Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

builderv2: N-of-M signatures validation #7739

Closed
marmarek opened this issue Sep 6, 2022 · 1 comment
Closed

builderv2: N-of-M signatures validation #7739

marmarek opened this issue Sep 6, 2022 · 1 comment
Assignees
@fepitre
Labels
C: builder Qubes Builder cryptography This issue pertains to cryptography. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. security This issue pertains to the security of Qubes OS. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.

Comments

@marmarek
Copy link
Member

marmarek commented Sep 6, 2022

How to file a helpful issue

The problem you're addressing (if any)

Currently qubes-builder accepts sources if they carry at least a single valid tag from a trusted key. There is no support for requiring several peoples signing a release.

The solution you'd like

Add support for requiring N signed tags from different maintainers. This should be defined together with component maintainers. Lets focus on source code verification, do not add similar feature for github commands yet.

I don't exclude more complex schemes (3 tags from any of A,B,C,D,E or 2 tags if at least one is made by X), but lets start with a simpler option first. And it's possible to emulate more complex schemes with the simple one by some people having multiple keys (although that's a bit clumsy).

The value to a user, and who that user might be

More trustworthy release process, with technically enforced review (or at least acknowledge) from multiple people.
@marmarek marmarek added T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. C: builder Qubes Builder security This issue pertains to the security of Qubes OS. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Sep 6, 2022
@andrewdavidwong andrewdavidwong added this to the Non-release milestone Sep 6, 2022
@andrewdavidwong andrewdavidwong added the cryptography This issue pertains to cryptography. label Sep 6, 2022
@fepitre fepitre mentioned this issue Jul 2, 2023
Merged
marmarek added a commit to QubesOS/qubes-builderv2 that referenced this issue Jul 7, 2023
@marmarek
example-configs: specify default maintainers explicitly
96c0be5 
New get-and-verify-source.py expects explicit maintainers list, to
enforce minumum require signatures (even with default value of '1').

QubesOS/qubes-issues#7739
@fepitre
Copy link
Member

fepitre commented Jul 11, 2023

@marmarek Should we close this issue assuming we already done the main goal, i.e., supporting N signed tags from different maintainers?

@andrewdavidwong andrewdavidwong removed this from the Non-release milestone Aug 13, 2023
@marmarek marmarek closed this as completed Nov 5, 2023
@marmarek marmarek mentioned this issue Feb 15, 2024
Closed
@marmarek marmarek mentioned this issue Apr 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fepitre fepitre

Labels
C: builder Qubes Builder cryptography This issue pertains to cryptography. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. security This issue pertains to the security of Qubes OS. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@marmarek @andrewdavidwong @fepitre