Browse Source

Add support for encrypted popcon submission.

suites/ascii
Bill Allombert 9 years ago
parent
commit
3ee4b320bf
  1. 20
      FAQ
  2. 17
      debian/changelog
  3. 2
      debian/control
  4. 10
      debian/cron.daily
  5. 1
      debian/rules
  6. 15
      default.conf
  7. 7
      examples/cgi-bin/popcon.cgi

20
FAQ

@ -17,6 +17,12 @@ A) A computer 'vote' for a package if according to the data provided in the
report, a program provided or depending on the package was used less than
thirty days ago. This computation is performed by the popcon server.
Q) Can submissions be eavesdropped ?
A) Yes, however if the package gnupg is installed and ENCRYPT is set to 'yes'
in /etc/popularity-contest.conf, the reports are encrypted using public key
cryptography, so the eavesdropper should not be able to decrypt them.
Q) What are the privacy considerations for popularity-contest ?
A) Each popularity-contest host is identified by a random 128bit uuid
@ -30,20 +36,16 @@ A) Each popularity-contest host is identified by a random 128bit uuid
Every day, the server computes a summary and post it on
<http://popcon.debian.org/all-popcon-results.txt.gz>. This summary
is a merge of all the submissions and does not include uuids.
Known weaknesses of the system:
1) Your submission might be eavesdropped. We evaluate the possibility
to use public-key cryptography to protect the submission while in
transit.
2) Someone who knows that you are very likely to use a particular package
1) Someone who knows that you are very likely to use a particular package
reported by only one person (e.g. you are the maintainer) might infer you
are not at home when the package is not reported anymore. However this is
only a problem if you are gone for more than two weeks if the computer is
shut-down and 23 days if it is let idle.
3) Unofficial and local packages are reported. This can be an issue
2) Unofficial and local packages are reported. This can be an issue
due to 2) above, especially for custom-build kernel packages.
We are evaluating how far we can alleviate this problem.

17
debian/changelog

@ -8,10 +8,19 @@ popularity-contest (1.58) UNRELEASED; urgency=low
* popanal.py:
- Record the VENDOR field.
- Bump stable version to 1.56.
* debian/cron.daily:
- Encrypt submission with gnupg if available.
* debian/control:
- Recommends: gnupg so that encryption is enabled
* Add support for encrypted report: Closes: #480860
+ debian-popcon.gpg:
- Added: public encryption key
+ debian/cron.daily:
- Encrypt submission with gnupg if available
+ debian/control:
- Recommends: gnupg so that encryption is enabled
+ default.conf:
- Add setting ENCRYPT, KEYRING and POPCONKEY.
ENCRYPT default to 'no' for this release but will default to 'yes' in
subsequent release.
+ examples/cgi-bin/popcon.cgi:
- Accept encrypted report.
-- Bill Allombert <ballombe@debian.org> Sun, 19 May 2013 21:31:39 +0200

2
debian/control

@ -11,7 +11,7 @@ Package: popularity-contest
Architecture: all
Pre-Depends: debconf (>= 1.5.34) | cdebconf (>= 0.106)
Depends: ${misc:Depends}, ${perl:Depends}, dpkg (>= 1.10)
Recommends: cron | fcron, exim4 | mail-transport-agent
Recommends: gnupg, cron | fcron, exim4 | mail-transport-agent
Suggests: anacron
Provides: popcon
Description: Vote for your favourite packages automatically

10
debian/cron.daily

@ -66,6 +66,16 @@ do_sendmail()
run_popcon > $POPCON
GPG=/usr/bin/gpg
if [ "$ENCRYPT" = "yes" ] && [ -x "$GPG" ]; then
POPCONGPG="$POPCON.gpg"
rm -f "$POPCONGPG"
$GPG --no-default-keyring --keyring "$KEYRING" --trust-model=always \
--armor -o "$POPCONGPG" -r "$POPCONKEY" --encrypt "$POPCON"
POPCON="$POPCONGPG"
fi
SUBMITTED=no
# try to post the report through http POST

1
debian/rules

@ -29,6 +29,7 @@ install:
install popcon-upload debian/popularity-contest/usr/share/popularity-contest/
install popcon-largest-unused debian/popularity-contest/usr/sbin/
install -m 644 default.conf debian/popularity-contest/usr/share/popularity-contest/
install -m 644 debian-popcon.gpg debian/popularity-contest/usr/share/popularity-contest/
# Build architecture-independent files here.
binary-indep: build install

15
default.conf

@ -10,6 +10,21 @@
#
PARTICIPATE="no"
# ENCRYPT can be one of "yes" or "no".
# If "yes", reports are encrypted using public key cryptography.
# This protects against eavesdroppers when the report is transmitted.
# However reports can only be read by the popcon server.
# This requires the package gnupg to be installed.
#
ENCRYPT="no"
# KEYRING and POPCONKEY specify the key to use for encryption.
# They should not be changed for propoer operation with
# popcon.debian.org.
#
KEYRING="/usr/share/popularity-contest/debian-popcon.gpg"
POPCONKEY="6672B9765BDF38A3"
# MAILTO specifies the address to e-mail statistics to each week.
#
MAILTO="survey@popcon.debian.org"

7
examples/cgi-bin/popcon.cgi

@ -73,8 +73,9 @@ if (exists $ENV{CONTENT_TYPE} && $ENV{CONTENT_TYPE} =~ m%multipart/form-data%){
@entry = <GZIP>;
}
my ($id) = $entry[0] =~ m/POPULARITY-CONTEST-0 .+ ID:(\S+) /;
if ($id) {
if ($entry[0] =~ m/POPULARITY-CONTEST-0/
|| $entry[0] =~ m/-----BEGIN PGP MESSAGE-----/)
{
if ($directsave) {
open(POPCON, "|$bindir/prepop.pl") or die "Unable to pipe to prepop.pl";
print POPCON @entry;
@ -89,8 +90,6 @@ EOF
print POPCON @entry;
close POPCON;
}
}
if ($id) {
print "Thanks for your submission to Debian Popularity-Contest!\n";
print "DEBIAN POPCON HTTP-POST OK\n";
} else {

Loading…
Cancel
Save