diff options
| author | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2015-05-21 10:12:23 +0100 |
|---|---|---|
| committer | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2015-05-31 12:58:00 +0100 |
| commit | ba153eff996c278e4fb2db71dc038c97d56684af (patch) | |
| tree | 3e2e4834d4114994faaf8e7ae53a6bdf15d46b2f | |
| parent | fb73b55ade7687b65727b1146b860ea892425cc6 (diff) | |
New approach to replay prevention - WIP
| -rwxr-xr-x | infra/dgit-repos-server | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server index ab83136..f2f3088 100755 --- a/infra/dgit-repos-server +++ b/infra/dgit-repos-server @@ -632,11 +632,21 @@ sub checksuite () { } sub checktagnoreplay () { + # We need to prevent a replay attack using an earlier signed tag. + # We also want to archive in the history anything + # # We check that the signed tag mentions the name and tag object id of - # (a) in the case of FRESHREPO all tags in the repo; - # (b) in the case of just NOFFCHECK all tags referring to + # + # (a) In the case of FRESHREPO all tags and refs/heads/heads in the + # repo. That is, effectively, all the things we are deleting. + # This prevents any tag implying a FRESHREPO push being replayed + # into a different state of the repo. + # + # (b) In the case of just NOFFCHECK all tags referring to # the current head for the suite (there must be at least one). - # This prevents a replay attack using an earlier signed tag. + # This guarantees that the + # + # return unless $policy & (FRESHREPO|NOFFCHECK); my $garbagerepo = "$dgitrepos/${package}_garbage"; |