The Docker images and all used scripts are cryptographically signed, for example the pre-installation script. The signature is verified during the installation. If the signature is invalid, an error message is shown and the installation is aborted.
Docker 1.8 introduces signing and verification of images via asymmetric crypto. This is part of a broader attempt to implement a framework for secure software updates: http://theupdateframework.com/ (TUF) One of the components of TUF is a software component "notary" which is available under Apache license: http://blog.docker.com/2015/08/content-trust-docker-1-8/ [12:03] <arvid> stefan: Signung und verification geht anscheinend über eine neue Softwarekomponente "notary": * https://github.com/docker/notary/blob/master/ROADMAP.md * http://blog.docker.com/2015/08/content-trust-docker-1-8/ * https://github.com/docker/notary/blob/master/README.md * https://www.youtube.com/watch?v=at72dhg-SZY&feature=youtu.be&t=4873 * https://docs.docker.com/security/trust/content_trust/ It attempts to be "platform&transport-agnostic" I guess it's downloadable as container, but the description is still pre-alpha: * https://hub.docker.com/r/distribution/notary_notaryserver/ * https://hub.docker.com/r/distribution/notary_notarysigner/
Fixed, see Bug 39591 for details
I've installed a new UCS 4.1 system. I was unable to switch to our Test App Center: ----------------------------------------------------------------------------- root@master491:~# univention-app update Downloading "https://appcenter-test.software-univention.de/meta-inf/4.1/index.json.gz"... Downloading "https://appcenter-test.software-univention.de/meta-inf/4.1/index.json.gz.gpg"... Downloading "https://appcenter-test.software-univention.de/meta-inf/categories.ini"... Downloading "https://appcenter-test.software-univention.de/meta-inf/rating.ini"... gpg: Signature made Mon 26 Oct 2015 04:17:53 PM EDT using RSA key ID 6B8BFD3C gpg: BAD signature from "Univention Corporate Server 4.x <packages@univention.de>" Signature verification for /var/cache/univention-appcenter/.index.json.gz failed root@master491:~# ----------------------------------------------------------------------------- I'm sure it worked already, so I guess something or someone broke it.
Yes, somebody refactored the code and gunzipped the signed file before checking the signature. Fixed.
I've added a first test script: 80_docker/59_app_center_signature It tests various modification: - no pgp file available - the index.json was modified - the ini file was modified These tests were successful. I've also modified an inst script. While modifying the ini file, the App was no longer available because the hash was not valid. I think that's right. The App was still available after the inst file was modified: Checksum for owncloud8-docker_20150917.inst should be u'68512ce46f443653d18f6d14b9b67325' but was '91ca715e08842f6a44840c77729c8df1'! Rather removing this file... I think the App should also be no longer available in this scenario.
(In reply to Stefan Gohmann from comment #5) > I've added a first test script: 80_docker/59_app_center_signature > > It tests various modification: > - no pgp file available > - the index.json was modified > - the ini file was modified > > These tests were successful. I've also modified an inst script. While > modifying the ini file, the App was no longer available because the hash was > not valid. I think that's right. > The App was still available after the inst file was modified: > Checksum for owncloud8-docker_20150917.inst should be > u'68512ce46f443653d18f6d14b9b67325' but was > '91ca715e08842f6a44840c77729c8df1'! Rather removing this file... > > I think the App should also be no longer available in this scenario. Moved to → Bug #39671.
OK, the test script (80_docker/59_app_center_signature) checks only the app center files, not the docker files. I've uploaded a new Docker image, afterwards I got a traceback: Bug #39676
UCS 4.1 has been released: https://docs.software-univention.de/release-notes-4.1-0-en.html https://docs.software-univention.de/release-notes-4.1-0-de.html If this error occurs again, please use "Clone This Bug".