Bug#1088288: gpgv-sq: fails to verify some good sha1 signatures because of default policy

Thu, 23 Jan 2025 23:57:13 -0800 

Package: apt
Version: 2.9.23
Followup-For: Bug #1088288

Dear Maintainer,
The addition of default-sequoia.config has helped, but seems to be incomplete. Slack still cannot be updated. It gives this error message:
Get:2 https://packagecloud.io/slacktechnologies/slack/debian jessie InRelease [29.1 kB] Err:2 https://packagecloud.io/slacktechnologies/slack/debian jessie InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on DB085A08CA13B8ACB917E0F6D938EC0D038651BD is not bound: primary key because: No binding signature at time 2024-12-17T17:27:20Z because: Policy rejected non-revocation signature (PositiveCertification) requiring collision resistance because: SHA1 is not considered secure since 2013-02-01T00:00:00Z Warning: GPG error: https://packagecloud.io/slacktechnologies/slack/debian jessie InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on DB085A08CA13B8ACB917E0F6D938EC0D038651BD is not bound: primary key because: No binding signature at time 2024-12-17T17:27:20Z because: Policy rejected non-revocation signature (PositiveCertification) requiring collision resistance because: SHA1 is not considered secure since 2013-02-01T00:00:00Z Error: The repository 'https://packagecloud.io/slacktechnologies/slack/debian jessie InRelease' is not signed. Notice: Updating from such a repository can't be done securely, and is therefore disabled by default. Notice: See apt-secure(8) manpage for repository creation and user configuration details.
It seems that there are certain requirements regarding the signing key that are not allowed by the default-sequoia.config that is currently put into place.
[Analysis] To clarify some of the terminology in the error message, a "non-revocation signature" is not one that asserts the key hasn't been revoked; it's just any signature that is not a revocation signature. The PositiveCertification is a signature associating a user ID with the primary key. 

[Analysis] In
https://docs.rs/sequoia-openpgp/1.21.2/sequoia_openpgp/policy/enum.HashAlgoSecurity.html#variants , note that the signature binding the user ID to the primary key need only be second preimage resistant if the user ID is a short email address. The Slack user ID is "https://packagecloud.io/slacktechnologies/slack (https://packagecloud.io/docs#gpg_signing) <supp...@packagecloud.io>", which is an allowable email address format, but is not short: the cutoff is 96 bytes, according to https://gitlab.com/sequoia-pgp/sequoia/-/blob/93dcddcb5c5a493faa1d958a085f55d7d1eda50c/openpgp/src/packet/userid.rs#L762 . spv then falls back to requiring general collision resistance.
I was able to work around this issue by creating the following /etc/crypto-policies/back-ends/apt-sequoia.config : 

    [hash_algorithms]
    sha1.second_preimage_resistance = 2026-01-01
    sha1.collision_resistance = 2026-01-01
    [packets]
    signature.v3 = 2026-01-01
If it is desirable to support such keys using SHA-1, then I suggest putting this additional sha1.collision_resistance field in default-sequoia.config. 

-- Package-specific info:

-- (no /etc/apt/preferences present) --


-- /etc/apt/sources.list.d/slack.list --

### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb https://packagecloud.io/slacktechnologies/slack/debian/ jessie main

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.9-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set 
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apt depends on:
ii  adduser                 3.137
ii  base-passwd             3.6.6
ii  debian-archive-keyring  2023.4
ii  libapt-pkg6.0t64        2.9.23
ii  libc6                   2.40-5
ii  libgcc-s1               14.2.0-12
ii  libseccomp2             2.5.5-2
ii  libssl3t64              3.4.0-2
ii  libstdc++6              14.2.0-12
ii  libsystemd0             257.2-1
ii  sqv                     1.2.1-5

Versions of packages apt recommends:
ii  ca-certificates  20241223

Versions of packages apt suggests:
ii  apt-doc         2.9.23
ii  aptitude        0.8.13-6.1
ii  dpkg-dev        1.22.11
ii  gnupg           2.2.46-1
ii  gnupg2          2.2.46-1
ii  powermgmt-base  1.38

-- no debconf information

Reply via email to