[Security] MavenBndRepository: Add Trusted Checksum Verification#7269
Draft
chrisrueger wants to merge 8 commits into
Draft
[Security] MavenBndRepository: Add Trusted Checksum Verification#7269chrisrueger wants to merge 8 commits into
chrisrueger wants to merge 8 commits into
Conversation
Introduce trusted checksum support for Maven-backed repositories. - Add TrustedChecksums to read a sidecar checksum file and map Archive -> checksum entries. - Add Configuration.checksumFile(...) to locate the checksum sidecar next to an index. - MavenBndRepository loads and opens the trusted checksum file and injects it into remote backing repositories. - MavenBackingRepository gains a trustedChecksums field, setTrustedChecksums(...), and checkTrustedChecksum(...) which computes MD5/SHA-1/SHA-256/SHA-512, deletes mismatched downloads and throws on mismatch (returns false if no trusted checksum applies). - MavenRemoteRepository treats a matching trusted checksum as authoritative before other validation. - Bumped provider package versions. This change ensures downloaded artifacts can be validated against operator-provided checksums to protect against tampered or corrupted artifacts. Signed-off-by: Christoph Rueger <chrisrueger@gmail.com>
Because it could be useful there too if file system content is manipulated by evil actor Signed-off-by: Christoph Rueger <chrisrueger@gmail.com>
to use same digest comparison which is also more fault tolerant e.g. against spaces Signed-off-by: Christoph Rueger <chrisrueger@gmail.com>
Signed-off-by: Christoph Rueger <chrisrueger@gmail.com>
Add support for creating a trusted checksums sidecar for Maven index files. Introduces IndexFile.createTrustedChecksumsFile(), MbrUpdater#createTrustedChecksumsFile(), and a RepoActions UI entry to trigger generation. Implements TrustedChecksums.createTrustedChecksumFile(IMavenRepo, File, Collection<Archive>) which writes an UTF-8 .checksums file next to the index containing lines of the form "<archive>=sha1:<hex>" using repo.toLocalFile() and SHA1.digest(). Also adds a toString override and necessary imports and exception handling; repo.refresh() is invoked after generation. Signed-off-by: Christoph Rueger <chrisrueger@gmail.com>
Introduce TrustedChecksumException (TrustedChecksums.java) to represent fatal trusted-checksum verification failures. MavenBackingRepository now catches checksum validation errors and rethrows them as TrustedChecksumException so they can be distinguished from transient failures. MavenRemoteRepository's recovery logic detects this exception and bypasses retrying (logs and returns null), preventing retries on trusted checksum mismatches. Also minor adjustment to logging to use the captured failure for clearer messages. Signed-off-by: Christoph Rueger <chrisrueger@gmail.com>
Signed-off-by: Christoph Rueger <chrisrueger@gmail.com>
Centralize and improve trusted checksum support: TrustedChecksums is now final, stores its sidecar file as final and exposes getFile(); createTrustedChecksumFile now accepts an explicit checksum file and writes a header line. Added computeHash utility to TrustedChecksums to support sha1/sha256/sha512/md5 and improved parsing/error messages. Removed duplicate computeHash from MavenBackingRepository and switched to the shared implementation. Moved checksum file creation responsibility from IndexFile to MavenBndRepository (added loadTrustedChecksumFile and createTrustedChecksumsFile), updated MbrUpdater to call the repository-level creator, and made index/info output include the trusted checksums file when present. Signed-off-by: Christoph Rueger <chrisrueger@gmail.com>
chrisrueger
force-pushed
the
7236-trusted-checksum-verification
branch
from
a7d9341 to
d434f24
Compare
chrisrueger
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #7236
Work in progress draft
This pull request introduces support for trusted checksum verification of Maven artifacts in the repository system. It adds the ability to generate, store, and validate checksums for artifacts, enhancing security and integrity.