Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 882435 - Insufficient committer validation in git hooks
Summary: Insufficient committer validation in git hooks
Status: CONFIRMED
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Git (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Infrastructure
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-11-22 04:24 UTC by John Helmert III
Modified: 2023-05-07 08:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-22 04:24:21 UTC 
A few days ago, someone accidentally committed with the wrong committer:

$ git log --pretty=fuller --grep larry@gentoo.org
commit 4923128a80b2a59ad47935cdf6dd8d13c4d5ab70
Author:     Thiago Donato Ferreira <flowlnlnln@gmail.com>
AuthorDate: Tue Nov 15 14:22:41 2022 -0300
Commit:     Larry the Cow <larry@gentoo.org>
CommitDate: Tue Nov 15 22:00:12 2022 +0100

    games-action/prismlauncher: drop 5.0

    Signed-off-by: Thiago Donato Ferreira <flowlnlnln@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/28288
    Signed-off-by: Larry the Cow <larry@gentoo.org>

commit 738e102233faf498e1d3c06db700b92969804319
Author:     Thiago Donato Ferreira <flowlnlnln@gmail.com>
AuthorDate: Tue Nov 15 14:22:23 2022 -0300
Commit:     Larry the Cow <larry@gentoo.org>
CommitDate: Tue Nov 15 22:00:11 2022 +0100

    games-action/prismlauncher: add 5.2

    Signed-off-by: Thiago Donato Ferreira <flowlnlnln@gmail.com>
    Signed-off-by: Larry the Cow <larry@gentoo.org>

$ git verify-commit 4923128a80b2a59ad47935cdf6dd8d13c4d5ab70 738e102233faf498e1d3c06db700b92969804319
gpg: Signature made Tue 15 Nov 2022 03:00:12 PM CST
gpg:                using RSA key DF355FAF68A43A684383AD23A2E2304370447E8E
gpg: Good signature from "Andrew Ammerlaan <andrewammerlaan@gentoo.org>" [unknown]
gpg:                 aka "Andrew Ammerlaan <andrewammerlaan@riseup.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
      06FF5341BD805DB0BC7D07A6A19F636CD4EDBCD1
      DF355FAF68A43A684383AD23A2E2304370447E8E
gpg: Signature made Tue 15 Nov 2022 03:00:11 PM CST
gpg:                using RSA key DF355FAF68A43A684383AD23A2E2304370447E8E
gpg: Good signature from "Andrew Ammerlaan <andrewammerlaan@gentoo.org>" [unknown]
gpg:                 aka "Andrew Ammerlaan <andrewammerlaan@riseup.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
      06FF5341BD805DB0BC7D07A6A19F636CD4EDBCD1
      DF355FAF68A43A684383AD23A2E2304370447E8E

So, this indicates a couple problems with our git hooks:

- Should verify that committer is equal to one of the S-o-b identities
- Should verify that this identity is one of the UIDs of the GPG signer, though this shouldn't be too strict given some people have things like "Gentoo key" in their UIDs
- Should verify that this identity is that of someone who should be committing to $REPO (though this may very well be superfluous)