Contributed by tbert on from the puffy's-signature-is-$10-a-pop dept.
It's probably time to talk about it. Yes, we are now distributing signed packages. A lot of people have probably noticed because there was a key mismatch on at least one batch of signed packages. Obviously, we haven't finished testing yet. Don't read too much into that. "Signed packages" just mean you can use an insecure medium, such as ftp, to download packages: if the key matches, it means the package hasn't been tampered with since it was signed. The cryptographic framework used to sign packages is called signify(1), mostly written by Ted Unangst, with a lot of feedback from (mostly) Theo and I. The signing framework in pkg_add/pkg_create is much older than that, if was written for x509 a few years ago, but signify(1) will probably be more robust and ways simpler. In particular, there's no "chain-of-trust", so you keep complete control on the sources YOU trust. Signatures should be transparent in use: the package is opened, the packing-list signature is checked, and then files are checksummed while extracted against the packing-list embedded checksums (there are provisions to ensure any dangerous meta-data is also encoded in the packing-list as @mode/@user/@group annotations. So, barring problems, you shouldn't even notice signatures.
And Theo de Raadt (deraadt@) talks about signed base sets for installations and upgrades:
I suspect only a few have noticed, so it probably should be mentioned that install/upgrades are also signed now. The documentation isn't written yet because change is ongoing. Here is a rough primer, for one or two usage cases. More install methods will work, but some are not perfect yet. As detailed in the new signify(1) manual page, if you download bsd.rd you can: Verify a bsd.rd before an upgrade: $ signify -V -e -p /etc/signify/55base.pub -x SHA256.sig -m - | \ sha256 -C - bsd.rd The same can be done with cd55.iso or install55.iso, of course. If this is OK, you can boot that bsd.rd (OK, you are trusting your pre-existing bootblocks, though you could verify new ones). When you install or upgrade from the net, it will use the SHA256.sig file first, verify it using signify, then collect the base sets and compare them against the SHA256 hashes. They are all downloaded to a spare place on the disk, and then extracted. This change also makes upgrades more "atomic". There are a few raw edges still, but we would appreciate if this is tried by a few people.. please give us feedback. This mechanism was designed by Ted Unangst; a few pieces here and there by Todd Fries and myself; the bulk of the install script changes by Alexander Hall and Robert Peichaer.
For those of you who wanted signed releases, you finally get your wish. As always, ensuring the continued quality of OpenBSD software entails you, the user, making use of and reporting problems.
(Comments are closed)
By Anonymous Coward (24.113.147.35) on
By Jason Crawford (X-rayS) jason AT purebsd DOT net on
Comments
By Aaron Bieber (qbit) on http://www.bolddaemon.com
Package upgrades show progress meters and sets will have progress meters if you upgrade via bsd.rd. Which meters are you talking about?
Comments
By Edward F Ahlsen-Girard (72.213.209.212) girarde@alum.rpi.edu on
>
> Package upgrades show progress meters and sets will have progress meters if you upgrade via bsd.rd. Which meters are you talking about?
I always upgrade with bsd.rd, and I have not seen meters in a couple of weeks.
Comments
By Aaron Bieber (qbit) on http://www.bolddaemon.com
> >
> > Package upgrades show progress meters and sets will have progress meters if you upgrade via bsd.rd. Which meters are you talking about?
>
> I always upgrade with bsd.rd, and I have not seen meters in a couple of weeks.
Ah, you are right! Check this out tho! (http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ftp/extern.h)
"Add -D shorttitle support, so that the progress meter can show some sort
of reason why it is processing a certain file. This will be used by the
installer for that purpose.
ok krw rpe"
By Jason Crawford (X-rayS) on
>
> Package upgrades show progress meters and sets will have progress meters if you upgrade via bsd.rd. Which meters are you talking about?
I was talking about upgrading via bsd.rd, not packages. And I have not seen progress meters since the install media started verifying the files, it just says 'Installing sets.' but doesn't list each one with % complete. Maybe because I upgrade via hard disk (I download ahead of time on the running system) so it does not have to download the sets. But even doing that it would show progress meters before the signature verification.
By Stefan (188.194.125.13) on
As of January 24th, 2014, the progress-meter is back (at least I can say so for i386). Thank you, devs!
By Marc Espie (espie) espie@nerim.net on
There is another cool surprise currently being tested. If things work out alright, signing should end up being almost as fast as copying packages around, with no visible change to tar and pkg_add.
Comments
By Marc Espie (espie) on
The cool surprise is in: pkg_create and pkg_sign now handle "split-gzip" archives, where the packing-list is actually stored as a separate gzip stream in front of the rest of the file. That allows the signing process to just extract/sign/repack the packing-list without having to decompress/recompress the rest of the file, which makes a big difference in cpu usage for signing.
This is 100% transparent for other tools: tar sees a single tarball, the multiple streams are a completely standard part of the gzip format, specifically designed to make that kind of stunt easy (separately compress several parts of the same file).
By Anonymous Coward (81.83.83.198) on
Comments
By Marc Espie (espie) on
Not quite. If you look closely at the CVS attic, you'll see I did a very old draft of signatures using pgp, a few years before Dug Song reused that exact same idea to write gzsig.
What's going on here is different in several aspects:
- it's not header info inside gzip... those will make quite a few tools whine, including gnu gzip.
- it only signs the package "manifest", e.g., the packing-list -> that one contains sha256 for all files in the package.
The first aspect is a conscious decision: the signature is plainly visible in the end PLIST, so you can check for yourself exactly what is going on.
The second aspect gives you "in-time" extraction. gzsig is a good idea... until you realize you CAN'T verify stuff until you have the whole file, which is an interesting can of worm when you're pressed for file system space (also, it doubles time for installation, unless you go to funny tricks like installing one package while checking the next one... which is a bit more parallel than sane...)
Comments
By Anonymous Coward (81.83.83.198) on
By Anonymous Coward (121.45.219.214) on
By Marc Espie (espie) espie@nerim.net on
Not sure it's going to stay for the release, but right now, if you try to manually call pkg_add without -Dunsigned, it will at least ask about unsigned packages, and refuse if you're not running interactive...