uefi archive files don't have signed checksums
Bug #1285919 reported by
Julian Edwards
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Andy Whitcroft | ||
ubuntu-archive-publishing |
Fix Released
|
High
|
Colin Watson |
Bug Description
Files under /ubuntu/
Compare to /ubuntu/
MAAS downloads netboot installer files and is about to sprout support for UEFI. We previously had a CVE raised because the netboot installer downloads were not verified against the archive signature, so it makes sense to ensure these .efi files also get signed checksums.
Related branches
lp:~apw/launchpad/signing-add-sha256-checksums
- Colin Watson (community): Approve
-
Diff: 354 lines (+215/-2)5 files modifiedlib/lp/archivepublisher/publishing.py (+61/-0)
lib/lp/archivepublisher/signing.py (+8/-0)
lib/lp/archivepublisher/tests/test_publisher.py (+106/-1)
lib/lp/archivepublisher/tests/test_signing.py (+30/-0)
lib/lp/archivepublisher/utils.py (+10/-1)
lp:~apw/launchpad/signing-gpg-sign-checksum-files
- Colin Watson (community): Approve
-
Diff: 528 lines (+285/-52)7 files modifiedlib/lp/archivepublisher/archivesigningkey.py (+46/-16)
lib/lp/archivepublisher/interfaces/archivesigningkey.py (+9/-0)
lib/lp/archivepublisher/publishing.py (+9/-7)
lib/lp/archivepublisher/signing.py (+15/-5)
lib/lp/archivepublisher/tests/test_archivesigningkey.py (+80/-0)
lib/lp/archivepublisher/tests/test_publisher.py (+100/-24)
lib/lp/archivepublisher/tests/test_signing.py (+26/-0)
lp:~cjwatson/ubuntu-archive-publishing/uefi-kmod-signing
- Ubuntu Package Archive Administrators: Pending requested
-
Diff: 20 lines (+6/-3)1 file modifiedpublish-distro.d/10-sign-releases (+6/-3)
lp:~apw/launchpad/signing-checksum-fix-cross-device-links
- Colin Watson (community): Approve
-
Diff: 54 lines (+11/-1)2 files modifiedlib/lp/archivepublisher/signing.py (+2/-1)
lib/lp/archivepublisher/tests/test_signing.py (+9/-0)
tags: | added: soyuz-publish |
Changed in launchpad: | |
status: | New → Triaged |
importance: | Undecided → High |
information type: | Public → Public Security |
Changed in launchpad: | |
assignee: | nobody → Andy Whitcroft (apw) |
Changed in launchpad: | |
status: | Triaged → In Progress |
Changed in ubuntu-archive-publishing: | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in ubuntu-archive-publishing: | |
status: | In Progress → Fix Committed |
Changed in launchpad: | |
status: | Fix Committed → In Progress |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
r18097 in stable (http:// bazaar. launchpad. net/~launchpad- pqm/launchpad/ stable/ revision/ 18097) is part of this bug's fix.