[pve-devel] [PATCH proxmox v8 0/5] fix #5207: apt: check signature of repos with proxmox-pgp

From: Nicolas Frey <n.frey@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH proxmox v8 0/5] fix #5207: apt: check signature of repos with proxmox-pgp
Date: Wed, 14 Jan 2026 10:35:57 +0100	[thread overview]
Message-ID: <20260114093602.33057-1-n.frey@proxmox.com> (raw)

This patch series moves in pgp verification code from POM into its
own micro-crate `proxmox-pgp` to reuse it to verify a package is of
Proxmox Origin, which fixes #5207.

If this patch series is applied, then `proxmox-offline-mirror` should
use the `proxmox-pgp` crate.

The last patch again adds in the local file fallback in case that the
URI starts with `file://`.

Changes since v7:
* added tests to proxmox-pgp crate that cover verifying {de,at}tached
  signatures

Changes since v6 (thanks Fabian!):
* add missing features for `serde` & `proxmox-schema`
* remove logging from verification, as it is only invoked to check
  whether a repository is a Proxmox standard repository, where
  logging is not warranted

Changes since v5 (thanks @Shannon):
* changed imports to be module level and correct ordering
* adjust the signature verification to make it more viable to be in
    a library by collecting the errors and returning it as one
    instead of directly printing to `stderr`
* cleaned up some minor nits

Changes since v4 (thanks @Thomas for feedback):
* added `proxmox-pgp` micro-crate and moved code from POM
* removed reliance on gpgv in favor of now available `verify_signature`
    function in `proxmox-pgp`
* removed http(s) fallback for cached InRelease file
* split up initial patch into smaller commits

Changes since v3:
* Moved found_uri_or_signed to function and to the end of bool chain
    to prevent redundant signage checks to improve performance
* Added fallback to the cached InRelease file to get it from repos URI

Changes since v2:
* correct the mapping in `gpg_signed`

Changes since v1:
* rewrite test so it compiles

proxmox:

Nicolas Frey (5):
  add proxmox-pgp subcrate, move POM verifier code to it
  proxmox-pgp: add unit tests for {de,at}tached signatures
  fix #5207: apt: check signature of repos with proxmox-pgp
  apt: add tests for POM release filenames
  apt: check for local POM InRelease as fallback

 Cargo.toml                                 |   2 +
 proxmox-apt/Cargo.toml                     |   1 +
 proxmox-apt/src/repositories/repository.rs |  77 ++++-
 proxmox-pgp/Cargo.toml                     |  17 +
 proxmox-pgp/debian/changelog               |   5 +
 proxmox-pgp/debian/control                 |  44 +++
 proxmox-pgp/debian/copyright               |  18 +
 proxmox-pgp/debian/debcargo.toml           |   7 +
 proxmox-pgp/src/lib.rs                     |   5 +
 proxmox-pgp/src/verifier.rs                | 385 +++++++++++++++++++++
 10 files changed, 551 insertions(+), 10 deletions(-)
 create mode 100644 proxmox-pgp/Cargo.toml
 create mode 100644 proxmox-pgp/debian/changelog
 create mode 100644 proxmox-pgp/debian/control
 create mode 100644 proxmox-pgp/debian/copyright
 create mode 100644 proxmox-pgp/debian/debcargo.toml
 create mode 100644 proxmox-pgp/src/lib.rs
 create mode 100644 proxmox-pgp/src/verifier.rs

Summary over all repositories:
  10 files changed, 551 insertions(+), 10 deletions(-)

-- 
Generated by git-murpp 0.8.1

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel