Skip to content

fix: pin Google Linux signing key#755

Merged
steipete merged 3 commits into
mainfrom
codex/pin-google-apt-key
Jul 1, 2026
Merged

fix: pin Google Linux signing key#755
steipete merged 3 commits into
mainfrom
codex/pin-google-apt-key

Conversation

@steipete

@steipete steipete commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Pin the Google Linux repository key to Google's published primary fingerprint before adding the Chrome APT source.
  • Import in an isolated GnuPG home and scope Chrome trust with signed-by=/etc/apt/keyrings/google-linux.gpg.
  • Preserve existing trust files on verification failure, skip Chrome, and try the distro Chromium fallback without trusting unexpected key material.
  • Apply the same fail-closed contract to the standalone Linux installer and managed worker bootstrap; document and regression-test both paths.

Closes #719.

Security contract

Expected primary fingerprint: EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796, matching Google's current Linux repository signing-key page. Signing-subkey rotation remains supported because the primary key is pinned. A primary-key mismatch never updates the keyring or source list and never falls back to unpinned Google trust.

Verification

  • bash -n scripts/install-linux-developer-tools.sh
  • shellcheck scripts/install-linux-developer-tools.sh
  • node --test scripts/install-linux-developer-tools.test.js — 2/2
  • npm test --prefix worker -- test/bootstrap.test.ts — 17/17
  • Worker format, lint, typechecks, builds, and full tests — 24 files / 700 tests
  • Repository script suite — 345/345
  • Documentation checks/site build — passed
  • go build -trimpath -o /tmp/crabbox ./cmd/crabbox
  • go vet ./...
  • Exact retries of two unrelated race-suite timing flakes — 3/3 each
  • Disposable Ubuntu 24.04 amd64: verified the approved fingerprint, installed Google Chrome 150.0.7871.46 from a scoped pre-install source, confirmed no legacy global trust file, rejected a wrong primary fingerprint, and preserved the prior keyring bytes
  • Autoreview: local repair delta and complete base-to-head diff both clean; zero actionable findings

Scope

This resolves the Google Chrome trust portion of #687. NodeSource and Docker trust hardening remain separate work.

@steipete steipete added impact:security This issue is about security boundaries, credentials, authz, sandboxing, or sensitive data. clawsweeper:needs-security-review ClawSweeper marked this issue as needing security-sensitive review. labels Jul 1, 2026
@clawsweeper

clawsweeper Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Codex review: found issues before merge. Reviewed July 1, 2026, 7:45 AM ET / 11:45 UTC.

Summary
The branch pins Google’s Linux package-signing primary fingerprint in the Linux developer-tools script and Worker cloud-init browser bootstrap, adds mismatch coverage, scopes the Worker Chrome repository with signed-by, and documents the rotation policy.

Reproducibility: yes. for source-level reproduction: current main still downloads and trusts Google Chrome APT key material without a reviewed digest or fingerprint check in both affected paths. I did not run the privileged bootstrap locally during this read-only review.

Review metrics: 2 noteworthy metrics.

  • Trust paths changed: 2 bootstrap paths updated. Both Worker cloud-init and the Linux developer-image script are security-sensitive root package installation paths.
  • Diff surface: 7 files changed, 205 added, 40 removed. The patch spans implementation, tests, docs, and one release-owned changelog file that needs cleanup before merge.

Root-cause cluster
Relationship: fixed_by_candidate
Canonical: #719
Summary: This PR is the candidate fix for the open Google Chrome APT signing-key issue; the broader third-party APT keyring issue remains only partially covered.

Members:

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Remove the CHANGELOG.md entry and keep release-note context in the PR body.

Risk before merge

  • [P1] A legitimate Google primary-key rotation would now make managed Linux Chrome bootstrap fail closed until Crabbox reviews and ships a fingerprint update.
  • [P1] The Worker bootstrap exits on fingerprint mismatch, so browser-enabled Linux leases may fail to reach readiness instead of falling back if maintainers do not accept that availability tradeoff.

Maintainer options:

  1. Approve the fail-closed contract (recommended)
    Maintainers can accept that Google primary-key rotations will block managed Chrome bootstrap until a reviewed fingerprint update and fresh proof land.
  2. Preserve a non-Chrome fallback
    If browser availability should win on primary rotation, revise the patch so an unexpected Google key is never trusted but Chromium fallback can still proceed where supported.
  3. Pause for the broader APT policy
    If maintainers want one trust-anchor contract for Google, NodeSource, and Docker, pause this PR and resolve it with the broader work in [security] Linux developer image bootstrap trusts third-party APT keyrings without pinned digests #687.

Next step before merge

  • [P1] Security-sensitive fail-closed trust-anchor policy needs maintainer approval before merge, and the only mechanical cleanup is secondary to that decision.

Security
Cleared: No concrete supply-chain regression was found in the diff; the security-sensitive remaining question is maintainer approval of the pinned-primary rotation contract.

Review findings

  • [P3] Remove the release-owned changelog entry — CHANGELOG.md:75
Review details

Best possible solution:

Land a narrow Google Chrome trust fix after maintainer security approval of the fail-closed primary-fingerprint contract, remove the release-owned changelog edit, and leave NodeSource/Docker pinning to #687.

Do we have a high-confidence way to reproduce the issue?

Yes for source-level reproduction: current main still downloads and trusts Google Chrome APT key material without a reviewed digest or fingerprint check in both affected paths. I did not run the privileged bootstrap locally during this read-only review.

Is this the best way to solve the issue?

Yes in shape, pending maintainer approval: primary-fingerprint pinning plus signed-by scoping is a narrow repair for the linked issue. The release-owned CHANGELOG.md entry should be removed before merge.

Full review comments:

  • [P3] Remove the release-owned changelog entry — CHANGELOG.md:75
    This workflow treats CHANGELOG.md as release-owned, and the PR body already carries the release-note context. Please drop this entry so release notes can be curated by the release process.
    Confidence: 0.91

Overall correctness: patch is correct
Overall confidence: 0.86

AGENTS.md: found, but no applicable review policy affected this item.

Codex review notes: model internal, reasoning high; reviewed against c99a6dc66f94.

Label changes

Label changes:

  • add P1: The PR addresses a security-sensitive Linux bootstrap trust path that can affect root package installation in managed leases or developer images.
  • add merge-risk: 🚨 compatibility: Existing browser-enabled Linux setups can stop working after a legitimate Google primary-key rotation until a reviewed fingerprint update ships.
  • add merge-risk: 🚨 availability: The patched Worker path exits on fingerprint mismatch, which can prevent a browser-enabled Linux bootstrap from reaching readiness.
  • add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix disposable Ubuntu 24.04 amd64 live proof for key selection, apt update, Chrome install, signed-by scoping, and mismatch refusal.
  • add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
  • add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes after-fix disposable Ubuntu 24.04 amd64 live proof for key selection, apt update, Chrome install, signed-by scoping, and mismatch refusal.
  • remove impact:security: Current review selected no impact labels.

Label justifications:

  • P1: The PR addresses a security-sensitive Linux bootstrap trust path that can affect root package installation in managed leases or developer images.
  • merge-risk: 🚨 compatibility: Existing browser-enabled Linux setups can stop working after a legitimate Google primary-key rotation until a reviewed fingerprint update ships.
  • merge-risk: 🚨 availability: The patched Worker path exits on fingerprint mismatch, which can prevent a browser-enabled Linux bootstrap from reaching readiness.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body includes after-fix disposable Ubuntu 24.04 amd64 live proof for key selection, apt update, Chrome install, signed-by scoping, and mismatch refusal.
  • proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix disposable Ubuntu 24.04 amd64 live proof for key selection, apt update, Chrome install, signed-by scoping, and mismatch refusal.
Evidence reviewed

What I checked:

  • Current main Worker path is still unpinned: Current main downloads Google's Linux signing key into /etc/apt/trusted.gpg.d/google.asc and writes the Chrome source without signed-by before installing google-chrome-stable. (worker/src/bootstrap.ts:1401, c99a6dc66f94)
  • Current main developer-image path is still unpinned: Current main streams fetched APT key bytes through gpg --dearmor and the Chrome path calls that helper for google-linux.gpg without a fingerprint argument. (scripts/install-linux-developer-tools.sh:72, c99a6dc66f94)
  • PR adds Google fingerprint pinning in the shell bootstrap: The PR adds the approved Google Linux signing-key fingerprint, imports downloaded key material in an isolated GNUPGHOME, checks the primary fingerprint, exports only that key, and calls the helper with the fingerprint for Chrome. (scripts/install-linux-developer-tools.sh:17, c3858c3de3d3)
  • PR scopes Worker Chrome trust: The PR-generated Worker bootstrap uses /etc/apt/keyrings/google-linux.gpg, checks the expected fingerprint, exits on mismatch, and writes the Chrome source with signed-by. (worker/src/bootstrap.ts:1401, c3858c3de3d3)
  • Official fingerprint check: Google's Linux repositories page currently lists the active fingerprint as EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796, matching the PR constant.
  • PR body contains real behavior proof and maintainer-decision text: The PR body reports disposable Ubuntu 24.04 amd64 proof for live key selection, apt-get update, Chrome install, signed-by scoping, and deliberate fingerprint-mismatch preservation, and explicitly asks maintainers to approve the fail-closed rotation policy. (c3858c3de3d3)

Likely related people:

  • coygeek: git blame points the affected current-main shell helper and Worker Chrome bootstrap lines to d64bcb4, and coygeek authored the linked source-reproduced security reports. (role: current-line provenance signal and reporter; confidence: medium; commits: d64bcb4f0266; files: scripts/install-linux-developer-tools.sh, worker/src/bootstrap.ts, scripts/install-linux-developer-tools.test.js)
  • steipete: Recent merged commits by Peter Steinberger touched the same Worker bootstrap, Linux developer-tools script, and related tests while hardening desktop and VNC provisioning, so he is a strong routing candidate beyond authoring this PR. (role: recent adjacent contributor; confidence: high; commits: 184979d683b7, 399c94a8f7dc; files: worker/src/bootstrap.ts, worker/test/bootstrap.test.ts, scripts/install-linux-developer-tools.sh)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. P1 Urgent regression or broken agent/channel workflow affecting real users now. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 availability 🚨 Merging this PR could cause crashes, hangs, restart loops, stalls, or process outages. and removed impact:security This issue is about security boundaries, credentials, authz, sandboxing, or sensitive data. labels Jul 1, 2026
@steipete steipete marked this pull request as ready for review July 1, 2026 14:24

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b8ef7b80b0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread worker/src/bootstrap.ts Outdated
@steipete steipete merged commit 9c041eb into main Jul 1, 2026
11 checks passed
@steipete steipete deleted the codex/pin-google-apt-key branch July 1, 2026 14:49

steipete commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Merged as 9c041eb from exact head 23620a9.

Proof:

  • exact-head CI run https://github.com/openclaw/crabbox/actions/runs/28525280191 passed all six jobs: Go, Worker, Scripts, Docs, Apple VZ, and Release Check
  • standalone installer tests 2/2; Worker bootstrap tests 17/17; full Worker 700 tests; script suite 345/345; docs/build/vet gates passed
  • disposable Ubuntu 24.04 amd64 verified Google's approved primary fingerprint, installed Google Chrome 150.0.7871.46 from the scoped source, rejected a wrong primary, and preserved the prior keyring
  • local repair-delta and complete-branch autoreview both clean
  • hosted P1 on pipefail/key-rotation fallback fixed in 23620a9, replied with file/line proof, and resolved

Issue #719 auto-closed. Issue #687 remains open for NodeSource and Docker trust hardening.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

clawsweeper:needs-security-review ClawSweeper marked this issue as needing security-sensitive review. merge-risk: 🚨 availability 🚨 Merging this PR could cause crashes, hangs, restart loops, stalls, or process outages. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. P1 Urgent regression or broken agent/channel workflow affecting real users now. proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[security] Linux bootstrap accepts an unpinned Google Chrome APT signing key

1 participant