Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

securedrop-admin does not include new UID in signature check #5994

Closed
eloquence opened this issue Jun 16, 2021 · 0 comments · Fixed by #5998
Closed

securedrop-admin does not include new UID in signature check #5994

eloquence opened this issue Jun 16, 2021 · 0 comments · Fixed by #5998
Labels
bug release blocker
Milestone
2.0.0

Comments

@eloquence
Copy link
Member

Description

securedrop-admin (which is used by the graphical updater) does not check for our new release key UID, here:

https://github.com/freedomofpress/securedrop/blob/develop/admin/securedrop_admin/__init__.py#L946-L949

The new UID is [email protected]. This omission means that the tag verification will fail. (Note the closing quotation mark on the first line, which is not present when the key has a UID associated with it.)

Steps to Reproduce

A bit difficult as we currently don't have a tag signed with the new key up. I've so far only tested this by manually attempting to match signature output in the same manner as the updater does.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug release blocker
Projects
None yet
Milestone
2.0.0
Development

Successfully merging a pull request may close this issue.

fix: added match for new key in updater freedomofpress/securedrop
1 participant
@eloquence