On 05/04/2013 08:03 AM, Chris Adams wrote:
Once upon a time, Mike Pinkerton <pseli...@mindspring.com> said:
On 3 May 2013, at 15:07, Chris Adams wrote:
Once upon a time, Mike Pinkerton <pseli...@mindspring.com> said:
Does anaconda check package signatures for the netinstall?
I believe so. Checksums are definately checked (RPM won't install a
corrupt package).
Are you sure that signatures are checked? If so, why this feature?
I thought that feature had been implemented, but the status page only
shows 5%. The in-package checksums (along similar lines to the DVD
media check) are checked, but not the signatures.
However, unless your installer image is signed, checking RPM signatures
in anaconda is pointless (which is why the feature you mentioned is
based on Secure Boot).
Unfortunately, Secure Boot does not help here. I already explained why
Secure Boot is unusable for boot image verification:
http://lists.fedoraproject.org/pipermail/devel/2013-January/176051.html
Just because something is signed doesn't mean that it's harmless to run.
Creating a complete chain of trust is hard.
It's relatively easy to avoid trust in the Internet and the Fedora
mirror network. It's not entirely trivial because we'd need overrides
(or ways to inject key material) for additional repositories added with
Kickstart.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
