Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rpmkeys --list and --delete must work for unloadable keys #3375

Closed
pmatilai opened this issue Oct 14, 2024 · 5 comments
Closed

rpmkeys --list and --delete must work for unloadable keys #3375

pmatilai opened this issue Oct 14, 2024 · 5 comments
Labels
API API related CLI Command-line interface

Comments

@pmatilai
Copy link
Member

Given how fast crypto stuff becomes obsolete and even inaccessible these days, a key imported today might not be loadable at all in a few years. There needs to be a way to get rid of such keys without resorting to 'rm -rf' tactics, and to be deletable they need to be listable. For rpmdb keystore, the gpg-pubkey headers can be alternatively removed through the transaction API, thus side-skirting the issue, but that's not really a sane design.

So rpmkeys needs to have means to list the underlying keystore contents (presumably by fingerprint) without even trying to load them, and it needs to be able to delete a key found this way. And of course to do that it'll need corresponding APIs in librpm.
@pmatilai pmatilai added API API related CLI Command-line interface labels Oct 14, 2024
@nwalfield
Copy link
Contributor

So rpmkeys needs to have means to list the underlying keystore contents (presumably by fingerprint) without even trying to load them

What do you mean by "without even loading them"? Do you mean having a separate index by the certificate's fingerprint? What happens if this index becomes inconsistent with the certificate store? AIUI, I understand the plan was to (also) use external tools to interact with the certificate store.

@pmatilai
Copy link
Member Author

pmatilai commented Oct 14, 2024
edited
Loading

By load I basically mean rpmPubkeyNew() and all that it ends up checking.

I don't have a detailed plan for this, but I'd expect a keystore to be able to locate the contained signature blobs by a fingerprint, whether they're just files on disk or something fancier. The low-level list doesn't need to provide details about the key, just to give you a handle by which the key can be removed.

@pmatilai
Copy link
Member Author

Actually, it might well be enough just to provide a switch to purge the keystore entirely.
The contents in an rpm keystore are of low value, you can always reimport the bits you need, so nuking isn't such a horrible thing. But it needs to be an rpm provided primitive, not people 'rm -rf'ing around stuff. We got allergic of that during the Berkeley DB days 😖

@ffesti
Copy link
Contributor

ffesti commented Oct 14, 2024

Or just drop all key that you can't load.

@pmatilai
Copy link
Member Author

Yeah, I just realized (afk) that I'm full of shit on this one 😆

The user story is that there needs to be a way to purge keys that don't load for whatever reason, the problem with this ticket is the overly technical description that is going into the weeds. A nicely rpm'ish way to achieve this is a "rebuild" of the keystore, which we basically need for #3347 anyhow. I'll note this as a case in that ticket instead.

@pmatilai pmatilai mentioned this issue Oct 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
API API related CLI Command-line interface
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nwalfield @ffesti @pmatilai