On 07/14/2014 01:12 PM, Michael Stone wrote: > On Mon, Jul 14, 2014 at 12:45:38PM -0400, Hans-Christoph Steiner wrote: >> One place that this will help a lot is managing completely offline machines, >> like machines for running secure build and signing processes. Right now, in >> order to install a package securely on an offline machine, I have to make >> sure >> that the apt-get cache is no older than two weeks, otherwise apt-get >> considers >> the info expired and no longer trusted. It make sense to have a listing of >> packages and updates expire. It does not make sense to have the signature on >> an individual package expire. Debian does not provide the later option. > > Or, you could make use of the Check-Valid-Until and Min-ValidTime options in > apt.conf. There's a reason things are done the way they are, and you probably > aren't going to find a lot of interest in getting people to do a lot of work > to create a system which is duplicative at best and less secure at worst. > > Mike Stone
Sure, those options would work well for people who understand them and want to tweak them. I'm not interested in that. I'm currently working on a TAILS-based system for running build and signing processes on machines that _never_ go online. So that means that changing the apt config is not an option. I'm working with apt-offline currently and that helps a lot. TAILS is a live CD, but provides a method of installing and maintaining new packages on top of what is provided by the live CD. That means those packages are stored in an encrypted stash, and are installed on each boot. So in order to use this feature, the apt cache needs to be refreshed using apt-offline at least every two weeks, otherwise the packages won't be installed since apt can no longer validate them. Having a system that verifies existing .deb files against their own signature would eliminate this problem entirely. The apt expiration is only meant to protect against network attacks, so having to work around the expiration on a completely offline machine only complicates the process of running an offline machine, which also has security ramifications. For more info: https://dev.guardianproject.info/projects/psst/wiki/CleanRoom https://tails.boum.org/doc/first_steps/persistence/configure/index.en.html https://tails.boum.org/blueprint/remember_installed_packages/ https://labs.riseup.net/code/issues/7208 .hc -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
