Support expiration of metadata by package archivesscratch/package-security

Expiring package metadata is done by checking the timestamp in package archive file. This is intended to limit the effectiveness of a replay attack. The onus is on the package archives to implement a secure and reasonable policy. (Debian uses 7 days before metadata expires.) Together with package checksums, this adds sufficient protection against metadata replay attacks. (Bug#19479) * lisp/emacs-lisp/package.el (package-check-timestamp): New defcustom. (bad-timestamp): New error. (package--parse-header-from-buffer) (package--parse-valid-until-from-buffer) (package--parse-last-updated-from-buffer) (package--archive-verify-timestamp) (package--archive-verify-not-expired) (package--compare-archive-timestamps) (package--check-archive-timestamp): New defuns. (package--download-one-archive): Check timestamp of the 'archive-contents' file using above functions. It is only checked if it exists, which makes this change backwards compatible. * lisp/calendar/iso8601.el (iso8601-parse): Add autoload cookie. * test/lisp/emacs-lisp/package-tests.el (package-test-parse-valid-until-from-buffer) (package-test-parse-last-updated-from-buffer) (package-test-archive-verify-timestamp) (package-test-check-archive-timestamp) (package-test-check-archive-timestamp/not-expired) (package-test-check-archive-timestamp/expired): New tests. * test/lisp/emacs-lisp/package-resources/archives/older/archive-contents: * test/lisp/emacs-lisp/package-resources/archives/newer/archive-contents: New files. * doc/lispref/package.texi (Package Archives, Archive Web Server): Document how to increase the security of a package archive using checksums, signing and timestamps.
author: Stefan Kangas 2020-09-07 07:31:56 +0200
committer: Stefan Kangas 2020-11-22 00:38:35 +0100
commit: bcde5f86c5a7f3a84115807520631a4f12fb6f70 (patch)
tree: 6254f8d19ef474f965567ce7922b84ed93312a19 /etc/NEWS
parent: 733e674af4f66ba7e9f0614b931c44484acce2b9 (diff)
download: emacs-scratch/package-security.tar.gz
emacs-scratch/package-security.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/NEWS b/etc/NEWS
index da18848bc4a..ead26984623 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -882,6 +882,11 @@ For improved security, you might want to set this to 't' or
 before setting these values, or you will be unable to install
 packages.
+*** Support expiration of package archive metadata.
+When a package archive distributes a last-updated and expiration
+timestamp, they will automatically be used to verify that distributed
+packages are not out of date.
 ** gdb-mi
 +++
author	Stefan Kangas	2020-09-07 07:31:56 +0200
committer	Stefan Kangas	2020-11-22 00:38:35 +0100
commit	bcde5f86c5a7f3a84115807520631a4f12fb6f70 (patch)
tree	6254f8d19ef474f965567ce7922b84ed93312a19 /etc/NEWS
parent	733e674af4f66ba7e9f0614b931c44484acce2b9 (diff)
download	emacs-scratch/package-security.tar.gz emacs-scratch/package-security.zip

diff --git a/etc/NEWS b/etc/NEWS index da18848bc4a..ead26984623 100644 --- a/etc/NEWS +++ b/etc/NEWS
@@ -882,6 +882,11 @@ For improved security, you might want to set this to 't' or
882	before setting these values, or you will be unable to install	882	before setting these values, or you will be unable to install
883	packages.	883	packages.
884		884
		885	*** Support expiration of package archive metadata.
		886	When a package archive distributes a last-updated and expiration
		887	timestamp, they will automatically be used to verify that distributed
		888	packages are not out of date.
		889
885	** gdb-mi	890	** gdb-mi
886		891
887	+++	892	+++