** Description changed: + [Impact] + + * When launching an Ubuntu release-upgrade through landscape-client, the + upgrade-tool fails GPG verification due to trusted apt key having changed + location as of 18.04 LTS. + + * The proposed patch extends gpg lookup path to include all + /etc/apt/trusted.gpg.d/*.gpg files in addition to /etc/apt/trusted.gpg + when verifying the upgrade-tool signature. + + [Test Case] + + * Install and register the landscape-client against a landscape-server + on a series supporting an upgrade. + + * Wait for it to sync up packages. + + * On the computer packages page, there is a link at the bottom to request a + release upgrade of that machine, if a supported version is available. + + * The upgrade fails and /var/log/landscape/release-upgrader.log will indicate + a failed gpg verification. + + [Where problems could occur] + + * One thing which has been considered in this fix is how someone could have + worked around the issue by re-creating the old key path. The fix covers + such a case by still reading the deprecated trusted.gpg file. + + * Although some care has been taken to only load valid gpg keys from apt + trusted keychain, there could be unforeseen scenarios where invalid data + gets read from the keychain. In such a case, the strict nature of gpg would + reject the signature verification, thus being no worse than without the fix. + + * The affected callsite is used for verifying the release-upgrader code prior + to running it. One bad thing which we could imagine with this code path is + falsely accepting an invalid file signature, which may create a security + issue. This would likely take shape of injecting a gpg key, without + having root access, in the search path. + + [Other Info] + + * There is no way to directly verify this issue on 20.10 Groovy and later + (without faking a release) due to the lack of upgrade path to a supported + LTS. The ubuntu-keyring package having the same file layout, the same + validation failure is however to be expected if left unpatched. + + [Original description] + Since bionic, ubuntu-keyring removed `/etc/apt/trusted.gpg` in favor of `/etc/apt/trusted.gpg.d/` This breaks signature verification for the upgrade-tool. Trying to release-upgrade through landscape yields a failure on signature check: 2020-11-10 15:47:51,019 WARNING [MainThread] Invalid signature for upgrade-tool tarball: /usr/bin/gpg failed (out='', err='gpg: keybox '/etc/apt/trusted.gpg' created gpg: Signature made Fri Oct 16 03:28:09 2020 UTC gpg: using RSA key 3B4FE6ACC0B21F32 gpg: Can't check signature: No public key
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1903776 Title: Changed ubuntu-keyring paths breaks upgrade to focal. To manage notifications about this bug go to: https://bugs.launchpad.net/landscape-client/+bug/1903776/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
