If POM is set up to mirror the PVE repository and only this repository is added on a PVE host, the `Repositories` panel will show an `Error` status with the message:
`No Proxmox VE repository is enabled, you do not get any updates!` This is because the current implementation only checks if the uri of the repo matches that of one of the standard repos. This commit aims to fix this issue by verifying it through signature info via `proxmox-pgp`. The InRelease file cached at `/var/lib/apt/lists/` is used to check whether the package is of Proxmox Origin. Fixes: https://bugzilla.proxmox.com/show_bug.cgi?id=5207 Signed-off-by: Nicolas Frey <[email protected]> --- Changes since v6: * removed logging from verification, as it is only invoked to check whether a repository is a Proxmox standard repository, where logging is not warranted * switched from 2 match expressions to one let-else in `is_signed_by_key` proxmox-apt/Cargo.toml | 1 + proxmox-apt/src/repositories/repository.rs | 42 ++++++++++++++++------ 2 files changed, 33 insertions(+), 10 deletions(-) diff --git a/proxmox-apt/Cargo.toml b/proxmox-apt/Cargo.toml index 59bb4906..2eaf588d 100644 --- a/proxmox-apt/Cargo.toml +++ b/proxmox-apt/Cargo.toml @@ -23,6 +23,7 @@ rfc822-like = "0.2.1" proxmox-apt-api-types.workspace = true proxmox-config-digest = { workspace = true, features = ["openssl"] } proxmox-sys.workspace = true +proxmox-pgp.workspace = true apt-pkg-native = { version = "0.3.2", optional = true } regex = { workspace = true, optional = true } diff --git a/proxmox-apt/src/repositories/repository.rs b/proxmox-apt/src/repositories/repository.rs index 24e7943b..88e6cccf 100644 --- a/proxmox-apt/src/repositories/repository.rs +++ b/proxmox-apt/src/repositories/repository.rs @@ -2,6 +2,7 @@ use std::io::{BufRead, BufReader, Write}; use std::path::{Path, PathBuf}; use anyhow::{bail, format_err, Error}; +use proxmox_pgp::{verify_signature, WeakCryptoConfig}; use crate::repositories::standard::APTRepositoryHandleImpl; use proxmox_apt_api_types::{ @@ -122,21 +123,24 @@ impl APTRepositoryImpl for APTRepository { product: &str, suite: &str, ) -> bool { - let (package_type, handle_uris, component, _key) = handle.info(product); - - let mut found_uri = false; - - for uri in self.uris.iter() { - let uri = uri.trim_end_matches('/'); - - found_uri = found_uri || handle_uris.iter().any(|handle_uri| handle_uri == uri); - } + let (package_type, handle_uris, component, key) = handle.info(product); + + let found_uri_or_signed = || { + let mut found = false; + for uri in self.uris.iter() { + let uri = uri.trim_end_matches('/'); + found = found + || handle_uris.iter().any(|handle_uri| handle_uri == uri) + || is_signed_by_key(uri, suite, key); + } + found + }; self.types.contains(&package_type) - && found_uri // using contains would require a &String && self.suites.iter().any(|self_suite| self_suite == suite) && self.components.contains(&component) + && found_uri_or_signed() } fn origin_from_uris(&self) -> Option<String> { @@ -389,6 +393,24 @@ fn write_stanza(repo: &APTRepository, w: &mut dyn Write) -> Result<(), Error> { Ok(()) } +/// Reads file contents of cached/local POM InRelease file from uri +/// and key to verify pgp signature +fn is_signed_by_key(uri: &str, suite: &str, key_path: &str) -> bool { + let (Ok(data), Ok(key)) = ( + std::fs::read(release_filename( + Path::new("/var/lib/apt/lists"), + uri, + suite, + false, + )), + std::fs::read(key_path), + ) else { + return false; + }; + + verify_signature(&data, &key, None, &WeakCryptoConfig::default()).is_ok() +} + #[test] fn test_uri_to_filename() { let filename = uri_to_filename("https://some_host/some/path";); -- 2.47.3 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
