1. 30 Jul, 2019 1 commit
  2. 17 Jul, 2019 12 commits
  3. 08 Jul, 2019 1 commit
  4. 20 Jun, 2019 1 commit
    • Max Rees's avatar
      abuild-sudo: don't allow --keys-dir · 297de93a
      Max Rees authored and Natanael Copa's avatar Natanael Copa committed
      Not allowing --allow-untrusted is obviously a good idea, but it can be
      trivially bypassed if --keys-dir is allowed:
      
      $ abuild-apk add foo-1-r0.apk
      ERROR: foo-1-r0.apk: UNTRUSTED signature
      $ abuild-apk --allow-untrusted add foo-1-r0.apk
      abuild-apk: --allow-untrusted: not allowed option
      $ cp -rp /etc/apk/keys /tmp/keys
      $ cp untrusted.pub /tmp/keys
      $ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
      (1/1) Installing foo (1-r0)
      OK: 4319 MiB in 806 packages
      
      If both --allow-untrusted and --keys-dir are not allowed, then it should
      no longer be possible for an unprivileged member of the abuild group to
      add an untrusted package.
      
      $ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk
      abuild-apk: --keys-dir: not allowed option
      297de93a
  5. 14 Jun, 2019 1 commit
  6. 12 Jun, 2019 9 commits
  7. 03 May, 2019 2 commits
  8. 30 Apr, 2019 4 commits
  9. 29 Apr, 2019 9 commits