aptly icon indicating copy to clipboard operation
aptly copied to clipboard

Published 20 hours ago verified publisher icon aptly-dev

API: add configuration option to prevent inclusion of unsigned packages

Open umlaeute opened this issue 4 years ago • 1 comments
trafficstars

i'd like to be able to prevent inclusion of packages that have not been signed by a trusted key.

Detailed Description

by default the aptly-api does signature checks on the packages to be included via POST /api/repos/:name/include/:dir. however, the uploader can simply circumvent this by specifying either ignoreSignature or acceptUnsigned within the JSON-payload.

i would love to have an option to only accept packages that have been signed by a trusted key.

Context

i'd like to be able to upload packages to aptly via the API. currently the only way to secure such an upload to a public server is by using http-auth via a proxy server. however, aptly already has an additional security measure that seems to be on-par with the standard Debian upload mechanism (dput): the requirement to sign packages with a key that is in a trusted keyring. unfortunately, allowing the API to ignore the signature, makes it kind-of useless for this purpose.

umlaeute avatar Jul 02 '21 07:07 umlaeute

It is very important!

  1. Default value of this flags should be stored in repo settings.
  2. For aptly API should be added CLI flag to block acceptUnsigned and ignoreSignature.

psztoch avatar Jul 13 '22 14:07 psztoch