search

aptly-dev / aptly

aptly - Debian repository management tool
https://www.aptly.info/
MIT License
2.56k stars 371 forks source link

API: add configuration option to prevent inclusion of unsigned packages #963

Open umlaeute opened 3 years ago

umlaeute commented 3 years ago

i'd like to be able to prevent inclusion of packages that have not been signed by a trusted key.

Detailed Description

by default the aptly-api does signature checks on the packages to be included via POST /api/repos/:name/include/:dir. however, the uploader can simply circumvent this by specifying either ignoreSignature or acceptUnsigned within the JSON-payload.

i would love to have an option to only accept packages that have been signed by a trusted key.

Context

i'd like to be able to upload packages to aptly via the API. currently the only way to secure such an upload to a public server is by using http-auth via a proxy server. however, aptly already has an additional security measure that seems to be on-par with the standard Debian upload mechanism (dput): the requirement to sign packages with a key that is in a trusted keyring. unfortunately, allowing the API to ignore the signature, makes it kind-of useless for this purpose.

psztoch commented 2 years ago

It is very important!

  1. Default value of this flags should be stored in repo settings.
  2. For aptly API should be added CLI flag to block acceptUnsigned and ignoreSignature.