Sign and verify Downloads from download.proxmox.com

bantu

New Member
Jan 10, 2013
13
0
1
Please cryptographically sign appliance templates and other resources that can be downloaded from within the Proxmox Webinterface and verify the signature after download. Currently downloads happen via unauthenticated HTTP.
 
Hello Dietmar,

I was not aware of that. Maybe the Downloader does not show the verification process. I will double check that again.

Thanks,
bantu
 
There is no signature verification or it is not visible to the user.

Code:
starting template download from: http://download.proxmox.com/appliances/system/debian-5.0-standard_5.0-2_i386.tar.gz
target file: /var/lib/vz/template/cache/debian-5.0-standard_5.0-2_i386.tar.gz
--2013-01-14 16:44:53--  http://download.proxmox.com/appliances/system/debian-5.0-standard_5.0-2_i386.tar.gz
Resolving download.proxmox.com... 188.165.151.222
Connecting to download.proxmox.com|188.165.151.222|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 137150485 (131M) [application/x-gzip]
Saving to: `/var/lib/vz/template/cache/debian-5.0-standard_5.0-2_i386.tar.gz.tmp.1917'

     0K ........ ........ ........ ........ ........ ........  2% 1.53M 83s
  3072K ........ ........ ........ ........ ........ ........  4% 1.57M 80s
  6144K ........ ........ ........ ........ ........ ........  6% 1.58M 78s
  9216K ........ ........ ........ ........ ........ ........  9% 1.59M 76s
 12288K ........ ........ ........ ........ ........ ........ 11% 1.57M 74s
 15360K ........ ........ ........ ........ ........ ........ 13% 1.56M 72s
 18432K ........ ........ ........ ........ ........ ........ 16% 1.56M 70s
 21504K ........ ........ ........ ........ ........ ........ 18% 1.59M 68s
 24576K ........ ........ ........ ........ ........ ........ 20% 1.59M 66s
 27648K ........ ........ ........ ........ ........ ........ 22% 1.58M 64s
 30720K ........ ........ ........ ........ ........ ........ 25% 1.59M 62s
 33792K ........ ........ ........ ........ ........ ........ 27% 1.39M 61s
 36864K ........ ........ ........ ........ ........ ........ 29% 1.17M 60s
 39936K ........ ........ ........ ........ ........ ........ 32% 1.52M 59s
 43008K ........ ........ ........ ........ ........ ........ 34% 1.56M 56s
 46080K ........ ........ ........ ........ ........ ........ 36% 1.56M 54s
 49152K ........ ........ ........ ........ ........ ........ 38% 1.57M 52s
 52224K ........ ........ ........ ........ ........ ........ 41% 1.58M 50s
 55296K ........ ........ ........ ........ ........ ........ 43% 1.58M 48s
 58368K ........ ........ ........ ........ ........ ........ 45% 1.58M 46s
 61440K ........ ........ ........ ........ ........ ........ 48% 1.55M 44s
 64512K ........ ........ ........ ........ ........ ........ 50% 1.58M 42s
 67584K ........ ........ ........ ........ ........ ........ 52% 1.56M 40s
 70656K ........ ........ ........ ........ ........ ........ 55% 1.58M 38s
 73728K ........ ........ ........ ........ ........ ........ 57% 1.57M 36s
 76800K ........ ........ ........ ........ ........ ........ 59% 1.57M 34s
 79872K ........ ........ ........ ........ ........ ........ 61% 1.57M 32s
 82944K ........ ........ ........ ........ ........ ........ 64% 1.59M 30s
 86016K ........ ........ ........ ........ ........ ........ 66% 1.59M 28s
 89088K ........ ........ ........ ........ ........ ........ 68% 1.59M 26s
 92160K ........ ........ ........ ........ ........ ........ 71% 1.59M 24s
 95232K ........ ........ ........ ........ ........ ........ 73% 1.54M 22s
 98304K ........ ........ ........ ........ ........ ........ 75% 1.58M 21s
101376K ........ ........ ........ ........ ........ ........ 77% 1.59M 19s
104448K ........ ........ ........ ........ ........ ........ 80% 1.59M 17s
107520K ........ ........ ........ ........ ........ ........ 82% 1.59M 15s
110592K ........ ........ ........ ........ ........ ........ 84% 1.59M 13s
113664K ........ ........ ........ ........ ........ ........ 87% 1.57M 11s
116736K ........ ........ ........ ........ ........ ........ 89% 1.59M 9s
119808K ........ ........ ........ ........ ........ ........ 91% 1.57M 7s
122880K ........ ........ ........ ........ ........ ........ 94% 1.58M 5s
125952K ........ ........ ........ ........ ........ ........ 96% 1.58M 3s
129024K ........ ........ ........ ........ ........ ........ 98% 1.59M 1s
132096K ........ ........ ........ ....                      100% 1.59M=84s

2013-01-14  16:46:17 (1.56 MB/s) -  `/var/lib/vz/template/cache/debian-5.0-standard_5.0-2_i386.tar.gz.tmp.1917'  saved [137150485/137150485]

download finished
TASK OK

Same for TurnKey, but okay, there isn't really much you can do about that.

Code:
starting template download from:  http://downloads.sourceforge.net/project/turnkeylinux/openvz/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz
target file: /var/lib/vz/template/cache/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz
--2013-01-14 16:42:50--  http://downloads.sourceforge.net/project/turnkeylinux/openvz/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz
Resolving downloads.sourceforge.net... 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://garr.dl.sourceforge.net/project/turnkeylinux/openvz/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz [following]
--2013-01-14 16:42:50--  http://garr.dl.sourceforge.net/project/turnkeylinux/openvz/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz
Resolving garr.dl.sourceforge.net... 193.206.140.34, 2001:760:ffff:b0::34
Connecting to garr.dl.sourceforge.net|193.206.140.34|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 156162136 (149M) [application/x-gzip]
Saving to: `/var/lib/vz/template/cache/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz.tmp.1916'

     0K ........ ........ ........ ........ ........ ........  2% 1.33M 1m50s
  3072K ........ ........ ........ ........ ........ ........  4% 1.62M 98s
  6144K ........ ........ ........ ........ ........ ........  6% 1.62M 93s
  9216K ........ ........ ........ ........ ........ ........  8% 1.54M 90s
 12288K ........ ........ ........ ........ ........ ........ 10% 1.62M 87s
 15360K ........ ........ ........ ........ ........ ........ 12% 1.51M 85s
 18432K ........ ........ ........ ........ ........ ........ 14% 1.49M 84s
 21504K ........ ........ ........ ........ ........ ........ 16% 1.58M 82s
 24576K ........ ........ ........ ........ ........ ........ 18% 1.61M 79s
 27648K ........ ........ ........ ........ ........ ........ 20% 1.62M 77s
 30720K ........ ........ ........ ........ ........ ........ 22% 1.57M 75s
 33792K ........ ........ ........ ........ ........ ........ 24% 1.36M 74s
 36864K ........ ........ ........ ........ ........ ........ 26% 1.47M 72s
 39936K ........ ........ ........ ........ ........ ........ 28% 1.61M 70s
 43008K ........ ........ ........ ........ ........ ........ 30% 1.58M 68s
 46080K ........ ........ ........ ........ ........ ........ 32% 1.61M 66s
 49152K ........ ........ ........ ........ ........ ........ 34% 1.55M 64s
 52224K ........ ........ ........ ........ ........ ........ 36% 1.60M 61s
 55296K ........ ........ ........ ........ ........ ........ 38% 1.62M 59s
 58368K ........ ........ ........ ........ ........ ........ 40% 1.59M 57s
 61440K ........ ........ ........ ........ ........ ........ 42% 1.61M 55s
 64512K ........ ........ ........ ........ ........ ........ 44% 1.42M 54s
 67584K ........ ........ ........ ........ ........ ........ 46% 1.43M 52s
 70656K ........ ........ ........ ........ ........ ........ 48% 1.26M 50s
 73728K ........ ........ ........ ........ ........ ........ 50% 1.49M 48s
 76800K ........ ........ ........ ........ ........ ........ 52% 1.54M 46s
 79872K ........ ........ ........ ........ ........ ........ 54% 1.43M 45s
 82944K ........ ........ ........ ........ ........ ........ 56% 1.54M 43s
 86016K ........ ........ ........ ........ ........ ........ 58% 1.62M 41s
 89088K ........ ........ ........ ........ ........ ........ 60% 1.61M 39s
 92160K ........ ........ ........ ........ ........ ........ 62% 1.58M 37s
 95232K ........ ........ ........ ........ ........ ........ 64% 1.57M 35s
 98304K ........ ........ ........ ........ ........ ........ 66% 1.43M 33s
101376K ........ ........ ........ ........ ........ ........ 68% 1.55M 31s
104448K ........ ........ ........ ........ ........ ........ 70% 1.61M 29s
107520K ........ ........ ........ ........ ........ ........ 72% 1.34M 27s
110592K ........ ........ ........ ........ ........ ........ 74% 1.42M 25s
113664K ........ ........ ........ ........ ........ ........ 76% 1.58M 23s
116736K ........ ........ ........ ........ ........ ........ 78% 1.22M 21s
119808K ........ ........ ........ ........ ........ ........ 80% 1.12M 19s
122880K ........ ........ ........ ........ ........ ........ 82% 1.33M 17s
125952K ........ ........ ........ ........ ........ ........ 84% 1.46M 15s
129024K ........ ........ ........ ........ ........ ........ 86% 1.57M 13s
132096K ........ ........ ........ ........ ........ ........ 88% 1.61M 11s
135168K ........ ........ ........ ........ ........ ........ 90% 1.50M 9s
138240K ........ ........ ........ ........ ........ ........ 92% 1.42M 7s
141312K ........ ........ ........ ........ ........ ........ 94% 1.52M 5s
144384K ........ ........ ........ ........ ........ ........ 96% 1.62M 3s
147456K ........ ........ ........ ........ ........ ........ 98% 1.62M 1s
150528K ........ ........ ........ ......                    100% 1.45M=99s

2013-01-14  16:44:30 (1.50 MB/s) -  `/var/lib/vz/template/cache/debian-6-turnkey-phpbb_12.0-1_i386.tar.gz.tmp.1916'  saved [156162136/156162136]

download finished
TASK OK
 
Then please give the user feedback about what is going on. You are showing the download process, but not the signature verification. The user has no idea that the downloaded package has been verified after download and may get suspicious because of the HTTP download (just like me). Also, does signature verification also apply to TurnKey downloads?
 
Last edited:
if you display always everything on a GUI you will end up in a quite unusable interface. and yes, also tkl downloads verified (AFAIK).

if you do not trust anybody, you can always dig deeper and read the source code, available on https://git.proxmox.com
 
@tom, @dietmar: Hiding feedback that is security related is a bad idea. You already have to scroll in that download box, so adding the verification process does absolutely no harm.

you can always dig deeper and read the source code, available on https://git.proxmox.com
This may apply to me, but does not apply to the average sysadmin, which is why I am proposing this change. An average sysadmin probably knows that downloading via HTTP can be a bad idea, but may not know how to read code etc. Also, an average sysadmin really can not be supposed to read code in order to check that downloads are verified. This also makes Proxmox look bad, because sysadmins may think that downloads are not verified when they actually are.
 
Last edited:
@tom, @dietmar: Hiding feedback that is security related is a bad idea....

No. Its only a bad idea if you put the user on risk. The appliance download is without any risk for the user.
(FYI, there are just hundred of checks in the back-end which are not displayed on the gui)
 
Fair enough. The average user probably cares about other things more.

Should probably at least slowly move away from MD5. ;-)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!