ID: 245PHID: PHID-TASK-tnvcrvsuenhxbd5vdvu5Author: PatrickStatus at Migration Time: resolvedPriority at Migration Time: Normal
Due to the difficulty of automation of gpg in scripts and therefore many people getting it wrong (for a few references and further information, see [1]), I conclude that, that gpg verification should not be fully automated at this point. Showing the literal gpg verification message to the user, so the user has a chance to double check gpg’s output, seems more than justified to me at this point.
TODO:
add gpg’s verification output to tb-updater installation confirmation screen
[1]:
2015-03-23 17:00:08 UTC
2015-03-23 17:04:56 UTC
This is how it’s currently looking:
Output of gpg is broken in a non-ideal way.
(Don’t worry - I won’t be signing Tor Browser. My key won’t be used for verification. Just running the test script for better debuggability.)
2015-03-23 17:11:23 UTC
This is how I would like to it look:
(Upstream won’t be using the gpg: Signature notation: issuer-fpr@notations.openpgp.fifthhorseman.net=6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48 line, so that will be gone.)
I was wrong. It’s not tb_updater_gui that needs to be changed. That’s msgdispatcher_dispatch_x.
2015-03-23 17:23:20 UTC
Test command:
/usr/lib/msgcollector/generic_gui_message warning 'Tor Browser Updater (by Whonix developers)' '<p><b>Installation confirmation</b></p><p><table><tr>
<td>Currently installed version:</td> <td><tt> 4.0.4</tt></td></tr><tr>
<td>Downloaded version :</td> <td><tt> 4.5a3</tt></td></tr></table></p>
<p><b>You could be target of an indefinite freeze attack!</b> The downloaded signature has the same creation date as the last known signature. Unless you are re-installing the same version, you should abort now and try again later!</p><p><table><tr>
<td>Previous Signature Creation Date:</td> <td><tt> January 30 12:32:47 UTC 2015</tt></td></tr><tr>
<td>Last Signature Creation Date :</td> <td><tt> January 30 12:32:47 UTC 2015</tt></td></tr></table></p>
<p><b>The signature looks quite old already.</b>
<br></br>
<br></br>Either,
<br></br>- your clock might be fast (at least 22 days 4 hours 44 minutes 11 seconds fast). In that case, please run Timesync: <code>Start menu -> Applications -> System -> Timesync</code>. Or in Terminal: <code>timesync</code>.
<br></br>- there is really no newer signature yet. The signature is really older than 30 days already. (Older than 22 days 4 hours 44 minutes 11 seconds already.)
<br></br>- this is a update-torbrowser bug
<br></br>- this is an attack</p>
<p><u>gpg reports</u>:<br></br>
gpg: Signature made Fri 20 Mar 2015 12:27:58 AM UTC using RSA key ID F65C2036<br />
gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>" [unknown]<br />
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290<br />
Subkey fingerprint: 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C 2036</p>
<p><a href=https://www.whonix.org/wiki/Tor_Browser/Installation_Confirmation_Screen>Learn more about this Installation Confirmation Screen.</a></p>' 'Install now?' yesno
2015-03-23 17:26:32 UTC
I don’t know how msgdispatcher_dispatch_x decided width, where to break lines.
@troubadour could you please make these change in msgdispatcher_dispatch_x?
2015-03-24 20:47:55 UTC
The width is fixed in gneric_gui_messge, the height is dynamically adjusted. The lines break at word level.Primary key fingerprint in a single line.increase window width (+ 20 pixels) · troubadoour/msgcollector@07cfe95 · GitHub
If we run in other similar situations (one line should not be broken for better reading), we could add an minimum_width argument.
2015-03-24 20:59:57 UTC
2015-03-24 21:17:17 UTC
Merged. Looks good!
Screenshot: