Project

General

Profile

Feature #7859

Have check-mirrors use a dedicated keyring

Added by sajolida over 4 years ago. Updated about 1 month ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Infrastructure
Target version:
-
Start date:
08/31/2014
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Yes
Affected tool:
check-mirrors

Description

At the moment when running from our servers, check-mirror uses the keyring of its Unix user, with only the right signing key imported in it.

This shouldn't matter when it's running as a dedicated user but in other case, a mirror could publish a signature that is valid according to a different key.

Source code: git clone https://git.tails.boum.org/check-mirrors
Mentoring:

History

#1 Updated by BitingBird over 4 years ago

  • Category changed from 214 to Infrastructure
  • Affected tool set to check-mirrors

#2 Updated by u almost 2 years ago

  • Assignee set to sajolida
  • QA Check set to Info Needed

I dont really understand the problem, could you please clarify?

#3 Updated by intrigeri almost 2 years ago

  • Assignee deleted (sajolida)
  • QA Check deleted (Info Needed)

check-mirrors checks the detached signature on our ISO image published by mirrors. What we want to check is that this signature 1. is valid; 2. was made by the Tails signing key. Currently we only check it's made by some key that's in the user's public keyring.

#4 Updated by sajolida about 1 year ago

  • Description updated (diff)
  • Starter set to Yes

#5 Updated by sajolida about 1 year ago

  • Description updated (diff)

#6 Updated by intrigeri about 1 month ago

  • Subject changed from Have check-mirror use a dedicated keyring to Have check-mirrors use a dedicated keyring

Also available in: Atom PDF