fedup: does not verify source
Björn Persson
bjorn at xn--rombobjrn-67a.se
Tue Dec 18 01:05:32 UTC 2012
Adam Williamson wrote:
> On Mon, 2012-12-17 at 11:27 -0500, Przemek Klosowski wrote:
> > On 12/17/2012 01:58 AM, Adam Williamson wrote:
> > > fedup essentially automates doing yum distro-sync across a reboot
> > > and in an isolated environment
> >
> > I don't understand---the discussion started by pointing out that
> > fedup does not check signatures, then someone said that yum
> > distro-sync does it properly, and you're saying that fedup just
> > automates distro-sync. At which point is the signature checking
> > disabled then? and can it be restored?
>
> anyhow, the tricky thing here lies in somehow making it safe for fedup
> to *automatically* import the correct key for the next release. This
> is a subtlish problem.
There's another thing that also needs to be fixed. If I've understood
what I've read correctly, then Fedup downloads a kernel and a ramdisk
which make up that isolated environment that Adam mentioned. Those files
aren't RPM packages and aren't signed like the packages are. Those who
have the secret keys need to start signing the kernel/ramdisk pair, and
Fedup needs to verify that signature. Naturally the signature must be
verified before the kernel/ramdisk pair is booted.
Björn Persson
More information about the devel
mailing list