[tbb-bugs] #30549 [Applications/Tor Browser]: Add script to remove expired sub-keys from a keyring file

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 17 17:22:40 UTC 2019 

#30549: Add script to remove expired sub-keys from a keyring file
--------------------------------------------+------------------------------
 Reporter:  boklm                           |          Owner:  tbb-team
     Type:  task                            |         Status:  needs_review
 Priority:  Medium                          |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  TorBrowserTeam201905R, tbb-rbm  |  Actual Points:
Parent ID:  #30548                          |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------
Changes (by boklm):

 * keywords:  TorBrowserTeam201905, tbb-rbm => TorBrowserTeam201905R, tbb-
               rbm
 * status:  needs_revision => needs_review


Comment:

 Replying to [comment:4 gk]:
 > The `list-all-keyrings` scripts looks good to me. However, it does
 sometimes weird things in that it only lists the `binutils` key and then
 stops + it modifies it as well and I am left with a `binutils.gpg~` file.
 I am still hunting for steps to repro that reliably... That's with GnuPG
 2.2.13 ona Debian testing/unstable box in case it matters.

 The issue with the `*.gpg~` files seems similar to #25435, which is fixed
 by adding the flag `--no-auto-check-trustdb`. I added it to `list-all-
 keyrings` and `drop-expired-sub-keys` in branch `bug_30549_v3`:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_30549_v3&id=0151dd050de272f32a690d39f5ba501220844df5

 I am not sure what is the issue when it only lists binutils and stops.

 >
 > Regarding the `drop-expired-sub-keys` script:
 >
 > 1) The script does not differentiate between subkeys that are expired in
 our `tor-browser-build` repo but are not expired in reality: there are
 folks that just extend the expiration date from time to time instead of/in
 addition to renewing keys.
 >
 > 2) The script should not touch keys that have no expired subkeys. When I
 currently do something like `tools/keyring/drop-expired-sub-keys
 keyring/zlib.gpg` then I get a modified `zlib.gpg` afterwards which I
 should not get.

 I think we should only run `drop-expired-sub-keys` in the cases where we
 know it is actually needed.

 The process would be something like this:

 - Run `list-all-keyrings` to see if we include any expired key/sub-key.

 Then for each expired key/sub-key:

 - Check if the expiration is expected, and do nothing in that case.

 - Check if the owner of that key/sub-key extended it, and in that case add
 the updated key/sub-key.

 - If the sub-key is not needed anymore, use `drop-expired-sub-keys` to
 remove it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30549#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list