Bug 2225188

Summary: Circular reasoning in source code verification
Product: [Fedora] Fedora Reporter: Björn Persson <bjorn>
Component: bitcoin-coreAssignee: Simone Caronni <negativo17>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 39CC: negativo17
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Björn Persson 2023-07-24 13:55:24 UTC 
Description of problem:
Since the packaging changes made for bitcoin-core 25.0, a program extracted from the source tarball – verify.py – is used to verify the signatures on that same tarball. The thing that's supposed to be authenticated is allowed to assert that it is authentic. That's useless.

If an attacker crafts a malicious source tarball, they will include a malicious verify.py that pretends to verify the signatures and feigns success. Thus the verification step is neutered, and the build will continue as if the malicious tarball had been verified.

Version-Release number of selected component:
25.0-1.fc39
Comment 1 Simone Caronni 2023-08-11 09:02:55 UTC 
This is the upstream method, with the difference that the official way is to download the binaries/tarballs/gpgkeys on the fly, which we are not allowed to do:

https://github.com/bitcoin/bitcoin/blob/master/contrib/verify-binaries/README.md

The last example of the readme file is exactly that.

I preferred the old method but I could not make it work.

Patches are welcome!
Comment 2 Fedora Release Engineering 2023-08-16 07:54:22 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle.
Changing version to 39.