The OpenPGP signature files (.asc) are currently created using GnuPG's --clearsign . This has a few impacts on usability and security since the files are needed again to verify the integrity of the downloaded files. 1) Because a file named .DIGESTS exists along side .DIGESTS.asc a warning is properly given by GnuPG that it is in fact not a detached signature being used: $ gpg --verify stage3-amd64-20160211.tar.bz2.DIGESTS.asc gpg: Signature made Fri 12 Feb 2016 09:25:58 AM CET gpg: using RSA key 0xBB572E0E2D182910 gpg: Good signature from "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" [full] gpg: WARNING: not a detached signature; file 'stage3-amd64-20160211.tar.bz2.DIGESTS' was NOT verified! 2) sha512sum shows an additional warning if trying to verify against the .asc file directly: $ sha512sum -c stage3-amd64-20160211.tar.bz2.DIGESTS.asc stage3-amd64-20160211.tar.bz2: OK stage3-amd64-20160211.tar.bz2: FAILED stage3-amd64-20160211.tar.bz2.CONTENTS: OK stage3-amd64-20160211.tar.bz2.CONTENTS: FAILED sha512sum: WARNING: 20 lines are improperly formatted sha512sum: WARNING: 2 computed checksums did NOT match 3) The data between .DIGESTs and .DIGESTS.asc is duplicated Using detached signatures is normally superior to clearsigned (no line ending canonicalization and allows similar treatment for binary files as for text files). Is there any reason we're not just detach-signing (--armored) the files in question?
The --clearsign format has remained for long-standing compat with old tools. As a migration plan, how about this: 1. .DIGESTS file remain the same. 2. .DIGESTS.detached-sig is added. 3. .DIGESTS.asc clearsign format is announced to be sunset in 6 months.
To clarify on tools: I've seen some tools that depended on the fact that .asc was a clear-signed file, and only fetched the .asc, and not the other .DIGESTS file. The usable path is: ==== T=$(mktemp) rm -f $T if ! gpg -o $T --decrypt livedvd-x86-amd64-32ul-20140826.iso.DIGESTS.asc; then echo "Unable to validate" exit 1 fi sha512sum -c $T ====
(In reply to Robin Johnson from comment #2) > To clarify on tools: > I've seen some tools that depended on the fact that .asc was a clear-signed > file, and only fetched the .asc, and not the other .DIGESTS file. > > The usable path is: > ==== > T=$(mktemp) > rm -f $T > if ! gpg -o $T --decrypt livedvd-x86-amd64-32ul-20140826.iso.DIGESTS.asc; > then > echo "Unable to validate" > exit 1 > fi > sha512sum -c $T > ==== yeah, that is a sane path to convert the clearsigned file into a plain text variant, except for gpg not returning a non-zero return value in all cases it should be discarded, should use gpgv for that (certificate validity issues if not using a clean pubring) But how about using a binary .sig detached signature as an alternative to detached-sig? (not that it matters that much, the proper way to verify is in any case gpg --verify <sig-file> <data-file> and --batch mode will fail without the dual-specification for the same reasons as the warning happens in interactive mode.
Calling it .sig is fine by me. I'm just blocking change to the format of '.asc'; Somewhere there was a tool that could convert between signature formats (clearsigned to detached). Have you seen it? Could we use it for this case?
(In reply to Robin Johnson from comment #4) > Somewhere there was a tool that could convert between signature formats > (clearsigned to detached). Have you seen it? Could we use it for this case? P.S. I know that detached->clearsigned is hard due to the whitespace rules, but the other direction should be possible.
I think this one is done: * https://www.gentoo.org/news/2022/02/17/changed-signatures.html * https://gitweb.gentoo.org/infra/mastermirror-scripts.git/commit/?id=285d8e0166ffd72aa56ab610d93365e66d75111e * https://gitweb.gentoo.org/infra/mastermirror-scripts.git/commit/?id=198db23744732df928caee4a86f0cec6b3a5a21f