Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.devel > #119538
| From | Simon McVittie <smcv@debian.org> |
|---|---|
| Newsgroups | linux.debian.devel |
| Subject | Re: purpose of InRelease in apt [was: non-GPG signatures; was: Rust requirements] |
| Date | 2025-11-10 17:10 +0100 |
| Message-ID | <LPCCR-bWGa-11@gated-at.bofh.it> (permalink) |
| References | (5 earlier) <LMCJ3-9S05-3@gated-at.bofh.it> <LPkmC-bJVj-13@gated-at.bofh.it> <LPlC2-bKHO-13@gated-at.bofh.it> <LPqs1-bO9i-1@gated-at.bofh.it> <LPxMR-bT3e-1@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
On Mon, 10 Nov 2025 at 11:51:38 +0100, Simon Josefsson wrote:
>- Nice to have: don't add round-trip latency fetching multiple files.
> This one argues for putting everyhing in one file, such as extending
> InRelease.
My understanding is that this is not actually the purpose of InRelease,
although it's a desirable side-effect. Instead, the point of InRelease
is that if the top-level metadata (Release file) is served in the same
file as its signatures and during the same http transaction, then it
cannot possibly be inconsistent, even during a mirror resync - whereas
for Release and Release.gpg (or Release.sigstore, or whatever other
signature format you might want to use), when mirroring Debian onto
commodity web servers with unspecifed cache lifetimes or downloading
through a caching proxy with cache behaviour similarly outside our
control, there would often a window during which your mirror serves the
old Release but the new Release.gpg, or vice versa. The result is that
`apt update` fails with signature verification errors, even when you are
not actually under attack. That's harmful from the point of view of
getting updated software promptly, and also from the point of view of
detecting attacks.
For the rest of the tree, a new enough version of apt can download
Packages, Sources, etc. from sha256sum-based paths (content-addressed
storage), so mirrors can provide continuity by offering both the old and
the new Packages files under their hash-based names for a while; and the
actual packages (.deb, .dsc, etc.) have uniquely versioned filenames, so
they do not have the same update atomicity concerns as the metadata. The
InRelease file is the only one that apt needs to be able to download
from a hard-coded path, because apt can't know what hash to expect, and
then that provides the "map" for downloading the rest.
If I remember correctly, Flatpak has a similar design where the signed
"summary" (its equivalent of the InRelease file) is the only hard-coded
filename, and is served as a single blob containing both content and
signature, for much the same reason as apt's InRelease; and then
everything else is downloaded from a sha256-based content-addressed
filename, so that tampering by a malicious intermediary is easy to
detect, and accidental mismatches on a non-malicious mirror are not
possible.
smcv
Back to linux.debian.devel | Previous | Next — Previous in thread | Next in thread | Find similar
Hard Rust requirements from May onward Julian Andres Klode <jak@debian.org> - 2025-10-31 21:50 +0100
Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-10-31 22:40 +0100
Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-01 04:20 +0100
Re: Hard Rust requirements from May onward Geert Stappers <stappers@stappers.nl> - 2025-11-01 08:40 +0100
Re: Hard Rust requirements from May onward Bjørn Mork <bjorn@mork.no> - 2025-11-01 13:40 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-01 14:40 +0100
Re: Hard Rust requirements from May onward Andrey Rakhmatullin <wrar@debian.org> - 2025-11-01 15:40 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-01 20:40 +0100
Re: Hard Rust requirements from May onward Philipp Kern <pkern@debian.org> - 2025-11-01 21:10 +0100
Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-02 00:20 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-02 10:30 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-02 10:40 +0100
Re: Hard Rust requirements from May onward Philipp Kern <pkern@debian.org> - 2025-11-09 21:40 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-09 23:00 +0100
Re: Hard Rust requirements from May onward Philipp Kern <phil@philkern.de> - 2025-11-09 23:30 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 11:40 +0100
Re: Hard Rust requirements from May onward Andrey Rakhmatullin <wrar@debian.org> - 2025-11-10 12:20 +0100
Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-10 13:40 +0100
Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-10 04:10 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 12:00 +0100
Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-10 15:00 +0100
Re: Hard Rust requirements from May onward David Kalnischkies <david@kalnischkies.de> - 2025-11-10 17:50 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 20:20 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 20:30 +0100
Re: purpose of InRelease in apt [was: non-GPG signatures; was: Rust requirements] Simon McVittie <smcv@debian.org> - 2025-11-10 17:10 +0100
Re: purpose of InRelease in apt [was: non-GPG signatures; was: Rust requirements] Stefano Rivera <stefanor@debian.org> - 2025-11-13 13:20 +0100
Re: purpose of InRelease in apt [was: non-GPG signatures; was: Rust requirements] Simon Josefsson <simon@josefsson.org> - 2025-11-13 18:20 +0100
Re: Hard Rust requirements from May onward Russ Allbery <rra@debian.org> - 2025-11-01 17:50 +0100
Re: Hard Rust requirements from May onward Christoph Biedl <debian.axhn@manchmal.in-ulm.de> - 2025-11-05 09:10 +0100
Re: Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-11-02 11:20 +0100
Re: Hard Rust requirements from May onward Antoni Boucher <bouanto@zoho.com> - 2025-11-01 16:30 +0100
Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-11-02 11:50 +0100
Re: Hard Rust requirements from May onward Antoni Boucher <bouanto@zoho.com> - 2025-11-02 16:30 +0100
Re: Hard Rust requirements from May onward Julian Andres Klode <jak@debian.org> - 2025-10-31 22:50 +0100
Re: Hard Rust requirements from May onward Paul Tagliamonte <paultag@debian.org> - 2025-11-01 15:20 +0100
Re: Hard Rust requirements from May onward Paul Tagliamonte <paultag@debian.org> - 2025-11-01 15:20 +0100
Re: Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-11-02 11:30 +0100
Re: Hard Rust requirements from May onward Bill Allombert <ballombe@debian.org> - 2025-11-02 15:40 +0100
Re: Hard Rust requirements from May onward Joerg Jaspert <joerg@debian.org> - 2025-11-02 13:10 +0100
Re: Hard Rust requirements from May onward Richard Lewis <richard.lewis.debian@googlemail.com> - 2025-11-02 16:20 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-02 18:10 +0100
Re: Hard Rust requirements from May onward Julian Andres Klode <jak@debian.org> - 2025-11-02 17:30 +0100
Re: Hard Rust requirements from May onward Joerg Jaspert <joerg@debian.org> - 2025-11-02 17:40 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-03 23:20 +0100
Re: Hard Rust requirements from May onward Ansgar 🙀 <ansgar@debian.org> - 2025-11-04 07:30 +0100
Re: Hard Rust requirements from May onward Mike Hommey <mh@glandium.org> - 2025-11-04 08:10 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 11:50 +0100
Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-04 12:10 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 13:30 +0100
Vendoring Simon Richter <sjr@debian.org> - 2025-11-04 13:50 +0100
Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-04 13:20 +0100
Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-04 13:30 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 16:00 +0100
Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-04 16:50 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 19:40 +0100
Re: Hard Rust requirements from May onward Stephan Verbücheln <verbuecheln@posteo.de> - 2025-11-04 15:30 +0100
Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-04 18:40 +0100
Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-04 18:30 +0100
Re: Hard Rust requirements from May onward Sebastian Ramacher <sramacher@debian.org> - 2025-11-04 19:10 +0100
Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-04 19:40 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 20:10 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 21:50 +0100
Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-05 07:50 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-05 12:10 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-05 18:40 +0100
Re: Hard Rust requirements from May onward Philipp Kern <pkern@debian.org> - 2025-11-06 22:10 +0100
Re: Hard Rust requirements from May onward Sean Whitton <spwhitton@spwhitton.name> - 2025-11-05 16:00 +0100
Re: Hard Rust requirements from May onward David Kalnischkies <david@kalnischkies.de> - 2025-11-03 13:40 +0100
apt-ftparchive alternatives (was: Hard Rust requirements from May onward) Jeremy Stanley <fungi@yuggoth.org> - 2025-11-03 19:00 +0100
Re: apt-ftparchive alternatives (was: Hard Rust requirements from May onward) nick black <dankamongmen@gmail.com> - 2025-11-03 19:50 +0100
Re: apt-ftparchive alternatives (was: Hard Rust requirements from May onward) Jeremy Stanley <fungi@yuggoth.org> - 2025-11-03 20:00 +0100
Re: apt-ftparchive alternatives (was: Hard Rust requirements from May onward) Peter Pentchev <roam@ringlet.net> - 2025-11-03 21:00 +0100
Re: apt-ftparchive alternatives Richard Lewis <richard.lewis.debian@googlemail.com> - 2025-11-15 14:00 +0100
Re: apt-ftparchive alternatives (was: Hard Rust requirements from May onward) David Kalnischkies <david@kalnischkies.de> - 2025-11-05 16:10 +0100
Re: apt-ftparchive alternatives Ahmad Khalifa <ahmad@khalifa.ws> - 2025-11-06 22:20 +0100
Re: apt-ftparchive alternatives David Kalnischkies <david@kalnischkies.de> - 2025-11-09 17:00 +0100
Re: apt-ftparchive alternatives Ahmad Khalifa <ahmad@khalifa.ws> - 2025-11-09 21:50 +0100
Re: apt-ftparchive alternatives David Kalnischkies <david@kalnischkies.de> - 2025-11-10 14:00 +0100
csiph-web