vcswatch reports that
this package seems to have a new changelog entry (version
0.5.0+wip-1, distribution
UNRELEASED) and new commits
in its VCS. You should consider whether it's time to make
an upload.
Here are the relevant commit messages:
commit a2979c20e1ab2d52e3a961ac7dad45fee9d6345a
Author: Jonathan McDowell <noodles@earth.li>
Date: Fri Jan 17 19:48:10 2020 +0000
Provide key_fetch routine that will not search subkey fingerprints
We have *_key_fetch_fp to search for keys by fingerprint, but that
includes subkeys. While unlikely a subkey could be bound to multiple
certification primary keys, resulting in multiple keys being returned
for a fingerprint query. Provide a plain *_fetch_key that only searches
primary keys and is thus guaranteed to return at most one key.
commit 00e37c36f214bf9d2e9794d3089e64522a6275a2
Author: Jonathan McDowell <noodles@earth.li>
Date: Fri Jan 17 19:28:18 2020 +0000
Cope with colliding 64 bit keyids when verifying signatures
Signature keys can be indicated by 64 bit keyid rather than full
fingerprint; there are very few of this collisions but they do exist and
we should handle them gracefully rather than incorrectly dropping a
signature.
commit 9ae9b738dbb1b0eb7acad93a87228d88a2d39942
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Sep 16 19:57:32 2019 +0100
Update TODO list
commit b5ef55e1eba3486c5499490fea28fbe3e6033459
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Sep 16 19:51:22 2019 +0100
Add a basic README.md for the top level directory
commit f64729f7ef5bf4fde2e86f2cab93dc26f056fae6
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Sep 16 19:34:32 2019 +0100
Move docs into their own subdirectory
commit f3745f1a2bbf08e7e1abed1a980f076ffa4f1dfd
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Sep 8 18:05:38 2019 +0100
Add configuration file comment for check_packet_size option
commit a000448ed7ca6932cf1a7936fa43e56395b16f77
Author: Jonathan McDowell <noodles@earth.li>
Date: Sat Sep 7 19:56:04 2019 +0000
Add defines for nettle_get_secp_* for Nettle pre 3.4
Debian 9 (stretch) has Nettle 3.3, so define these fallbacks so we
can build with crypto support there.
commit c981a80699901eb3d513a4cc9355574a69016037
Author: Jonathan McDowell <noodles@earth.li>
Date: Sat Sep 7 12:04:14 2019 +0000
Add support for full signature verification
For a long time it has been known that attacks against the keyserver
network were easy due to the lack of cryptographic verification on
signatures, as well as the lack of other checks and balances. Add the
ability to actually verify signatures, allowing those are that are not
valid (or that come from non-present keys) to be removed.
commit 6565bed3065d1751abf469da1a85884d9ddde759
Author: Jonathan McDowell <noodles@earth.li>
Date: Fri Sep 6 18:56:51 2019 +0100
Error out if there's any problem setting up the keyd socket
Rather than ending up in an accept() loop that goes nowhere, print
the error we saw and exit.
commit da8b732cf8223bbd4f5bc45a7db1d430fb531bf2
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Sep 5 16:17:42 2019 +0100
Add dependency on pkg-config
The move to cmake requires pkg-config in order to find nettle-dev
correctly.
commit 39a6e85be51e4bfb04d08d07b8b84a753e6b9765
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Sep 5 14:18:33 2019 +0100
Add MD5_DIGEST_SIZE to our local MD5 implementation header
This is present in libnettle and has been made use of recently to
avoid a hard coded digest length value.
commit 52f5de3b2bfc272187772b03b3bcb8e069626b51
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Sep 5 14:06:44 2019 +0100
Remove v5 keyid support when libnettle not present
v5 key fingerprints are SHA256 based. We have fallbacks for MD5 + SHA1
when libnettle is not present, but there's no intent to provide a SHA256
fallback, and we're close to the point where support for building
without libnettle will be removed entirely.
commit 8ee9a59daf7a1ab1bf4ad8f4d2bcb88282db58a8
Author: Jonathan McDowell <noodles@earth.li>
Date: Wed Aug 28 08:20:03 2019 +0100
Pass a keydb context into cleankeys in preparation for signature checks
In order to validate signatures cleankeys() will need to do key lookups
of the signing keys. Plumb in the database context in preparation for
this.
commit 51c1a7dd950efef6a4d00df1878341777f8064ff
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Aug 27 18:56:46 2019 +0100
Move key database backends into their own directory
These logically sit together and are separate from the core code, so
move them off to a separate directory. There are various bits of support
that should be hived off the core libonak and move in here too, but that
can wait until later.
commit dfab9e96ee1fa4a10acf9c1cf644d7a4366a5af6
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Aug 22 08:17:49 2019 +0100
Cleanup postinst to avoid recursive chown of database
The recursive chown of /var/lib/onak has the potential to be abused
during installation, so just chown the top level directory and then run
the onak that's initialising the DB as the onak user, rather than root.
commit 70842462a490e56a607a48b2d27807816c4d8a80
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Aug 22 08:07:46 2019 +0100
Set Rules-Requires-Root to no
We can build as a normal user.
commit c3fe49f62ac8d87e4e0ac836891792e9c10035a2
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Aug 22 07:19:36 2019 +0100
Bump debhelper compat level to 10
Also remove now unnecessary build-depend on dh-systemd.
commit 917ee39cc46d3d215b8cb9594c6223fbb19f4681
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Aug 22 07:14:38 2019 +0100
Remove git clone depth for Travis-CI
The default of 50 wasn't enough to be able to "git describe" our current
revision for the build process.
commit b9ea568af87d8b9c4d9afb0819ac20f8e2c3f885
Author: Jonathan McDowell <noodles@earth.li>
Date: Wed Aug 21 20:07:09 2019 +0100
Add test for blacklisting functionality
commit 9ce8c6ced68d45b462abb4c6531b6476f4d1e681
Author: Jonathan McDowell <noodles@earth.li>
Date: Wed Aug 21 18:56:57 2019 +0100
Add option to only accept updates for existing keys
It's plausible in a curated keyring scenario where a keyserver should
accept updates to existing keys (new signatures, updated expiries, new
subkeys) but no entirely new keys. Add a configuration file option which
enforces this behaviour.
commit 3886942162fd8193d8a804a685a3f96a65b9712c
Author: Jonathan McDowell <noodles@earth.li>
Date: Wed Aug 21 18:55:32 2019 +0100
Add blank line before armoured PGP data
When removing the Version: header it's still necessary to have a blank
line before the actual armoured data.
commit 7a255dd9b5307228b6706904d3def738c3628e45
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Aug 20 08:12:52 2019 +0100
Clean up signature hash calculation code
Use the defined digest lengths for MD5/SHA1/SHA1X rather than magic
numbers, clear the hash type at the start and then only set it if we
know it.
commit be5ba2d0e5abe871511b60918ace010acddb1f5e
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Aug 19 08:29:40 2019 +0100
Update Travis CI to use Ubuntu 18.04 instead of 16.04
commit 86936a047acc793ea7abc80b665ee3e4e538143a
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Aug 19 08:25:15 2019 +0100
Clean up GCC warnings
GCC -Wall found a valid issue with a & instead of a && in the keyring DB
backend, a buffer assignment missing a cast and some unused variables in
the DB4 backend.
commit da1f0ee80a15a9fb6a7d15e81f39ad9dc34db406
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Aug 19 07:28:16 2019 +0100
Clean up use of shifts beyond composite types
GCC with the -fsanitize=undefined flag issues complaints like:
runtime error: left shift of 232 by 24 places cannot be represented in
type 'int'
due to the fact we shift the byte values into a 64 bit value. Rather
than adding lots of casts split out the formation into a set of steps
that doesn't end up shifting the byte value, just the final 64 bit
value.
commit a94e29c9a3763f96b1c773f0818b97e4fd0777b0
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Aug 18 21:55:45 2019 +0100
Add support for a key fingerprint blacklist
There are various keys in the wild, such as Evil32 (https://evil32.com/)
which a keyserver is unlikely to want to carry in the general case.
Introduce the capability to have a blacklist of fingerprints which will
not be accepted into the keyserver.
commit eb94eab34a0893fb5b8f78652f338df85f492a9b
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Aug 18 20:46:39 2019 +0100
Deprecate the .conf configuration file format
The old .conf config file was intended to be compatible with the ancient
PKS keyserver. All new features are only supported with the .ini format
and this is going to make the automated tests supporting both more
awkward. So deprecate the old style and stop testing it.
commit f869498b2b159bd3d363fb2f9d803b99c44de8bc
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Aug 18 19:30:06 2019 +0100
Fix memory leak when updating keys
If the first new key had no new components we'd remove it from the list
but not actually free it. Fix things up so we free it properly. Found
with gcc's -fsanitize=leak option.
commit a8c0920cce727a12697154a85896f2a3ba47eb75
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Aug 18 19:03:44 2019 +0100
Fix up memory leaks in fs keydb backend deletion
We need to clean up the wordlist we created, as well as the copy of the
actual key we retrieved.
commit 2b28bb7cc65dc9594092dff860fd89bd14dd8b27
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Aug 18 18:49:47 2019 +0100
Fix memory leak in makewordlistfromkey()
We were building a linked list of words in each UID, but then not
cleaning up this linked list when we were done with it. Found with gcc
-fsanitize=leak
commit d623a1b8e656cc5f45b360b402dfc974c711c8d3
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Aug 18 14:55:09 2019 +0100
Properly free database context when cleaning up fs backend
commit 5e2c81ee4acb5bf3eb4afdbc766646ba06f96dd9
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Aug 18 11:03:47 2019 +0100
Fix memory leak when merging key signatures
This is a long-standing memory leak when merging signed packet lists. It
hasn't been observed in the wild because the key merging is normally
done in a transient process. Found using GCC with -fsanitize=leak
commit d7d1077c759ec370ef776eba1d855837b3d6c597
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Aug 12 19:03:05 2019 +0100
Cleanup DB4 deletion code from pre-fingerprint period
Some remanents from the key ID based deletion function that are no
longer needed.
commit 35be219c978ea1869cd6dae4649478e2d503a7b6
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Aug 12 18:59:54 2019 +0100
Fix up key deletion by key ID with onak tool
The call to db_delete_key() was claiming we were in a transaction, which
isn't true and causes failures with deletion with DB4.
commit 372df79a3c51d8de54440aba9b05f0af28b005a7
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Aug 5 19:27:06 2019 +0100
Expose more of calculating the packet signature hash
As preparation for full signature verification move to calculating the
signature hash and exposing it, and then doing the verification in the
cleaning routine.
commit 2708d5a06ad2ef872ea89aca822328f98a86e7cb
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Aug 4 19:19:31 2019 +0100
Drop v3 keys by default when cleaning keys
v3 keys have long been considered insecure. While we want to retain
support for them there's no reason most keyservers should actually store
them these days. So drop them by default when running cleankeys()
commit f063495a9a479e094216875001e3e006344eebcd
Author: Jonathan McDowell <noodles@earth.li>
Date: Sat Aug 3 11:10:09 2019 +0100
Fix header size for v5 packet sig checks
The keyheader for a v5 signature has a 4 byte length instead of a 2 byte
length, but the structure hadn't been increased in size.
commit 3877403043acfbfa57497d3ba51a5ec2db1c77dc
Author: Jonathan McDowell <noodles@earth.li>
Date: Sat Aug 3 09:35:23 2019 +0100
Move CGI sources to their own subdirectory
Cleanup the code structure a bit by pulling those files only used for
the HKP interface into their own directory.
commit 42977c5361ef21c99bc157e9c7edbba49243014f
Author: Jonathan McDowell <noodles@earth.li>
Date: Sat Aug 3 09:09:41 2019 +0100
Remove unused worddb_cmp() from DB4 backend
This function was no longer used, so remove it.
commit c063c72b0e63842f5466e0983183c98d4e05c54e
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Aug 1 22:32:51 2019 +0100
Remove getfullkeyid functionality
This expanded a 32 bit key ID into a 64 bit key ID. It's mostly
redundant, so encode 64 bit key IDs where necessary and rely on the
fetch fallback to 32 bit elsewhere.
commit 5cb163e87c7f0717aa94ca281a56e572c2a6c8f3
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Aug 1 22:18:24 2019 +0100
Change delete_key to use a full fingerprint
delete_key was deleting a key based on the keyid, which is
insufficiently precise. Move over to the full fingerprint (even though
with some backends this is an effective no-op for now).
commit fd9ca85878543771a7f09afd821a5a5511e71aea
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Aug 1 19:19:30 2019 +0100
Improve handling of colliding 64-bit key IDs
Originally key retrieval was all performed on the 64 bit key ID but back
in 2013 support was added for fetching by fingerprint. However not all
the pieces to deal with colliding 64 bit IDs were added at this time.
This commit improves things by:
* Using the fingerprint to retrieve the key to update in update_keys()
* Returning all keys that share a 64 bit key ID from the DB4 backend,
rather than just the first found.
* Adding a test to ensure multiple keys are returned for a colliding
key lookup.
It also removes the old compatibility code for the DB4 backend with key
lookups by 64 bit key ID.
Note this isn't yet common in the wild; unlike Evil32 it is not possible
to create collisions for arbitrary key IDs.
commit d1b4ba940d6bed575b40ac1026514c0b97d5128b
Author: Jonathan McDowell <noodles@earth.li>
Date: Wed Jul 31 20:49:30 2019 +0100
Fix potential memory leak in wotsap tool
In failure paths we can leak the memory allocated to hold the directory
path. This isn't really a problem, as we'll exit shortly afterwards, but
scan-build complains and we should really fix for completeness.
commit a26c8e732ad4044b86c84924afce0c36bbc9f59a
Author: Jonathan McDowell <noodles@earth.li>
Date: Wed Jul 31 19:17:44 2019 +0100
Enable sighash checking for v5 keys
v5 signatures are calculated slightly differently than v4 signatures, so
allow for this when checking the 2 leading bytes of the signature hash.
commit 1a9c2d7545a4bafd7a601a8983192c4861d89c68
Author: Jonathan McDowell <noodles@earth.li>
Date: Wed Jul 31 19:08:37 2019 +0100
Exit on failure to initialise a dynamic DB backend
The dynamic DB backend does a lot of checks to ensure it can load the
requested backend successfully, but didn't actually check that it
initialised correctly. Bomb out with a graceful error message if this
happens rather than leading the caller to think everything is ok.
commit 4baef3532b82bcaaa1aecc376b7e63e8a20d8bf7
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Jul 30 19:40:17 2019 +0100
Add an OpenPGP keyring backed database backend
Allow the use of an OpenPGP keyring (like keyring.gpg from GnuPG v1) as
a read-only database backend. This is just a collection of keys
concatenated together. The file is mmaped on load and parsed for keys,
then simple linear searches are done for keyids/fingerprints.
Performance with large numbers of keys will not be good.
commit b3c67e7383ef6ece55dcf6fbfa9587f5d0a14546
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Jul 30 15:32:34 2019 -0300
Add more generic OID parsing to decodekey
Rather than only parsing the encoded OID to calculate the key size make
a helper function in decodekey and use that. This will be useful when
trying to parse key material for signature checks.
commit 2039724ebd70536ad567630725f6b75b7868e486
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Jul 30 15:26:58 2019 -0300
Export fingerprint_cmp from keyarray.c
Comparing fingerprints is generally useful outside of the routines in
keyarray.c, so export the function prototype in the header file.
commit 4b6032dbfb20e041043cfa0b6b84145f49a98a11
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Jul 8 12:06:31 2019 +0100
Remove Version: header from armored output
There is no benefit to this header and it leaks information about the
implementation of OpenPGP in use, which may open up other attacks. Drop
it.
commit 4b4592942fc58994cae56118173ad77d55c6f157
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 16 09:14:03 2019 +0100
Remove auto* related files from .gitignore
commit 41b7047c909cb5d8243901080db4931ebf165acf
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 16 21:09:29 2019 +0100
Stop using 32-bit key IDs
The time for 32-bit key IDs is long past (and even 64-bits are risky),
so switch to 64-bit IDs everywhere we display a key ID.
commit 37801dca09e004c214604ae66323a628e100258d
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 16 07:48:24 2019 +0100
Assume if we have Nettle it has all the hashes we need
Older versions of Nettle didn't support the SHA2 functions fully so we
checked for their existence. Switch to assuming they're present if we
have Nettle at all.
commit 5804040a89edac8446d71c5a3f369e5997b20806
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Apr 15 19:48:58 2019 +0100
Move Travis to do CMake configure + build
Once more, with feeling, for the move from autoconf to cmake.
commit 7a83d0b243dd26c8d2cfb4b28aad1b0c10ae19f2
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Apr 15 19:39:24 2019 +0100
Add CMake dependency for Travis CI
commit 3512fa56e404e5dc2e3a6a3ca6fa23eb25760493
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Apr 15 19:34:47 2019 +0100
Drop "autoreconf -i" for Travis CI now we're using CMake
commit add20f8102d4e5a43957b62e59174378a23f4bc2
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Apr 15 19:23:20 2019 +0100
Don't require a database connection for a key index
We need an active keydb backend if we want to be able to lookup
UIDs for signatures, but if we don't have one we can still index the
key. Only use keyid2uid when we have a non-NULL dbctx.
commit 85187675424f3854869f1607afd8a1e84e536946
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Apr 15 19:19:22 2019 +0100
Add support for v5 keys
v5 is being specified in RFC4880bis. It uses a slightly different packet
format for public key packets and uses SHA2-256 for fingerprints. Add
basic support for parsing and storing these days, and some new unit
tests using the v5 test key.
commit f8407f2ed06cdc0cca8c2421023255886c12ea6d
Author: Jonathan McDowell <noodles@earth.li>
Date: Mon Apr 15 10:22:12 2019 +0100
Add support for issuer fingerprint subpackets
A new subpacket containing the entire fingerprint of the signature
issuer has been added in RFC4880bis. This improves the old issuer keyid
subpacket type.
commit a799cc2909f47d918d1ec7171a9edba28a9f5136
Author: Jonathan McDowell <noodles@earth.li>
Date: Sun Apr 14 17:51:11 2019 +0100
Move to CMake over autoconf
The auto* tools are hard to work with, and I'd like to split out various
bits of onak into a shared library useful to other projects as well as
various internal helpers (e.g. a backend DB library). To help with that
move over to CMake as a more modern but still widely available build
system.
commit 94422621d7c1300ae7001d13590570f9d4ad2a07
Author: Jonathan McDowell <noodles@earth.li>
Date: Wed Apr 10 19:05:10 2019 +0100
Cleanup tests to be able to run from a different directory
runtests assumes its run from the directory it lives in, and that this
is the build directory. Improve it to be able to cope with a build in a
different directory to the source and work out the correct paths.
commit adc800dbc424a1e246dd4a82a0c2e88eeda25531
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 9 20:54:57 2019 +0100
Add ability to drop overly large packets
As per draft-dkg-openpgp-abuse-resistant-keystore add the ability to
drop "large" packets. These are defined as UIDs more than 1024 bytes
long, UATs greater than 64k in size and all other packets larger than
8383 bytes (the maximum that will fit in a 2 byte new format packet
length). Disabled by default, enable with "check_packet_size" in the
verification config section.
commit a0d1c99184eeb07a6a7711e168c3db4b8c0937eb
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 9 19:53:54 2019 +0100
Use a set of policy flags to indicate what key cleaning to perform
To decouple cleankeys.c from the keyserver config, and prepare for an
extension of the policies available, use a set of flags to indicate what
key cleaning to perform.
commit 5719b2b50c87d77e4ed1cc054f000845fc9aa8cc
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 9 19:30:53 2019 +0100
Add Vim backup files + GNU Global tags to .gitignore
commit 490c02ce72b7fa7cedecf7acaae46713fff507da
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 9 19:22:03 2019 +0100
Update Travis CI config to use Xenial
The default of Trusty is failing to find libsystemd-dev.
commit 357fbc65bfab230bbf12313e8b458d8325a6174f
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 9 15:55:02 2019 +0100
Move keysigs into its only user, keydb.c
keysigs is only actually used within keydb.c and pulls in stats
structures unnecessarily to decodekey.c, so pull it inline.
commit 63024252ef5bc13b0b920112b91c1945e0cc6f13
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 9 15:42:28 2019 +0100
Move free_statskey into hash.c
free_statskey() is only used within hash.c, so move it out of mem.c and
scope it more narrowly.
commit 6df51fef2960f533a741fb7290867387ed3fbba5
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 9 14:54:13 2019 +0100
Update GPL location to URL rather than postal address
commit 0c120d1895d25b59abe338862189be1b87447569
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 9 14:38:03 2019 +0100
Cleanup various includes
Run include-what-you-use and do some cleanups based on its suggestions.
Pull out some logging dependencies that don't need to be there in the
process.
commit f98869fbb272a11751a1477e083898b8d41c94c6
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Apr 9 13:30:37 2019 +0100
Clean up a couple of format truncation warnings
Newer GCCs will warn about truncation in strncpy/snprintf etc, so re-jig
things a bit to try and avoid it.
commit 409ce1e3784064ab8f2786a9600a30809c502a46
Author: Jonathan McDowell <noodles@earth.li>
Date: Tue Sep 25 11:07:06 2018 +0100
Use generic fallback in stacked backend for non core routines
The non-core routines that don't directly return or store a key
structure often fall back to the generic routines under the hood. This
means we can miss propagating a retrieved key up to the top level of the
stack. Avoid this by only calling the non-generic version for the top
layer, then falling back to the generics which will do the appropriate
store on fallback.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/o/onak.png){kind=link}