[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#41767] [PATCH 4/9] channels: 'latest-channel-instance' authenticate
|
From: |
Maxim Cournoyer |
|
Subject: |
[bug#41767] [PATCH 4/9] channels: 'latest-channel-instance' authenticates Git checkouts. |
|
Date: |
Thu, 11 Jun 2020 09:15:07 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi Ludovic,
Ludovic Courtès <ludo@gnu.org> writes:
> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>>> +(define %guix-channel-introduction
>>> + ;; Introduction of the official 'guix channel. The chosen commit is the
>>> + ;; first one that introduces '.guix-authorizations' on the 'core-updates'
>>> + ;; branch that was eventually merged in 'master'. Any branch starting
>>> + ;; before that commit cannot be merged or it will be rejected by 'guix
>>> pull'
>>> + ;; & co.
>>> + (make-channel-introduction
>>> + "87a40d7203a813921b3ef0805c2b46c0026d6c31"
>>> + (base16-string->bytevector
>>> + (string-downcase
>>> + (string-filter char-set:hex-digit ;mbakke
>>> + "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA")))
>>> + #f)) ;TODO: Add an intro signature so it can be
>>> exported.
>>
>> The GnuPG key fingerprint is SHA1 derived, which isn't cryptographically
>> secure. This doesn't mean fingerprints are unsafe *now* (given that
>> forging a key to match it isn't currently practical),
>
> Fingerprints are used as an index in the keyring here. If somebody
> introduced a second OpenPGP key with the same fingerprint in the keyring
> and we picked the wrong one when verifying a signature, signature
> verification would just fail. So I think it’s perfectly OK here.
Agreed; thanks for pointing that out. I don't see a problem with our
use of OpenPGP either then :-).
[...]
> The “SHA-1 is a Shambles” paper reads:
>
> The GIT developers have been working on replacing SHA-1 for a
> while[16], and they use a collision detection library [SS17] to
> mitigate the risks of collision attacks.
>
> [16] https://git-scm.com/docs/hash-function-transition/
>
> On the Fediverse, someone pointed out that Bitcoin Core developers
> compute a SHA512 hash of Git trees to mitigate it:
>
> https://github.com/bitcoin/bitcoin/tree/master/contrib/verify-commits
>
> What they do is add a “Tree-SHA512:” line to commit logs and check
> those in ‘verify-commits.py’:
>
> # Check the Tree-SHA512
> if (verify_tree or prev_commit == "") and current_commit not in
> incorrect_sha512_allowed:
> tree_hash = tree_sha512sum(current_commit)
> if ("Tree-SHA512: {}".format(tree_hash)) not in
> subprocess.check_output([GIT, 'show', '-s', '--format=format:%B',
> current_commit]).decode('utf8').splitlines():
> print("Tree-SHA512 did not match for commit " + current_commit,
> file=sys.stderr)
> sys.exit(1)
>
> We could do something similar, maybe optionally, but verification would
> be expensive (you need to traverse all the blobs of the whole tree for
> each commit being authenticated).
>
> At this point, I’d wait for Git’s SHA256 migration to happen, though
> <https://git-scm.com/docs/hash-function-transition/> doesn’t specify an
> ETA.
Thanks for pointing that interesting workaround! I agree that given
Git's plans to migrate to SHA256, it seems reasonable to wait for them
to upgrade and spend our energy somewhere else.
Your changes LGTM.
Thank you,
Maxim
[bug#41767] [PATCH 3/9] tests: Move OpenPGP helpers to (guix tests gnupg)., Ludovic Courtès, 2020/06/08
[bug#41767] [PATCH 6/9] .guix-channel: Add 'keyring-reference'., Ludovic Courtès, 2020/06/08
[bug#41767] [PATCH 8/9] pull: Add '--disable-authentication'., Ludovic Courtès, 2020/06/08
[bug#41767] [PATCH 5/9] channels: Make 'validate-pull' call right after clone/pull., Ludovic Courtès, 2020/06/08
[bug#41767] [PATCH 0/9] Authenticate channels, Ludovic Courtès, 2020/06/09
[bug#41767] [PATCH 0/9] Authenticate channels, zimoun, 2020/06/09