OpenPGPKeyId

alpm_lint::lint_rules::source_info::openpgp_key_id

Struct OpenPGPKeyId 

Source 
pub struct OpenPGPKeyId {}
Expand description

§What it does

Ensure that no OpenPGP Key ID is used to authenticate and verify upstream artifacts.

§Why is this bad?

An OpenPGP certificate can be used to verify and authenticate upstream sources. In PKGBUILD and SRCINFO files these certificates are identified using an ID. This allows the retrieval of matching certificates from remote resources (e.g. Web Key Directory or OpenPGP keyservers).

An OpenPGP Key ID is a short identifier that can be used to identify an OpenPGP certificate. However, its uniqueness cannot be guaranteed and thus it does not guard against collision.

If an OpenPGP certificate cannot be uniquely identified:

  • an arbitrary certificate may have a matching OpenPGP Key ID and it would not be possible to use it for authentication and verification of the particular upstream sources.
  • sophisticated attackers may be able to craft a certificate with a matching OpenPGP Key ID and swap upstream sources and digital signatures with malicious ones.

Only an OpenPGP fingerprint meaningfully guards against collision and should always be used instead of an OpenPGP Key ID to uniquely identify an OpenPGP certificate.

§Example

pkgbase = test
    pkgver = 1.0.0
    pkgrel = 1
    arch = x86_64
    validpgpkeys = 2F2670AC164DB36F

Use instead:

pkgbase = test
    pkgver = 1.0.0
    pkgrel = 1
    arch = x86_64
    validpgpkeys = 4A0C4DFFC02E1A7ED969ED231C2358A25A10D94E

Implementations§

Source§

impl OpenPGPKeyId

Source

pub fn new_boxed(_: &LintRuleConfiguration) -> Box<dyn LintRule>

Create a new, boxed instance of OpenPGPKeyId.

Trait Implementations§

Source§

impl Clone for OpenPGPKeyId

Source§

fn clone(&self) -> OpenPGPKeyId

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for OpenPGPKeyId

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Documented for OpenPGPKeyId

Source§

const DOCS: &'static str = "# What it does\n\nEnsure that no [OpenPGP Key ID] is used to authenticate and verify upstream artifacts.\n\n# Why is this bad?\n\nAn [OpenPGP certificate] can be used to verify and authenticate upstream sources.\nIn [PKGBUILD] and [SRCINFO] files these certificates are identified using an ID.\nThis allows the retrieval of matching certificates from remote resources (e.g. Web Key Directory\nor OpenPGP keyservers).\n\nAn [OpenPGP Key ID] is a short identifier that can be used to identify an [OpenPGP certificate].\nHowever, its uniqueness cannot be guaranteed and thus it does not guard against collision.\n\nIf an [OpenPGP certificate] cannot be uniquely identified:\n\n- an arbitrary certificate may have a matching [OpenPGP Key ID] and it would not be possible to\nuse it for authentication and verification of the particular upstream sources.\n- sophisticated attackers may be able to craft a certificate with a matching [OpenPGP Key ID]\nand swap upstream sources and digital signatures with malicious ones.\n\nOnly an [OpenPGP fingerprint] meaningfully guards against collision and should always be used\ninstead of an [OpenPGP Key ID] to uniquely identify an [OpenPGP certificate].\n\n# Example\n\n```ini,ignore\npkgbase = test\npkgver = 1.0.0\npkgrel = 1\narch = x86_64\nvalidpgpkeys = 2F2670AC164DB36F\n```\n\nUse instead:\n\n```ini,ignore\npkgbase = test\npkgver = 1.0.0\npkgrel = 1\narch = x86_64\nvalidpgpkeys = 4A0C4DFFC02E1A7ED969ED231C2358A25A10D94E\n```\n\n[PKGBUILD]: https://man.archlinux.org/man/PKGBUILD.5\n[SRCINFO]: https://alpm.archlinux.page/specifications/SRCINFO.5.html\n[OpenPGP Key ID]: https://openpgp.dev/book/glossary.html#term-Key-ID\n[OpenPGP certificate]: https://openpgp.dev/book/certificates.html\n[OpenPGP fingerprint]: https://openpgp.dev/book/certificates.html#fingerprint"

The static doc comments on this type.
Source§

impl LintRule for OpenPGPKeyId

Source§

fn name(&self) -> &'static str

Returns the name of this lint rule. Read more
Source§

fn scope(&self) -> LintScope

Return the scope of this lint rule. Read more
Source§

fn level(&self) -> Level

The severity level of this lint rule. Read more
Source§

fn documentation(&self) -> String

Returns the full documentation for this lint rule. Read more
Source§

fn help_text(&self) -> String

Returns the help text for this lint rule. Read more
Source§

fn run( &self, resources: &Resources, issues: &mut Vec<LintIssue>, ) -> Result<(), Error>

Executes the linting logic and appends to list of accumulated issues. Read more
Returns a map of additional associated links for this lint rule. Read more
Source§

fn scoped_name(&self) -> String

Returns the full name of this lint by combining LintRule::scope and LintRule::name as {scope}::{name}. Read more
Source§

fn groups(&self) -> &'static [LintGroup]

Returns the static lint groups this lint rule belongs to. Read more
Source§

fn configuration_options(&self) -> &[LintRuleConfigurationOptionName]

Returns a map of configuration options used by this lint rule. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.