On 3/10/19 12:40 am, Jonas Witschel wrote:
Currently pacman relies on the SKS keyserver network to fetch unknown PGP keys. These keyservers are vulnerable to signature spamming attacks, potentionally making it impossible to import the required keys. An alternative to keyservers is a so-called Web Key Directory (WKD), a well-known, trusted location on a server from where the keys can be fetched.
This commit adds the ability to retrieve keys from a WKD. Due to the mentioned vulnerabilities, the WKD is tried first, falling back to the keyservers only if no appropriate key is found there.
In contrast to keyservers, keys in a WKD are not looked up using their fingerprint, but by email address. Since the email address of the signing key is usually not included in the signature, we will use the packager email address to perform the lookup.
Also see FS#63171.
Signed-off-by: Jonas Witschel <diabonas@archlinux.org> --- lib/libalpm/signing.c | 96 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 83 insertions(+), 13 deletions(-)
Thanks - looks good apart from one change I made:
+ /* Try to import the key from a WKD first */ + email_from_uid(uid, &email); + ret = key_import_wkd(handle, email);
CC libalpm_la-signing.lo signing.c: In function ‘_alpm_key_import’: signing.c:285:12: error: ‘email’ may be used uninitialized in this function [-Werror=maybe-uninitialized] 285 | gpg_err = gpgme_get_key(ctx, email, &key, 0); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ signing.c:506:8: note: ‘email’ was declared here 506 | char *email; | ^~~~~ cc1: all warnings being treated as errors if(email_from_uid(uid, &email) == 0) { ret = key_import_wkd(handle, email); }