Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 644998 - app-crypt/gkeys: add verify --refresh option that uses a temporary directory for unprivileged users
Summary: app-crypt/gkeys: add verify --refresh option that uses a temporary directory ...
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Hosted Projects
Classification: Unclassified
Component: gentoo-keys (show other bugs)
Hardware: All All
: Normal enhancement (vote)
Deadline: 2020-05-19
Assignee: Gentoo-keys project
URL:
Whiteboard:
Keywords: PMASKED
Depends on:
Blocks:
 
Reported: 2018-01-18 23:25 UTC by Zac Medico
Modified: 2020-05-23 09:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Zac Medico gentoo-dev 2018-01-18 23:25:03 UTC 
It's currently not possible for unprivileged users to refresh keys, which can be a security problem because it means that they don't have a way to ensure that the keys they are using have not been revoked for some reason.

As a solution, I'd suggest to give the 'verify' subcommand a --refresh option, which refreshes the keys in a temporary directory if the user does not have write privileges to files installed by gentoo-keys.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-04-19 12:12:26 UTC 
app-crypt/gkeys is last rited now.
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-05-23 09:31:24 UTC 
Removing.