From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] validate GPG keys by fingerprint Date: Mon, 13 Nov 2017 22:58:59 +0000 Message-ID: <1510613939.3441.16.camel@ipfire.org> In-Reply-To: <20171112154028.4428de21.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3459629155993533211==" List-Id: --===============3459629155993533211== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thanks. I merged this and so we can work on improving this more... On Sun, 2017-11-12 at 15:40 +0100, Peter M=C3=BCller wrote: > Validate GPG keys by fingerprint and not by 8-bit key-ID. >=20 > This makes exploiting bug #11539 harder, but not impossible > and does not affect existing installations. >=20 > Signed-off-by: Peter M=C3=BCller > --- > src/pakfire/lib/functions.pl | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl > index c347916d8..cfb7e5117 100644 > --- a/src/pakfire/lib/functions.pl > +++ b/src/pakfire/lib/functions.pl > @@ -34,8 +34,8 @@ use Net::Ping; > package Pakfire; > =20 > # GPG Keys > -my $myid =3D "64D96617"; # Our own gpg-key paks(a)ipfire.org > -my $trustid =3D "65D0FD58"; # gpg-key of CaCert > +my $myid =3D "179740DC4D8C47DC63C099C74BDE364C64D96617"; # Our own gpg-ke= y paks(a)ipfire.org > +my $trustid =3D "A31D4F81EF4EBD07B456FA04D2BB0D0165D0FD58"; # gpg-key of C= aCert > =20 > # A small color-hash :D > my %color; --===============3459629155993533211== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUU1L3JXNWwzR0dl Mnlwa3R4Z0hudy8yK1FDUWNGQWxvS0k3UUFDZ2tRZ0hudy8yK1EKQ1Fmelh4QUFodFZraUVMTEtK aXlVNit6OXZjRTQramtUSG52UzEyemJjaVlhcUVDcVY4WUxubGhoYnIrUDhBTAoxYWE2ZzMvNkgy MXk4YzlRblRKTUV2eGJwN1IvR3RBVGxmR3hEWHhKZFk4b0xFRHhtbzdvWDdheHBZQXVWOGxLCndj WU1jUU1MczhIMURjYVpmZFQ4aGRNcHVXQ1FjVkprdzYzbEtqTVp1TXVwTEpPRklKbldEcGZ3c3RZ UW50d0oKSUR5dmNKUlhBQ3dnQUFQcTZ5VDhiWElWZGI1b1Jqei9ZdXN2MFBtM3pqZGoxeHZpcHpt NFVOQU5RdEtHa2hhZQpaZ0g5c2xtU3Y1dVl6eFdrKzVid0dRVG1BQVE0eHVBdXNBWGR5YW5RaFdv UzY1dmZCZkE1L1JOK0dveWVzRWUwCnlSSFo0QnpINTlkTi84MWFaQ3ZUeFUvQjZrdXVKb05pckN1 N0RHSHpTNGc3YlVQdlhvK0NHQ0QvUmo3T2VEVUEKVHdBdjFuektrQ3V5UDUwZFhJRUpPNU9GbHRl aGp4MXlDc25rbWVJd0NhTmN5R0VIWUtiVjhZQXNaU3F0NE8zeQpwQzlQdTNjOCtpQkhkdytMWTVt bFNBNE9Mb29XOFBRNDA1ODFZYjRycUxDald3eVV6S213eHdNa0RCRWpOb0F6CmFuNXFFYlYwQVdI Z2RVcm15Sm9aZFVTa2xmUTRHdW00YitLbHp4blNjMjk1c2lkdHUyd3VpZUJrUnA0WkhQR3MKalVZ eGVraEkyaStMeFdBL2xEMmN1eWY2bzFreWM2VjludU55SDNxZ0syQ0kyRThCQzRTRmJZTy9pbUgy NmtBQgpreEpMYjBrNWErSUxIRDJ0NFd6bForL0k4T2FOcDk4MHRYVENwMWFEc1RSSnhzV2d3NU09 Cj1ZczBqCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============3459629155993533211==--