Superseded-by: https://lore.proxmox.com/pve-devel/[email protected]/T/#t
On 10/30/25 2:28 PM, Nicolas Frey wrote: > This patch series moves in pgp verification code from POM into its > own micro-crate `proxmox-pgp` to reuse it to verify a package is of > Proxmox Origin, which fixes #5207. > > If this patch series is applied, then `proxmox-offline-mirror` should > use the `proxmox-pgp` crate. > > The last patch again adds in the local file fallback in case that the > URI starts with `file://` for (IMO) better UX. I'm fine with this > being dropped if it's not desired, though. > > Changes since v5 (thanks @Shannon): > * changed imports to be module level and correct ordering > * adjust the signature verification to make it more viable to be in > a library by collecting the errors and returning it as one > instead of directly printing to `stderr` > * cleaned up some minor nits > > Changes since v4 (thanks @Thomas for feedback): > * added `proxmox-pgp` micro-crate and moved code from POM > * removed reliance on gpgv in favor of now available `verify_signature` > function in `proxmox-pgp` > * removed http(s) fallback for cached InRelease file > * split up initial patch into smaller commits > > Changes since v3: > * Moved found_uri_or_signed to function and to the end of bool chain > to prevent redundant signage checks to improve performance > * Added fallback to the cached InRelease file to get it from repos URI > > Changes since v2: > * correct the mapping in `gpg_signed` > > Changes since v1: > * rewrite test so it compiles > > Nicolas Frey (4): > add proxmox-pgp subcrate, move POM verifier code to it > fix #5207: apt: check signature of repos with proxmox-pgp > apt: add tests for POM release filenames > apt: check for local POM InRelease as fallback > > Cargo.toml | 2 + > proxmox-apt/Cargo.toml | 1 + > proxmox-apt/src/repositories/repository.rs | 94 ++++++++-- > proxmox-pgp/Cargo.toml | 17 ++ > proxmox-pgp/debian/changelog | 5 + > proxmox-pgp/debian/control | 40 +++++ > proxmox-pgp/debian/copyright | 18 ++ > proxmox-pgp/debian/debcargo.toml | 7 + > proxmox-pgp/src/lib.rs | 5 + > proxmox-pgp/src/verifier.rs | 194 +++++++++++++++++++++ > 10 files changed, 373 insertions(+), 10 deletions(-) > create mode 100644 proxmox-pgp/Cargo.toml > create mode 100644 proxmox-pgp/debian/changelog > create mode 100644 proxmox-pgp/debian/control > create mode 100644 proxmox-pgp/debian/copyright > create mode 100644 proxmox-pgp/debian/debcargo.toml > create mode 100644 proxmox-pgp/src/lib.rs > create mode 100644 proxmox-pgp/src/verifier.rs > _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
