[PATCH] Disallow SHA1 signatures on commits

  • Done
  • quality assurance status badge
Details
One participant
  • Ludovic Courtès
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
normal
L
L
Ludovic Courtès wrote on 10 Jun 2020 15:16
(address . guix-patches@gnu.org)
877dwff4cj.fsf@gnu.org
Hello Guix!

The attached patch disallows SHA1 signatures on commits, as recommended
in:


As explained there, SHA1 is no longer the default for signatures since
the release of GnuPG 2.0 in 2006, but there are still users of GnuPG 1.x.

In our repository, there are 132 SHA1 signatures since ‘v1.0.0’ (last
one in April 2020) by three fellow hackers who have since updated their
config along the lines of item #2 at:


With this patch, any commit with a SHA1 signature made after
c91e27c60864faa229198f6f0caf620275c429a2 (May 1st), which introduces
‘.guix-authorizations’, is rejected (it is not a timestamp-based check
because timestamps can always be forged). If one of us makes a mistake,
we’ll have to hard-reset prior to the faulty commit.

For the record, this was previously discussed at:


If you have any questions, please let me know. Feedback welcome!

Ludo’.
L
L
Ludovic Courtès wrote on 12 Jun 2020 18:57
(address . 41787-done@debbugs.gnu.org)
87mu5843xz.fsf@gnu.org
Ludovic Courtès <ludo@gnu.org> skribis:

Toggle quote (11 lines)
>>From e902fdf083627d548541d6cc53643df4071616c7 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
> Date: Wed, 10 Jun 2020 14:54:13 +0200
> Subject: [PATCH] git-authenticate: Disallow SHA1 (and MD5) signatures.
>
> * guix/git-authenticate.scm (commit-signing-key): Add
> #:disallowed-hash-algorithms and honor it.
> (authenticate-commit)[recent-commit?]: New variable.
> Pass #:disallowed-hash-algorithms to 'commit-signing-key'.
> * tests/git-authenticate.scm ("signed commits, SHA1 signature"): New test.

Pushed as 52c529ff20b389eb64ac033586e6b1a5c5d82cb5.

Ludo’.
Closed
?