577248 – A way to add trusted PGP keys as update-able extensions

Bug 577248 - A way to add trusted PGP keys as update-able extensions

Summary: A way to add trusted PGP keys as update-able extensions

Status:	RESOLVED FIXED

Alias:	None

Product:	Equinox
Classification:	Eclipse Project
Component:	p2 (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P3 enhancement (vote)
Target Milestone:	4.23 M2
Assignee:	Mickael Istria
QA Contact:

URL:
Whiteboard:
Keywords:	Documentation, noteworthy

Depends on:
Blocks:

Reported:	2021-11-14 15:20 EST by Mickael Istria
Modified:	2022-01-10 09:28 EST (History)
CC List:	1 user (show)

See Also:	577193 Gerrit Change Gerrit Change Git Commit Git Commit

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mickael Istria

2021-11-14 15:20:38 EST

This is the programmatic counterpart of bug 577193.

In order to rely more widely on PGP keys instead of jarsigner, p2 needs to implement a chain of trust from installed artifacts allowing to trust some other keys/artifacts, so one can install in a product a set of trusted keys from trusted projects. There is already such capability for product packages, but that doesn't cover the case of updates. So we need a way to provide such keys from update-able artifacts.
Initially, there was such strategy directly built-in in p2 IUs providing a property in their metadata, but it was then identified as unsafe because metadata are not signed and are too easy to forge; so it was removed.
The only "signed" data or metadata we have are the plugins themselves. So most likely the safest way is to use the extensibility provided by plugins/bundles directly.

Comment 1 Mickael Istria

2022-01-04 04:28:54 EST

Recommendation here is to inject keys via the Provide-Capability header: https://www.eclipse.org/lists/equinox-dev/msg09344.html

Comment 2 Eclipse Genie

2022-01-04 17:42:46 EST

New Gerrit change created: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/189269

Comment 3 Eclipse Genie

2022-01-04 17:43:29 EST

New Gerrit change created: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/189270

Comment 4 Mickael Istria

2022-01-04 17:45:27 EST

(In reply to Mickael Istria from comment #1)
> Recommendation here is to inject keys via the Provide-Capability header:
> https://www.eclipse.org/lists/equinox-dev/msg09344.html

Actually, we have access to RegistryObject.getRegistry from inside p2 engine. So we can use the good old plugin.xml, see attached Gerrit patches which provide a working implementation.

Comment 5 Eclipse Genie

2022-01-10 09:23:22 EST

New Gerrit change created: https://git.eclipse.org/r/c/www.eclipse.org/eclipse/news/+/189435

Comment 6 Eclipse Genie

2022-01-10 09:24:34 EST

Gerrit change https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/189270 was merged to [master].
Commit: http://git.eclipse.org/c/equinox/rt.equinox.p2.git/commit/?id=9ea96950f33f9e87c1c035eed375b56b44d37289

Comment 7 Eclipse Genie

2022-01-10 09:24:46 EST

Gerrit change https://git.eclipse.org/r/c/www.eclipse.org/eclipse/news/+/189435 was merged to [master].
Commit: http://git.eclipse.org/c/www.eclipse.org/eclipse/news.git/commit/?id=79de56828e02636ea3a57b6316818e3f74db1107