Re: Storing collection ref (collection ID + ref) in the commit metadata
- From: Krzesimir Nowak <krzesimir kinvolk io>
- To: ostree-list gnome org
- Subject: Re: Storing collection ref (collection ID + ref) in the commit metadata
- Date: Fri, 23 Jun 2017 16:12:43 +0200
On Tue, Jun 20, 2017 at 5:33 PM, Krzesimir Nowak <krzesimir kinvolk io> wrote:
Hi,
I'm working on implementing storing of the collection ref in the
commit metadata. The point of this work is that if we’re going to
support inline signatures in summary files, the metadata in commits
needs to point back to the refs, so that an attacker can’t change the
checksums around between refs in a summary file.
So in the beginning two questions came to my mind (and got some
answers from Philip which I'm going to use here):
1. Where should we store the collection ref? In commit metadata or in
detached metadata?
Storing it in commit metadata means that the collection ref is signed
as a part of the commit, so we can trust it from the start. But it
also means that we need to specify the collection ref from the
beginning and it can never change (that would change the commit's
checksum) - that makes the --orphan flag a whole lot less useful. Also
it is not fine when ostree refs have discontinuous history (ref
pointed to commit 1, then later it points to commit 2 which is not a
child of commit 1, so commit 1 is not a part of ref's history).
Storing it in detached metadata means we need to sign it ourselves
inline (the signature would be made based probably on a triplet of
commit checksum, collection ref and a timestamp of modification). Also
it may be possible that MITM can just strip it from detached metadata
and pass it further, but I haven't thought too much on this attack (it
would cause the client to discard the commit when pulling if it
requires the collection ref to exist in metadata). Also, it could be
possible to change detached metadata to update the collection ref if
there is need (unless there is some assumption about detached metadata
being immutable after creation?).
2. Where should the collection ref come from?
Clearly, the API for writing metadata is either
ostree_repo_write_commit or
ostree_repo_write_commit_detached_metadata, depends on where we decide
to store the information. I was just wondering where should we take
the collection ref from? From parent commit? If there's none such (or
it does not have the collection ref in metadata) then it would be from
the repo's collection id and some given ref? Or we should simply add
some flags to the "ostree commit" command that allow specifying the
collection ref?
So I have a (strawman for now and untested) branch implementing
storing collection ref in detached metadata -
https://github.com/kinvolk/ostree/tree/krnowak/collection-ref-in-commit-metadata-T17610
I had some followup questions about the implementation:
1. Do we want to store not one collection ref, but many of them in the
commit metadata? I wasn't sure whether we should allow for many
collection refs there or rather for one collection id and many refs.
Philip argued for the former.
2. As a part of the metadata we store the timestamp, which tells when
this particular piece of metadata was modified. I guess that the only
useful check we can perform with it is to compare it with the
timestamp from the older detached metadata of the commit (if we had it
before). Anything else comes to your mind?
3. I wasn't sure if we want to bail out when the detached metadata is
invalid or just skip this commit. Bailing out is easier, so this is
what I went with for now.
4. If we set the collection ref for a commit, should we also set it
for all its parent commits too?
--
Kinvolk GmbH | Adalbertstr. 6a, 10999 Berlin
Geschäftsführer/Directors: Alban Crequy, Chris Kühl, Iago López Galeiras
Registergericht/Court of registration: Amtsgericht Charlottenburg
Registernummer/Registration number: HRB 171414 B
Ust-ID-Nummer/VAT ID number: DE302207000
--
Kinvolk GmbH | Adalbertstr. 6a, 10999 Berlin
Geschäftsführer/Directors: Alban Crequy, Chris Kühl, Iago López Galeiras
Registergericht/Court of registration: Amtsgericht Charlottenburg
Registernummer/Registration number: HRB 171414 B
Ust-ID-Nummer/VAT ID number: DE302207000
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]