Re: Is git clone followed by git verify-tag meaningful?

git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed

From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: git@vger.kernel.org
Subject: Re: Is git clone followed by git verify-tag meaningful?
Date: Wed, 28 Aug 2019 23:27:18 +0000	[thread overview]
Message-ID: <20190828232718.GE11334@genre.crustytoothpaste.net> (raw)
In-Reply-To: <20190828203224.GE26001@chatter.i7.local>

[-- Attachment #1: Type: text/plain, Size: 1115 bytes --]

On 2019-08-28 at 20:32:24, Konstantin Ryabitsev wrote:
> Hi, all:
> 
> If I know that a project uses tag signing, would "git clone" followed by
> "git verify-tag" be meaningful without a "git fsck" in-between? I.e. if an
> attacker has control over the remote server, can they sneak in any badness
> into any of the resulting files and still have the clone, checkout, and
> verify-tag return success unless the repository is fsck'd before verify-tag?
> 
> I assume that it would break during the checkout stage, but I wanted to
> verify my assumptions.

We pass the entire tag buffer to GnuPG, which means that we verify
exactly what is in the tag: no more, no less.  Whether that represents a
valid, usable tag with meaningful data is not verified, although of
course it can't be changed once written.

If you trust the signer to produce valid data, then you can verify the
tag and know that the data is correct.  If not, then you probably need
git fsck to verify that the data is usable and meets Git's standards.
-- 
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 868 bytes --]

next prev parent reply	other threads:[~2019-08-28 23:27 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-28 20:32 Is git clone followed by git verify-tag meaningful? Konstantin Ryabitsev
2019-08-28 23:27 ` brian m. carlson [this message]
2019-08-28 23:47 ` Jeff King
2019-08-29 13:34   ` Konstantin Ryabitsev
2019-08-29 14:10     ` Jeff King
2019-08-29  3:41 ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190828232718.GE11334@genre.crustytoothpaste.net \
    --to=sandals@crustytoothpaste.net \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).