[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Katrin Fischer changed: What|Removed |Added CC||martin.renvoize@ptfs-europe ||.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 David Cook changed: What|Removed |Added Status|Failed QA |In Discussion -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Bug 24632 depends on bug 23975, which changed state. Bug 23975 Summary: Add ability to search and install plugins from GitHub https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23975 What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Bug 24632 depends on bug 23975, which changed state. Bug 23975 Summary: Add ability to search and install plugins from GitHub https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23975 What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED |--- -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Bug 24632 depends on bug 23975, which changed state. Bug 23975 Summary: Add ability to search and install plugins from GitHub https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23975 What|Removed |Added Status|Pushed to master|RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 --- Comment #19 from David Cook --- Thanks for taking the time to look at this one, Katrin. I appreciate it. I think for now I'm probably going to abandon this work, and focus instead on patches that limit users' ability to install plugins all together. That is, allow only administrators to install plugins, or allow only a pre-approved list of plugin options, or both. Hopefully my past work can serve as a bit of an example of what could be done in the future. For now, I don't think there will be enough uptake to warrant continuing working on it. But thanks again :) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Katrin Fischer changed: What|Removed |Added Status|Signed Off |Failed QA --- Comment #18 from Katrin Fischer --- I've rebased the patches (kohastructure.sql and plugins-home.tt, but there are a lot of QA script fails: FAIL Koha/Plugins/Key.pm OK critic OK forbidden patterns OK git manipulation OK pod FAIL pod coverage POD coverage was greater before, try perl -MPod::Coverage=PackageName -e666 OK spelling OK valid FAIL Koha/Plugins/Keys.pm OK critic FAIL forbidden patterns forbidden pattern: tab char (line 57) forbidden pattern: tab char (line 61) forbidden pattern: tab char (line 83) OK git manipulation OK pod FAIL pod coverage POD is missing for 'verify_plugin' OK spelling OK valid FAIL Koha/Schema/Result/PluginKey.pm OK critic OK forbidden patterns OK git manipulation OK pod FAIL pod coverage POD is missing for koha_object_class POD is missing for koha_objects_class OK spelling OK valid OK installer/data/mysql/kohastructure.sql OK boolean_vs_tinyint OK charset_collate OK git manipulation OK tinyint_has_boolean_flag OK installer/data/mysql/sysprefs.sql OK git manipulation OK semicolon OK sysprefs_order FAIL koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-home.tt OK filters FAIL forbidden patterns forbidden pattern: trailing space char (line 58) OK git manipulation OK js_in_body OK spelling OK tt_valid OK valid_template FAIL koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-keys.tt FAIL filters missing_filter at line 68 ( Delete) FAIL forbidden patterns forbidden pattern: tab char (line 28) forbidden pattern: tab char (line 42) OK git manipulation OK js_in_body OK spelling OK tt_valid OK valid_template OK koha-tmpl/intranet-tmpl/prog/en/modules/plugins/plugins-upload.tt OK filters OK forbidden patterns OK git manipulation OK js_in_body OK spelling OK tt_valid OK valid_template FAIL plugins/plugins-keys.pl OK critic FAIL forbidden patterns forbidden pattern: Script permissions is authnotrequired => 0, it could be correct for an OPAC script if it is was you really want error (bug 24663) (line 42) OK git manipulation OK pod OK spelling OK valid Additional notes: 1) The 2 .perl files for database updates [c/sh]ould be combined. 2) Add comment before new table in kohastructure.sql 3) I wonder if the permission for the new page should not be a little stricter. Currently if you can use plugins, you can also access the page. I'd suggest: manage - Manage plugins ( install / uninstall ) This should then also affect the visibility of the buttons/links to the page from plugin home. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Jonathan Druart changed: What|Removed |Added Keywords|rel_20_11_target| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Martin Renvoize changed: What|Removed |Added Keywords|rel_20_05_candidate |rel_20_11_target -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Tomás Cohen Arazi changed: What|Removed |Added Version|unspecified |master -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Tomás Cohen Arazi changed: What|Removed |Added CC||tomasco...@gmail.com Assignee|koha-b...@lists.koha-commun |dc...@prosentient.com.au |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Martin Renvoize changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=22832 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 --- Comment #17 from Martin Renvoize --- (In reply to Jonathan Druart from comment #15) > You are assuming that an author who is trusted once is trusted for all the > plugins they will write. This assumption is wrong IMO. I agree with David here.. this work is to provide a way of verifying the code is written by an author you trust.. not that this particular plugin is correct. As such, sharing a key is a fair and well-documented route that many systems already use. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 --- Comment #16 from David Cook --- (In reply to Jonathan Druart from comment #15) > You are assuming that an author who is trusted once is trusted for all the > plugins they will write. This assumption is wrong IMO. This assumption is the same as the software package managers on Windows and Linux. I think it's a fair and conventional assumption to make. That being said, I agree with the content of what you're saying, which is why this feature needs to be paired with a whitelist where administrators can define which plugins should be allowed to be installed. That way administrators specify that only X authentic plugins from Y trusted authors can be installed. I'm planning to code the whitelist functionality too, but haven't had the time yet. In lieu of it, I think adding a signature system alone is better than the nothing that we have at the moment. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Jonathan Druart changed: What|Removed |Added CC||jonathan.dru...@bugs.koha-c ||ommunity.org --- Comment #15 from Jonathan Druart --- You are assuming that an author who is trusted once is trusted for all the plugins they will write. This assumption is wrong IMO. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 --- Comment #14 from David Cook --- I noticed late yesterday that https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23975 allows a person to fetch plugins directly from Github. I'll have to take a look at that code to see how it relates to what I've done here. I imagine it shouldn't be too difficult, especially if we use a standard naming convention for signature files. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 Holly changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 ByWater Sandboxes changed: What|Removed |Added Attachment #104032|0 |1 is obsolete|| --- Comment #13 from ByWater Sandboxes --- Created attachment 104035 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104035=edit Bug 24632: Verify Koha plugin signatures against trusted author public keys The concept is that Koha plugin authors will sign their plugins using their RSA private key, and they'll share their public key with Koha users/the public. Koha users will upload/import these public keys into Koha. When uploading plugins, Koha users will also be prompted to upload a signature file, which will be provided by Koha plugin authors. By default, signature verification will be optional. However, if you enable the system preference "RequirePluginSignatures", you will only be able to upload Koha plugins which have been signed by a trusted author (ie an author for whom you have stored a public key). This patch adds the plugin_keys table and a web UI to store trusted author public keys, adds the "RequirePluginSignatures" system preference to secure the upload process, and updates the plugin upload to verify signatures. Test Plan: 0) Apply patch 1) Download Example Koha Plugin Developer public key https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104031 2) Download Kitchen Sink plugin signature https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104030 3) Download version 2.1.39 of the Kitchen Sink plugin https://github.com/bywatersolutions/koha-plugin-kitchen-sink/releases/download/v2.1.39/koha-plugin-kitchen-sink-v2.1.39.kpz 4) Go to /cgi-bin/koha/plugins/plugins-keys.pl 5) Upload "Example Koha Plugin Developer public key" here with any "Name" you want 6) Go to /cgi-bin/koha/plugins/plugins-upload.pl 7) Upload Kitchen Sink plugin 8) Notice it uploaded without a signature. 9) Uninstall Kitchen Sink plugin 10) Go to systme preferences and enable "RequirePluginSignatures" 11) Go to /cgi-bin/koha/plugins/plugins-upload.pl 12) Upload Kitchen Sink plugin 13) Notice an error message saying upload failed 14) Go to /cgi-bin/koha/plugins/plugins-home.pl 15) Observe there is no uploaded plugin 16) Go to /cgi-bin/koha/plugins/plugins-upload.pl 17) Upload Kitchen Sink plugin 18) Upload Kitchen Sink plugin signature 19) Notice the plugin uploaded Advanced Test Plan: Instead of downloading the Koha Sink plugin signature and public key, try creating your own keys and signature. The below is just a quick example, and not necessarily the recommended process. Consider a larger key size. 1) openssl genrsa -des3 -out private.pem 2048 2) openssl rsa -in private.pem -outform PEM -pubout -out public.pem 3) openssl dgst -sha256 -sign private.pem -out koha-plugin-kitchen-sink-v2.1.39.sig koha-plugin-kitchen-sink-v2.1.39.kpz 4) Repeat normal test plan from step 4 Signed-off-by: Holly -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 --- Comment #12 from David Cook --- Created attachment 104032 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104032=edit Bug 24632: Verify Koha plugin signatures against trusted author public keys The concept is that Koha plugin authors will sign their plugins using their RSA private key, and they'll share their public key with Koha users/the public. Koha users will upload/import these public keys into Koha. When uploading plugins, Koha users will also be prompted to upload a signature file, which will be provided by Koha plugin authors. By default, signature verification will be optional. However, if you enable the system preference "RequirePluginSignatures", you will only be able to upload Koha plugins which have been signed by a trusted author (ie an author for whom you have stored a public key). This patch adds the plugin_keys table and a web UI to store trusted author public keys, adds the "RequirePluginSignatures" system preference to secure the upload process, and updates the plugin upload to verify signatures. Test Plan: 0) Apply patch 1) Download Example Koha Plugin Developer public key https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104031 2) Download Kitchen Sink plugin signature https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104030 3) Download version 2.1.39 of the Kitchen Sink plugin https://github.com/bywatersolutions/koha-plugin-kitchen-sink/releases/download/v2.1.39/koha-plugin-kitchen-sink-v2.1.39.kpz 4) Go to /cgi-bin/koha/plugins/plugins-keys.pl 5) Upload "Example Koha Plugin Developer public key" here with any "Name" you want 6) Go to /cgi-bin/koha/plugins/plugins-upload.pl 7) Upload Kitchen Sink plugin 8) Notice it uploaded without a signature. 9) Uninstall Kitchen Sink plugin 10) Go to systme preferences and enable "RequirePluginSignatures" 11) Go to /cgi-bin/koha/plugins/plugins-upload.pl 12) Upload Kitchen Sink plugin 13) Notice an error message saying upload failed 14) Go to /cgi-bin/koha/plugins/plugins-home.pl 15) Observe there is no uploaded plugin 16) Go to /cgi-bin/koha/plugins/plugins-upload.pl 17) Upload Kitchen Sink plugin 18) Upload Kitchen Sink plugin signature 19) Notice the plugin uploaded Advanced Test Plan: Instead of downloading the Koha Sink plugin signature and public key, try creating your own keys and signature. The below is just a quick example, and not necessarily the recommended process. Consider a larger key size. 1) openssl genrsa -des3 -out private.pem 2048 2) openssl rsa -in private.pem -outform PEM -pubout -out public.pem 3) openssl dgst -sha256 -sign private.pem -out koha-plugin-kitchen-sink-v2.1.39.sig koha-plugin-kitchen-sink-v2.1.39.kpz 4) Repeat normal test plan from step 4 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 David Cook changed: What|Removed |Added Status|NEW |Needs Signoff Patch complexity|--- |Small patch -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 --- Comment #11 from David Cook --- Created attachment 104031 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104031=edit Example Koha Plugin Developer Public Key -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 --- Comment #10 from David Cook --- Created attachment 104030 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104030=edit Koha Plugin Signatures -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 24632] Plugins should support simple signing for security/verifiability
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632 David Cook changed: What|Removed |Added Summary|Plugins should support |Plugins should support |simple signing for |simple signing for |security/varifiability |security/verifiability -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/