Bug 493126 - use sha256 to gpg sign *-CHECKSUM files
Summary: use sha256 to gpg sign *-CHECKSUM files
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: pungi
Version: 13
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: David Cantrell
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: fedora-sha2
TreeView+ depends on / blocked
 
Reported: 2009-03-31 17:59 UTC by Till Maas
Modified: 2013-01-10 05:07 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-05-25 22:05:57 UTC
Type: ---


Attachments (Terms of Use)

Description Till Maas 2009-03-31 17:59:32 UTC
Description of problem:
The checksum in *-CHECKSUM files are done with sha256sum, but the gpg signature only uses SHA1:

$ grep Hash F11-Beta-i686-Live-CHECKSUM
Hash: SHA1

Additional info:
Passing this to gpg will probably make it use SHA256 instead:

--digest-algo SHA256

Comment 1 Bug Zapper 2009-06-09 12:52:42 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 2 Miloslav Trmač 2009-06-30 16:37:31 UTC
This was fixed in time for F11.  Thanks!

Comment 3 Till Maas 2009-11-17 21:37:16 UTC
For F12, SHA1 was used again! :-(

$ curl -s  https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM|grep Hash
Hash: SHA1

Comment 4 Zeev Tarantov 2009-12-14 11:51:42 UTC
Worse: SHA256 was used (just look at the length of the hash, or run sha256sum on the iso yourself), but the CHECKSUM file says "SHA1". The hash is right, it is signed with the right key, but it is labeled incorrectly, so that if a machine were going to verify it, it would say it is either wrong or invalid. Such an error slipping through means the hash was never verified, which is a concern.

Comment 5 Till Maas 2009-12-14 12:12:52 UTC
(In reply to comment #4)
> Worse: SHA256 was used (just look at the length of the hash, or run sha256sum
> on the iso yourself), but the CHECKSUM file says "SHA1". The hash is right, it
> is signed with the right key, but it is labeled incorrectly, so that if a
> machine were going to verify it, it would say it is either wrong or invalid.
> Such an error slipping through means the hash was never verified, which is a
> concern.  

sha256sum was used to create the hash values of the individual files listed in the CHECKSUM file, but SHA1 was used to create the signature of the list of sha256 hash values. Within the section that starts with "-----BEGIN PGP SIGNATURE-----", there SHA1 is used. This is what the "Hash: SHA1" line says after "-----BEGIN PGP SIGNED MESSAGE-----".

Comment 7 Miloslav Trmač 2010-04-28 14:31:30 UTC
Same problem with F13 beta.

Comment 8 Jesse Keating 2010-04-28 15:17:12 UTC
This will require support in sigul for doing sha256 signatures when clear signing.  That support doesn't exist yet.

Comment 9 Miloslav Trmač 2010-04-28 15:32:36 UTC
See https://bugzilla.redhat.com/show_bug.cgi?id=480017#c1 .

This should affect all signing operations; RPM signatures do use SHA-256, was the checksum file signed using a different mechanism?


(sigul sign-rpm --v3-signature) has no equivalent in (sigul sign-text), but v3/v4 signature format is unrelated to the hash algorithm used.

Comment 10 Jesse Keating 2010-04-28 17:45:26 UTC
I think what's missing is setting the preference in sigul's gpg.conf.  I had assumed that by setting it, we would be unable to generate sha1 signatures for our older rpm systems.  I'll have to test this.

Comment 11 Jesse Keating 2010-05-25 22:05:57 UTC
Since this is a process issue, not a pungi issue, I've filed this in releng trac.  https://fedorahosted.org/rel-eng/ticket/3762


Note You need to log in before you can comment on or make changes to this bug.