]:61947) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uC5TY-0001OL-0c for 77667@debbugs.gnu.org; Mon, 05 May 2025 19:43:57 -0400 Received: by mail-pj1-x1032.google.com with SMTP id 98e67ed59e1d1-3031354f134so3980650a91.3 for <77667@debbugs.gnu.org>; Mon, 05 May 2025 16:43:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746488629; x=1747093429; darn=debbugs.gnu.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=uT3tSDfhwI1Uhy3NF+qSRM63XIuPihtT9+hFULSO3O0=; b=R/1JlaimD7qCtcFCnLy+NLNWXrlvdKX+htkL0tLzMP/lkA98wsjA2uOPlNWg0x2AuI d6GDpIea7pDpdwe1qe/oLpTlYm+msOPYPKjh6Mf217Qp1tD25nxagAAJiunA8r0OcjOE LEacuQf97VduQAU9qP0kvEJaSOOXxUpxWF+U+jxXBU6CHT1ylJAL+jA0bWzK36GjgyXy bw6AMiqgpPszmHCrltELm/OmD2JH1E0dgHGPAx5FKt2ag8RoJsxHjwv750dcCj7bRH6S oUlC5daitlsCeONDy0qvfGzIBx3Xtn/79Ss5e7jkFEugqh3m/ufP0fTcmULlrFJI8mR6 kfiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746488629; x=1747093429; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=uT3tSDfhwI1Uhy3NF+qSRM63XIuPihtT9+hFULSO3O0=; b=mGZ4L3k9Ac4Npv8KT+Z2kOevaRK5nNohvl/LMUzkiqlTh5MLnCgSidI0HvgO8j4kvu Os4yTmyLUHyYxZUNpR0IVzH/n4/4J5B3dhUSz2xUpyEnsYjMS0QmTJxgcxnl1Db5XEL2 Dr/oyBknzaQUX/eV+RULJY1japyW2W5uJU7aiiqW8Mqhsl/uM1k2Eqe0xR4A9JQDdy+J 8QcAyEqzpuGkMKX06h7MxopZLaqbufGh5hDNrBLjHmhOTpV9QOrqnBlmiz0h3UrJy9Gh RvThw8JViLO7sxB4Tln2l+rbK8gSnhLStptO0FuvIPDeZZnCqQ1AJIxZr+9heW/VbpPb DDrg== X-Gm-Message-State: AOJu0YxD6F/F58bGvCejm4xCMRHww3jXkWxLUbSHG3kuXiSlNvQFZ3lH iEygqVaGGSqeEuWXK3eGv63Hk3fc6Y2MTKQpGrCAJr0v0jhDEhgYTXzpvgZ8gGt1iJ2rCkd1eYx ik8ZcQwoZxRQmkKMVGFeHLxNFyRyPUw== X-Gm-Gg: ASbGncuUCYCJpmy1yc4W+8EWQjRAHpPMSdAkBa9ibJS9nX4JoIlU5GOAwnX5dhJMxgJ EDiAA2wwG0haUu/6LGrCxKKmdMBwfL/c6KCZlN4tH7GqxW7WhSmK7NsagpImS8+OESZdoTmqrPy FTTl/VTsuEJJ4vBUWJvZJDXg== X-Google-Smtp-Source: AGHT+IHAV6ZFtrUNG+GYwSuXPlr3CRLvJkxeKRohn/nka8Xb8sGihDBItpovBzJn8OO40DvUUmPqVohV/XscZ2iOGNE= X-Received: by 2002:a17:90b:2c8e:b0:305:5f32:d9f5 with SMTP id 98e67ed59e1d1-30a6196c3ebmr15502089a91.7.1746488629017; Mon, 05 May 2025 16:43:49 -0700 (PDT) MIME-Version: 1.0 From: Scott Tankard Date: Mon, 5 May 2025 16:43:37 -0700 X-Gm-Features: ATxdqUH6U7wp3wKKaIefQyB_GSaAc5SPyFhcxpkZIX-2YHLdCyA3I-5YITV2RDQ Message-ID: Content-Type: multipart/mixed; boundary="000000000000565c0e06346c122b" X-Spam-Score: 0.0 (/) X-Mailman-Approved-At: Mon, 05 May 2025 23:42:59 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --000000000000565c0e06346c122b Content-Type: multipart/alternative; boundary="000000000000565c0d06346c1229" --000000000000565c0d06346c1229 Content-Type: text/plain; charset="UTF-8" The prior "patch" I sent was in fact a diff; this one is formatted with `git format-patch`. Content is almost exactly the same as the prior diff. --000000000000565c0d06346c1229 Content-Type: text/html; charset="UTF-8"
The prior "patch" I sent was in fact a diff; this one is formatted with `git format-patch`. Content is almost exactly the same as the prior diff.

--000000000000565c0d06346c1229-- --000000000000565c0e06346c122b Content-Type: text/x-patch; charset="UTF-8"; name="0001-guix-install.sh-Check-fingerprint-of-downloaded-PGP-.patch" Content-Disposition: attachment; filename="0001-guix-install.sh-Check-fingerprint-of-downloaded-PGP-.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mabpvv5l0 RnJvbSAwM2JhY2M2ZTkwMDYzYTNkNzUzNjUzNTRmMDM3ZGJiOTQzYjFhOThlIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiB1c2VyIDw+CkRhdGU6IE1vbiwgNSBNYXkgMjAyNSAxNjoyOToz MSAtMDcwMApTdWJqZWN0OiBbUEFUQ0hdIGd1aXgtaW5zdGFsbC5zaDogQ2hlY2sgZmluZ2VycHJp bnQgb2YgZG93bmxvYWRlZCBQR1Aga2V5cwogYmVmb3JlIGltcG9ydGluZwoKLS0tCiBldGMvZ3Vp eC1pbnN0YWxsLnNoIHwgNjQgKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKyst LS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgNTUgaW5zZXJ0aW9ucygrKSwgOSBkZWxldGlvbnMoLSkK CmRpZmYgLS1naXQgYS9ldGMvZ3VpeC1pbnN0YWxsLnNoIGIvZXRjL2d1aXgtaW5zdGFsbC5zaApp bmRleCBiNWQ4MzNjLi4yMjRmYTUwIDEwMDc1NQotLS0gYS9ldGMvZ3VpeC1pbnN0YWxsLnNoCisr KyBiL2V0Yy9ndWl4LWluc3RhbGwuc2gKQEAgLTEwNSw2ICsxMDUsMTIgQEAgZGVjbGFyZSAtQSBH UEdfU0lHTklOR19LRVlTCiBHUEdfU0lHTklOR19LRVlTWzE1MTQ1XT0zQ0U0NjQ1NThBODRGREM2 OURCNDBDRkIwOTBCMTE5OTNEOUFFQkI1ICAjIGx1ZG8KIEdQR19TSUdOSU5HX0tFWVNbMTI3NTQ3 XT0yN0Q1ODZBNEY4OTAwODU0MzI5RkYwOUYxMjYwRTQ2NDgyRTYzNTYyICMgbWF4aW0KIAorIyBU RVNUX0ZBSUxfRkVUQ0hfS0VZPW5vCisjIGlmIFsgIiR7VEVTVF9GQUlMX0ZFVENIX0tFWX0iID0g J3llcycgXTsgdGhlbgorIyAJR1BHX1NJR05JTkdfS0VZU1sxNTE0NV09QUFBQUFBQUFBQUFBQUFB QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQQorIyAJR1BHX1NJR05JTkdfS0VZU1sxMjc1NDddPUJC QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkIKKyMgZmkKKwogIyAtLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0KICMrVVRJTElUSUVTCiAKQEAgLTE4OSwxMiArMTk1LDQ5IEBAIGFkZF9p bml0X3N5c19yZXF1aXJlKCkKICAgICBmaQogfQogCitnZXRfZ3BnX2Zwcl9vZl9rZXlmaWxlKCkK K3sKKyAgICBsb2NhbCBrZXlmaWxlPSIkMSIKKyAgICBsb2NhbCB0bXBfZGlyCisgICAgdG1wX2Rp cj0iJChta3RlbXAgLXQgLWQgZ3VpeC5nbnVwZy50bXBob21lZGlyLlhYWFhYWCkiCisgICAgZ3Bn IC1xcSAtLWhvbWVkaXIgIiR0bXBfZGlyIiAtLWRyeS1ydW4gLS1uby1rZXlyaW5nIFwKKyAgICAg ICAgLS13aXRoLWNvbG9ucyAtLXNob3cta2V5cyAiJGtleWZpbGUiIFwKKyAgICAgICAgfCBncmVw ICdecHViOicgLUEgMSB8IHRhaWwgLW4gMSBcCisgICAgICAgIHwgZ3JlcCAtb0UgJ14oW146XSo6 KXsxMH0nIHwgZ3JlcCAtb0UgJ1teOl0qOiQnIHwgdHIgLWQgJzonCisgICAgIyBhd2sgLUY6ICcv XnB1YjovIHsgZ2V0bGluZTsgcHJpbnQgJDEwIH0nCisKKyAgICAjIEV4cGxhbmF0aW9uOiBHZXQg dGhlIGxpbmUgaW1tZWRpYXRlbHkgYWZ0ZXIgdGhlIGxpbmUgdGhhdCBzdGFydHMKKyAgICAjIHdp dGggYHB1YjpgLiBUaGVuIGdldCB0aGUgMTB0aCBmaWVsZCBmcm9tIHRoYXQgbGluZSwgd2l0aCBj b2xvbnMgYXMKKyAgICAjIGZpZWxkIHNlcGFyYXRvcnMuCit9CisKKyMgQ2hlY2sgdGhhdCBhIGtl eWZpbGUgaGFzIGV4cGVjdGVkIGZpbmdlcnByaW50IGFuZCBpbXBvcnQgaXQgdG8gR1BHIGtleXJp bmcKKyMgb25seSBpZiBzby4gSWYga2V5ZmlsZSBwYXRoIGlzIGdpdmVuIGFzICctJywgaXQgcmVh ZHMgZnJvbSBTVERJTi4gUmV0dXJucyAwCisjIG9yIDEgZGVwZW5kaW5nIGluIGl0cyBvdXRjb21l LCBzbyBpdCBjYW4gYmUgdXNlZCBpbiBjb25kaXRpb24gdGVzdHMuCitpbXBvcnRfa2V5KCkKK3sK KyAgICBsb2NhbCBrZXlmaWxlPSIkMSIKKyAgICBsb2NhbCBmcHI9IiQyIgorICAgIGxvY2FsIHRt cF9kaXIKKworICAgIFsgIiRrZXlmaWxlIiA9ICItIiBdICYmIGtleWZpbGU9L2Rldi9zdGRpbgor ICAgIHRtcF9kaXI9IiQobWt0ZW1wIC10IC1kIGd1aXguZ3BnLlhYWFhYWCkiCisgICAgY3AgIiRr ZXlmaWxlIiAiJHRtcF9kaXIva2V5LmdwZyIKKyAgICAjIENvcHlpbmcgdG8gYSB0ZW1wIGRpciBl bnN1cmVzIG5vIHVucHJpdmlsZWdlZCBwcm9jZXNzIGNhbiB0YW1wZXIKKyAgICAjIHdpdGggaXQg YmV0d2VlbiB0aGUgdGltZSB3ZSBjaGVjayB0aGUgZmluZ2VycHJpbnQgYW5kIGdwZy1pbXBvcnQg aXQuCisgICAgaWYgWyAiJGZwciIgPSAiJChnZXRfZ3BnX2Zwcl9vZl9rZXlmaWxlICIkdG1wX2Rp ci9rZXkuZ3BnIikiIF07IHRoZW4KKyAgICAgICAgZ3BnIC0taW1wb3J0ICIkdG1wX2Rpci9rZXku Z3BnIiAmJiByZXR1cm4gMAorICAgIGZpCisgICAgcmV0dXJuIDEKK30KKwogY2hrX2dwZ19rZXly aW5nKCkKIHsgIyBDaGVjayB3aGV0aGVyIHRoZSBHdWl4IHJlbGVhc2Ugc2lnbmluZyBwdWJsaWMg a2V5IGlzIHByZXNlbnQuCiAgICAgX2RlYnVnICItLS0gWyAke0ZVTkNOQU1FWzBdfSBdIC0tLSIK ICAgICBsb2NhbCB1c2VyX2lkCiAgICAgbG9jYWwgZ3BnX2tleV9pZAogICAgIGxvY2FsIGV4aXRf ZmxhZworICAgIGxvY2FsIHRtcF9kaXIKIAogICAgIGZvciB1c2VyX2lkIGluICIkeyFHUEdfU0lH TklOR19LRVlTW0BdfSI7IGRvCiAgICAgICAgIGdwZ19rZXlfaWQ9JHtHUEdfU0lHTklOR19LRVlT WyR1c2VyX2lkXX0KQEAgLTIwOSwxNyArMjUyLDE5IEBAIFdvdWxkIHlvdSBsaWtlIG1lIHRvIGZl dGNoIGl0IGZvciB5b3U/IjsgdGhlbgogICAgICAgICAgICAgIyBVc2UgYSByZWFzb25hYmxlIHRp bWUtb3V0IGhlcmUgc28gdXNlcnMgZG9uJ3QgcmVwb3J0IHNpbGVudAogICAgICAgICAgICAgIyDi gJhmcmVlemVz4oCZIHdoZW4gU2F2YW5uYWggZ29lcyBvdXQgdG8gbHVuY2gsIGFzIGhhcyBoYXBw ZW5lZC4KICAgICAgICAgICAgIGlmIHdnZXQgImh0dHBzOi8vc3YuZ251Lm9yZy9wZW9wbGUvdmll d2dwZy5waHA/dXNlcl9pZD0kdXNlcl9pZCIgXAotICAgICAgICAgICAgICAgICAgICAtLXRpbWVv dXQ9MzAgLS1uby12ZXJib3NlIC1PLSB8IGdwZyAtLWltcG9ydCAtOyB0aGVuCisgICAgICAgICAg ICAgICAgLS10aW1lb3V0PTMwIC0tbm8tdmVyYm9zZSAtTyAtIHwgaW1wb3J0X2tleSAtICIkZ3Bn X2tleV9pZCI7IHRoZW4KICAgICAgICAgICAgICAgICBjb250aW51ZQogICAgICAgICAgICAgZmkK ICAgICAgICAgZmkKLQkjIElmIHdlIHJlYWNoIHRoaXMgcG9pbnQsIHRoZSBrZXkgaXMgKHN0aWxs KSBtaXNzaW5nLiAgUmVwb3J0IGZ1cnRoZXIKLQkjIG1pc3Npbmcga2V5cywgaWYgYW55LCBidXQg dGhlbiBhYm9ydCB0aGUgaW5zdGFsbGF0aW9uLgorICAgICAgICAjIElmIHdlIHJlYWNoIHRoaXMg cG9pbnQsIHRoZSBrZXkgaXMgKHN0aWxsKSBtaXNzaW5nLiAgUmVwb3J0IGZ1cnRoZXIKKyAgICAg ICAgIyBtaXNzaW5nIGtleXMsIGlmIGFueSwgYnV0IHRoZW4gYWJvcnQgdGhlIGluc3RhbGxhdGlv bi4KICAgICAgICAgX2VyciAiTWlzc2luZyBPcGVuUEdQIHB1YmxpYyBrZXkgKCRncGdfa2V5X2lk KS4KIEZldGNoIGl0IHdpdGggdGhpcyBjb21tYW5kOgogCi0gIHdnZXQgXCJodHRwczovL3N2Lmdu dS5vcmcvcGVvcGxlL3ZpZXdncGcucGhwP3VzZXJfaWQ9JHVzZXJfaWRcIiAtTyAtIHwgXAotc3Vk byAtaSBncGcgLS1pbXBvcnQgLSIKK3dnZXQgJ2h0dHBzOi8vc3YuZ251Lm9yZy9wZW9wbGUvdmll d2dwZy5waHA/dXNlcl9pZD0ke3VzZXJfaWR9JyAtTyAtIHwgXAorc3VkbyBzaCAkMCBpbXBvcnRf a2V5IC0gJyRncGdfa2V5X2lkJworCisiCiAgICAgICAgIGV4aXRfZmxhZz15ZXMKICAgICBkb25l CiAgICAgaWYgWyAiJGV4aXRfZmxhZyIgPSB5ZXMgXTsgdGhlbgpAQCAtMTAzMCwxNCArMTA3NSwx NSBAQCBtYWluX3VuaW5zdGFsbCgpCiAKIG1haW4oKQogewotICAgICMgZXhwZWN0IG5vIHBhcmFt ZXRlcnMKLSAgICAjIG9yICctLXVuaW5zdGFsbCcKICAgICBpZiBbIDAgLWVxICQjIF07IHRoZW4K ICAgICAgICAgbWFpbl9pbnN0YWxsCiAgICAgZWxzZQotICAgICAgICBsb2NhbCB1bmluc3RhbGxf ZmxhZz0iJDEiCi0gICAgICAgIGlmIFsgJy0tdW5pbnN0YWxsJyA9ICIke3VuaW5zdGFsbF9mbGFn fSIgXTsgdGhlbgorICAgICAgICBsb2NhbCBfZmxhZz0iJDEiCisgICAgICAgIGlmIFsgIiR7X2Zs YWd9IiA9ICctLXVuaW5zdGFsbCcgXTsgdGhlbgogICAgICAgICAgICAgbWFpbl91bmluc3RhbGwK KyAgICAgICAgZWxpZiBbICIke19mbGFnfSIgPSAiaW1wb3J0X2tleSIgXTsgdGhlbgorICAgICAg ICAgICAgaW1wb3J0X2tleSAiJDIiICIkMyIgJiYgZXhpdCAwCisgICAgICAgICAgICBleGl0IDEK ICAgICAgICAgZWxzZQogICAgICAgICAgICAgZWNobyAidW5zdXBwb3J0ZWQgcGFyYW1ldGVyczog JCoiCiAgICAgICAgICAgICBleGl0IDEKLS0gCjIuNDUuMAoK --000000000000565c0e06346c122b--