Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix use with Sequoia Chameleon #17

Merged
merged 13 commits into from
Dec 21, 2024
Merged

Fix use with Sequoia Chameleon #17

merged 13 commits into from
Dec 21, 2024

Conversation

DemiMarie
Copy link

@DemiMarie DemiMarie commented Sep 30, 2024
edited
Loading

See individual commit messages for details.

Fixes: QubesOS/qubes-issues#9483
Fixes: QubesOS/qubes-issues#9527
Fixes: QubesOS/qubes-issues#9528
Fixes: QubesOS/qubes-issues#9529

@DemiMarie DemiMarie mentioned this pull request Sep 30, 2024
Closed
@marmarek
Copy link
Member

CI fails in several jobs.

And also, please add reference to python/cpython#79174 to the description of the commit vendoring in that class.

@DemiMarie
Copy link
Author

CI fails in several jobs.

I’ll sort this out

And also, please add reference to python/cpython#79174 to the description of the commit vendoring in that class.

It’s actually worse: we need to vendor the entire stream infrastructure, because the StreamReader and StreamWriter constructors are not part of the public API. The only supported options are:

  1. Use the low-level asyncio API.
  2. Use blocking I/O, perhaps wrapping it in an async interface.
  3. Use a third-party library that does (1) or (2).
  4. Use a socket-based service (but this breaks backwards compatibility).

@marmarek
Copy link
Member

It’s actually worse: we need to vendor the entire stream infrastructure, because the StreamReader and StreamWriter constructors are not part of the public API

Documentation says "It is not recommended to instantiate StreamReader objects directly", which is not the same as unsupported.
Anyway, the constructor signature changed last time 5 years ago. Even if not officially supported, I think it's safe to assume it wont break (or very rarely at least).

@DemiMarie DemiMarie changed the title Multiple bug fixes Fix signing with Sequoia Chameleon Oct 22, 2024
@DemiMarie
Fix tests for Ed448 and X448 keys
e8a1d73 
GnuPG uses fingerprints for these keys that are 64 hex bytes, not 40
like for the other algorithms.  Fix the tests to account for this.
@DemiMarie
Do not test Ed448 or X448 unless GnuPG says they are supported
39ca8cc 
Debian does not support these algorithms.
@DemiMarie
Ignore NOP command
f4bfddb 
This command is used by Sequoia Chameleon.

Fixes: QubesOS/qubes-issues#9483.
@DemiMarie
Return fake 'OK' to setting 'display' option
58efb86 
This option makes no sense in the context of split-gpg2 and fails if the
gpg-agent-connection is restricted, causing Sequoia Chameleon to
disconnect.  Return a fake 'OK' response instead of passing the command
to the agent.

Fixes: QubesOS/qubes-issues#9527
@DemiMarie DemiMarie changed the title Fix signing with Sequoia Chameleon Fix use with Sequoia Chameleon Oct 22, 2024
@DemiMarie DemiMarie force-pushed the nop branch 2 times, most recently from 80ef103 to 6d95de2 Compare October 22, 2024 19:36
@codecov Codecov
Copy link

codecov bot commented Oct 22, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 85.10638% with 14 lines in your changes missing coverage. Please review.

Project coverage is 81.21%. Comparing base (ba13c18) to head (2129a12).
Report is 24 commits behind head on main.

Files with missing lines Patch % Lines
splitgpg2/__init__.py 84.94% 14 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main      #17      +/-   ##
==========================================
+ Coverage   80.86%   81.21%   +0.35%     
==========================================
  Files           2        2              
  Lines        1348     1384      +36     
==========================================
+ Hits         1090     1124      +34     
- Misses        258      260       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@DemiMarie
Remove OptionHandlingType.override
f388c33 
Since 58efb86 ("Return fake 'OK' to setting 'display' option") it
has no users.
@DemiMarie
Give fake OK response to OPTIONS pinentry-mode=ask
8efb735 
pinentry-mode=ask is the default, so this is a no-op.  Return OK instead
of an error code.  Sequoia Chameleon sends pinentry-mode=ask and
disconnects when it gets an error.

Fixes: QubesOS/qubes-issues#9528
@DemiMarie DemiMarie force-pushed the nop branch 2 times, most recently from a87f5a0 to 8173a79 Compare October 26, 2024 02:49
@marmarek
Copy link
Member

There are still some minor pylint issues

@DemiMarie
Copy link
Author

PipelineRetryFailed

@DemiMarie
Copy link
Author

CI failure is unrelated: https://github.com/Whonix/qubes-template-whonix is missing a signed tag (so paging @adrelanos).

@DemiMarie
Fix bytes vs str mismatch
1010282 
This bug is old, but it only triggers if there are no UIDs, which is why
testing didn't reveal it.  I suspect old versions of mypy just did not
catch the bug.
@DemiMarie
Properly indent a function parameter
5b8e483 
No functional change intended.
@DemiMarie
Understand Assuan comments
329b272 
Assuan comments start with '#' and must be ignored.  Do not send them to
the client.
@DemiMarie
Always pass expected_inquires dict
5890078 
This saves some code.
@DemiMarie
Clean up input validation
cff7f8e 
- Compile all regular expressions during initialization.
- Check for newline injection before sending data to the agent.
- Misc cleanups.
- Use "parse, don't validate" for commands taking keygrips
@DemiMarie
Allow "KEYINFO --list"
ebf46f9 
Currently, this command is blocked.  GnuPG detects that the agent
connection is restricted and doesn't try to use it, while Sequoia
Chameleon does not implement the fallback and is unable to list secret
keys or decrypt messages.  Furthermore, gpg prints
"gpg: problem with fast path key listing: Forbidden - ignored", which
Mutt interprets as a prompt the user must respond to.  This causes the
user to need to press enter twice to send a signed email.

Fix these problems by allowing this request.  The request does not work
over a restricted connection, so an unrestricted connection must be
used.  However, the filtering done by split-gpg2 is far stronger than
the access checks in gpg-agent so there is no loss of security.

Fixes: QubesOS/qubes-issues#9529
@DemiMarie
Use unrestricted connection for HAVEKEY --list and KEYINFO --list
2129a12 
These commands are forbidden over a restricted connection to the agent,
but GnuPG wars if they are not present and Sequoia Chameleon requires
them.  Fortunately, they are trivial to sanitize input for, so there is
near-zero risk of an injection vulnerability.  Therefore, use a separate
unrestricted agent connection for these commands.  Also use a separate
function to read agent hello messages sent upon connection.
This was referenced Dec 19, 2024
Open
Open
Merged
Open
@qubesos-bot
Copy link

qubesos-bot commented Dec 19, 2024
edited
Loading

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2024122002-4.3&flavor=pull-requests

Test run included the following:

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2024111705-4.3&flavor=update

  • system_tests_gui_tools

    • qui_widgets_disk_space: unnamed test (unknown)
    • qui_widgets_disk_space: Failed (test died)
      # Test died: no candidate needle with tag(s) 'qui-disk-space-widget...

  • system_tests_kde_gui_interactive

    • gui_keyboard_layout: wait_serial (wait serial expected)
      # wait_serial expected: "echo -e '[Layout]\nLayoutList=us,de' | sud...

  • system_tests_gui_tools@hw7

    • qui_widgets_disk_space: unnamed test (unknown)
    • qui_widgets_disk_space: Failed (test died)
      # Test died: no candidate needle with tag(s) 'qui-disk-space-widget...

  • system_tests_basic_vm_qrexec_gui_xfs

    • switch_pool: Failed (test died)
      # Test died: command 'migrate_templates' failed at /usr/lib/os-auto...

Failed tests

8 failures

  • system_tests_gui_tools

    • qui_widgets_disk_space: unnamed test (unknown)
    • qui_widgets_disk_space: Failed (test died)
      # Test died: no candidate needle with tag(s) 'qui-disk-space-widget...

  • system_tests_kde_gui_interactive

    • gui_keyboard_layout: wait_serial (wait serial expected)
      # wait_serial expected: "echo -e '[Layout]\nLayoutList=us,de' | sud...

    • gui_keyboard_layout: Failed (test died)
      # Test died: command 'test "$(cd ~user;ls e1*)" = "$(qvm-run -p wor...

  • system_tests_gui_tools@hw7

    • qui_widgets_disk_space: unnamed test (unknown)
    • qui_widgets_disk_space: Failed (test died)
      # Test died: no candidate needle with tag(s) 'qui-disk-space-widget...

  • system_tests_basic_vm_qrexec_gui_xfs

    • switch_pool: Failed (test died)
      # Test died: command 'migrate_templates' failed at /usr/lib/os-auto...

  • system_tests_basic_vm_qrexec_gui_zfs

    • switch_pool: Failed (test died)
      # Test died: command 'migrate_templates' failed at /usr/lib/os-auto...

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/119126#dependencies

2 fixed

  • system_tests_extra

    • TC_00_QVCTest_whonix-gateway-17: test_010_screenshare (failure)
      ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 0 == 0

  • system_tests_audio@hw1

Unstable tests

  • system_tests_update

    update2/Failed (1/5 times with errors)
    • job 121711 # Test died: command '(set -o pipefail; qubesctl --show-output stat...

  • system_tests_update@hw1

    update2/Failed (1/5 times with errors)
    • job 121711 # Test died: command '(set -o pipefail; qubesctl --show-output stat...

  • system_tests_update@hw7

    update2/Failed (1/5 times with errors)
    • job 121711 # Test died: command '(set -o pipefail; qubesctl --show-output stat...

This was referenced Dec 19, 2024
Open
Open
Open
@marmarek marmarek merged commit b23c0de into QubesOS:main Dec 21, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marmarek marmarek marmarek approved these changes

Assignees
No one assigned
Labels
openqa-pending
Projects
None yet
Milestone
No milestone
3 participants
@DemiMarie @marmarek @qubesos-bot