Re: [PATCH 5/7] Add support for gnupg < 1.4

From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: "Tom G. Christensen" <tgc@jupiterrise.com>
Cc: Git Mailing List <git@vger.kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH 5/7] Add support for gnupg < 1.4
Date: Thu, 13 Apr 2017 17:17:59 +0200	[thread overview]
Message-ID: <CACBZZX56Fx+niwwsiJeMwvaZkuR3h4zxytu+xx_sanobMPGobg@mail.gmail.com> (raw)
In-Reply-To: <CACBZZX6bYLRSUAy2GUYhBVet3tjzrBQ40L49KxetAvBdgx_x+w@mail.gmail.com>

On Wed, Apr 5, 2017 at 3:45 PM, Ævar Arnfjörð Bjarmason
<avarab@gmail.com> wrote:
> On Wed, Apr 5, 2017 at 3:04 PM, Tom G. Christensen <tgc@jupiterrise.com> wrote:
>> This adds an OLD_GNUPG define to the Makefile which when activated will
>> ensure git does not use the --keyid-format argument when calling the
>> 'gpg' program.
>> This is consistent with how 'gpg' was used in git < 2.10.0 and slightly
>> decreases security.
>
> This changes the code Linus Torvalds added in b624a3e67f to mitigate
> the evil32 project generating keys which looked the same for 32 bit
> signatures.
>
> I think this change makes sense, but the Makefile should have a
> slightly scarier warning, something like:
>
> "Define OLD_GNUPG if you need support for gnupg <1.4. Note that this
> will cause git to only show the first 32 bits of PGP keys instead of
> 64, and there's a wide variety of brute-forced 32 bit keys in the wild
> thanks to the evil32 project (https://evil32.com). Enabling this will
> make GPG work old versions, but you might be fooled into accepting

grammar fix: "work on older versions"....

> malicious keys as a result".
>
>> Signed-off-by: Tom G. Christensen <tgc@jupiterrise.com>
>> ---
>>  Makefile        | 6 ++++++
>>  gpg-interface.c | 2 ++
>>  2 files changed, 8 insertions(+)
>>
>> diff --git a/Makefile b/Makefile
>> index ca9f16d19..f8f585d21 100644
>> --- a/Makefile
>> +++ b/Makefile
>> @@ -386,6 +386,8 @@ all::
>>  #
>>  # to say "export LESS=FRX (and LV=-c) if the environment variable
>>  # LESS (and LV) is not set, respectively".
>> +#
>> +# Define OLD_GNUPG if you need support for gnupg < 1.4.
>>
>>  GIT-VERSION-FILE: FORCE
>>         @$(SHELL_PATH) ./GIT-VERSION-GEN
>> @@ -1529,6 +1531,10 @@ ifndef PAGER_ENV
>>  PAGER_ENV = LESS=FRX LV=-c
>>  endif
>>
>> +ifdef OLD_GNUPG
>> +       BASIC_CFLAGS += -DOLD_GNUPG
>> +endif
>> +
>>  QUIET_SUBDIR0  = +$(MAKE) -C # space to separate -C and subdir
>>  QUIET_SUBDIR1  =
>>
>> diff --git a/gpg-interface.c b/gpg-interface.c
>> index e44cc27da..57f1ea792 100644
>> --- a/gpg-interface.c
>> +++ b/gpg-interface.c
>> @@ -224,7 +224,9 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
>>         argv_array_pushl(&gpg.args,
>>                          gpg_program,
>>                          "--status-fd=1",
>> +#ifndef OLD_GNUPG
>>                          "--keyid-format=long",
>> +#endif
>>                          "--verify", temp.filename.buf, "-",
>>                          NULL);
>>
>> --
>> 2.12.2
>>