Roll over self-updater key for 2025 #3048
Conversation
WIP Signed-off-by: Dominik Schulz <[email protected]>
now. Signed-off-by: Dominik Schulz <[email protected]>
Signed-off-by: Dominik Schulz <[email protected]>
internal/updater/verify.go
Outdated
| -----END PGP PUBLIC KEY BLOCK----- | ||
| `), | ||
| // 2023 key - 0x560D8522 |
There was a problem hiding this comment.
any reason to keep the 2023 key but not the 2024 one?
There was a problem hiding this comment.
There is no 2024 key. When I started this feature I did settle for a 2y expiry. Happy to discuss and change that going forward.
There was a problem hiding this comment.
Ah right, but my question was then:
why delete the key starting with mQGNBGAH4iEBDAC6ZXN/hzyrB8GA8KdQEasGOrri86GDsyyyRPHP1 instead of storing it like the below one?
There was a problem hiding this comment.
Why I wasn't deleting the expired key? Good point. For a proper key rollover we can't do that, but since it already expired I can kill it.
internal/updater/verify_test.go
Outdated
| // Can not run parallel because we're overwriting the global timeNow variable. | ||
| timeNow = func() time.Time { | ||
| return time.Now().Add(6 * 30 * 24 * time.Hour) | ||
| } | ||
| defer func() { | ||
| timeNow = func() time.Time { | ||
| return time.Now() | ||
| } | ||
| }() | ||
|
|
||
| ok, err := gpgVerify(testData, testSignature) | ||
| require.NoError(t, err, "If TestGPGVerify succeeds but this test fails the self-updater key is about to expire. Please open an issue to update the key. Thank you.") | ||
| assert.True(t, ok) |
There was a problem hiding this comment.
an alternative might be to just rely on:
func (sig *Signature) SigExpired(currentTime time.Time) bool
https://github.com/ProtonMail/go-crypto/blob/d703f494c90d2fa80fdbbaf33c084a7225411b55/openpgp/packet/signature.go#L760-L762
for the signature returned by PrimarySelfSignature:
https://github.com/ProtonMail/go-crypto/blob/d703f494c90d2fa80fdbbaf33c084a7225411b55/openpgp/keys.go#L887-L892
Something like:
| // Can not run parallel because we're overwriting the global timeNow variable. | |
| timeNow = func() time.Time { | |
| return time.Now().Add(6 * 30 * 24 * time.Hour) | |
| } | |
| defer func() { | |
| timeNow = func() time.Time { | |
| return time.Now() | |
| } | |
| }() | |
| ok, err := gpgVerify(testData, testSignature) | |
| require.NoError(t, err, "If TestGPGVerify succeeds but this test fails the self-updater key is about to expire. Please open an issue to update the key. Thank you.") | |
| assert.True(t, ok) | |
| // we only check the latest pubkey | |
| keyList, err := openpgp.ReadArmoredKeyRing(bytes.NewReader(pubkey[0])) | |
| if err != nil || len(keyList) < 1 { | |
| debug.Log("failed to read public key: %q", err) | |
| return false, fmt.Errorf("failed to read public key: %w", err) | |
| } | |
| sig, _ := keyList[0].PrimarySelfSignature() | |
| require.False(t, sig.SigExpired(time.Now().AddDate(0,6,0)), "If TestGPGVerify succeeds but this test fails the self-updater key is about to expire. Please open an issue to update the key. Thank you.") |
So that we don't need to change gpgVerify and use a global variable.
There was a problem hiding this comment.
Great suggestion. I'll try that.
There was a problem hiding this comment.
That didn't seem to work. The self-sig didn't have an expriation in my case. Something else must have been expired (subkey, signature, ...).
Signed-off-by: Dominik Schulz <[email protected]>
Signed-off-by: Dominik Schulz <[email protected]>
Signed-off-by: Dominik Schulz <[email protected]>
Signed-off-by: Dominik Schulz <[email protected]>
We missed to supply a new key before the old key expired again and one of the tests started to fail once the old key was expired.
This is a more comprehensive approach to address this going forward. Not perfect, yet. But should put us (especially myself) in a better position next time this comes up.
Changes in this PR:
Fixes #3047