uefi archive files don't have signed checksums
Bug #1285919 reported by
Julian Edwards
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Fix Released
|
High
|
Andy Whitcroft | ||
| ubuntu-archive-publishing |
Fix Released
|
High
|
Colin Watson | ||
Bug Description
Files under /ubuntu/
Compare to /ubuntu/
MAAS downloads netboot installer files and is about to sprout support for UEFI. We previously had a CVE raised because the netboot installer downloads were not verified against the archive signature, so it makes sense to ensure these .efi files also get signed checksums.
Related branches
lp:~apw/launchpad/signing-add-sha256-checksums
- Colin Watson (community): Approve
-
Diff: 354 lines (+215/-2)5 files modifiedlib/lp/archivepublisher/publishing.py (+61/-0)
lib/lp/archivepublisher/signing.py (+8/-0)
lib/lp/archivepublisher/tests/test_publisher.py (+106/-1)
lib/lp/archivepublisher/tests/test_signing.py (+30/-0)
lib/lp/archivepublisher/utils.py (+10/-1)
lp:~apw/launchpad/signing-gpg-sign-checksum-files
- Colin Watson (community): Approve
-
Diff: 528 lines (+285/-52)7 files modifiedlib/lp/archivepublisher/archivesigningkey.py (+46/-16)
lib/lp/archivepublisher/interfaces/archivesigningkey.py (+9/-0)
lib/lp/archivepublisher/publishing.py (+9/-7)
lib/lp/archivepublisher/signing.py (+15/-5)
lib/lp/archivepublisher/tests/test_archivesigningkey.py (+80/-0)
lib/lp/archivepublisher/tests/test_publisher.py (+100/-24)
lib/lp/archivepublisher/tests/test_signing.py (+26/-0)
lp:~cjwatson/ubuntu-archive-publishing/uefi-kmod-signing
- Ubuntu Package Archive Administrators: Pending requested
-
Diff: 20 lines (+6/-3)1 file modifiedpublish-distro.d/10-sign-releases (+6/-3)
lp:~apw/launchpad/signing-checksum-fix-cross-device-links
- Colin Watson (community): Approve
-
Diff: 54 lines (+11/-1)2 files modifiedlib/lp/archivepublisher/signing.py (+2/-1)
lib/lp/archivepublisher/tests/test_signing.py (+9/-0)
| tags: | added: soyuz-publish |
| Changed in launchpad: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| information type: | Public → Public Security |
| Changed in launchpad: | |
| assignee: | nobody → Andy Whitcroft (apw) |
| Changed in launchpad: | |
| status: | Triaged → In Progress |
Revision history for this message
| Andy Whitcroft (apw) wrote | #2 |
| tags: |
added: qa-ok removed: qa-needstesting |
| Changed in ubuntu-archive-publishing: | |
| status: | New → In Progress |
| importance: | Undecided → High |
| assignee: | nobody → Colin Watson (cjwatson) |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #3 |
| tags: |
added: qa-needstesting removed: qa-ok |
| Changed in launchpad: | |
| status: | In Progress → Fix Committed |
| Changed in ubuntu-archive-publishing: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Andy Whitcroft (apw) wrote | #4 |
| tags: |
added: qa-ok removed: qa-needstesting |
Revision history for this message
| Colin Watson (cjwatson) wrote | #5 |
| Changed in ubuntu-archive-publishing: | |
| status: | Fix Committed → Fix Released |
| Changed in launchpad: | |
| status: | Fix Committed → In Progress |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #6 |
| tags: |
added: qa-needstesting removed: qa-ok |
| Changed in launchpad: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Andy Whitcroft (apw) wrote | #7 |
| tags: |
added: qa-ok removed: qa-needstesting |
| Changed in launchpad: | |
| status: | Fix Committed → Fix Released |
Revision history for this message
| Andy Whitcroft (apw) wrote | #8 |
To post a comment you must log in.
r18097 in stable (http://