[PATCH] Disallow SHA1 signatures on commits

Done

Details

One participant

Ludovic Courtès

Owner: unassigned

Submitted by: Ludovic Courtès

Severity: normal

Ludovic Courtès wrote on 10 Jun 2020 15:16

Recipients:(address . guix-patches@gnu.org)

Message-ID:877dwff4cj.fsf@gnu.org

Hello Guix!

The attached patch disallows SHA1 signatures on commits, as recommended

in:

https://sha-mbles.github.io/

As explained there, SHA1 is no longer the default for signatures since

the release of GnuPG 2.0 in 2006, but there are still users of GnuPG 1.x.

In our repository, there are 132 SHA1 signatures since ‘v1.0.0’ (last

one in April 2020) by three fellow hackers who have since updated their

config along the lines of item #2 at:

https://guix.gnu.org/manual/devel/en/html_node/Commit-Access.html

With this patch, any commit with a SHA1 signature made after

c91e27c60864faa229198f6f0caf620275c429a2 (May 1st), which introduces

‘.guix-authorizations’, is rejected (it is not a timestamp-based check

because timestamps can always be forged). If one of us makes a mistake,

we’ll have to hard-reset prior to the faulty commit.

For the record, this was previously discussed at:

https://issues.guix.gnu.org/issue/22883#62

If you have any questions, please let me know. Feedback welcome!

Ludo’.

Attachment: 0001-git-authenticate-Disallow-SHA1-and-MD5-signatures.patch

Ludovic Courtès wrote on 12 Jun 2020 18:57

Recipients:(address . 41787-done@debbugs.gnu.org)

Message-ID:87mu5843xz.fsf@gnu.org

Ludovic Courtès <ludo@gnu.org> skribis:

Toggle quote (11 lines)>>From e902fdf083627d548541d6cc53643df4071616c7 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
> Date: Wed, 10 Jun 2020 14:54:13 +0200
> Subject: [PATCH] git-authenticate: Disallow SHA1 (and MD5) signatures.
>
> * guix/git-authenticate.scm (commit-signing-key): Add
>  #:disallowed-hash-algorithms and honor it.
> (authenticate-commit)[recent-commit?]: New variable.
> Pass #:disallowed-hash-algorithms to 'commit-signing-key'.
> * tests/git-authenticate.scm ("signed commits, SHA1 signature"): New test.

Pushed as 52c529ff20b389eb64ac033586e6b1a5c5d82cb5.

Ludo’.

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 41787@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 41787

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date