Gentoo Archives: gentoo-scm

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-scm@l.g.o
Subject: Re: [gentoo-scm] gentoo-x86 on git - Manifests
Date: Thu, 19 Feb 2009 01:30:40
Message-Id: 20090219011827.GC10523@curie-int.orbis-terrarum.net
In Reply to: Re: [gentoo-scm] gentoo-x86 on git - Manifests by Robert Buchholz
On Wed, Feb 18, 2009 at 11:27:41PM +0100, Robert Buchholz wrote:
> On Wednesday 18 February 2009, Robin H. Johnson wrote: > > Using the converse, all files covered by AUX, DIST, MISC have GIT > > SHA1 commit ids. Explicitly performing a checksum on them is not > > needed, just extract it from Git. > These hashes would need to be regenerated for the rsync though, because > otherwise it does not provide integrity and this would make tree > signing impossible. Overlays would have to abandon the hashes though, > otherwise you'll get the same merge trouble again.
On the git->rsync gateway: For non-distfiles: 1. Extract SHA1 from Git 2. Compare to actual file (Git does this implicitly, esp if you have signed Git commits, but you can check again if you want). 3. Generate SHA256/RMD160/other. 4. Append the full hash to Manifest.
> It'll also ease attacks on distfiles when first mirroring them.
Umm, no, you missed part of what I said. I noted that the newer Manifests in Git would contain the hashes for ONLY the distfiles, not for other files. Distfiles suffer zero reduction in security. The master box is NEVER generating the hash for a distfile. For distfiles: (server side) 1. Full set of hashes (SHA1/SHA256/RMD160) is already in Manifest (in a GPG-signed Git commit). 2. Verify the hash on mirroring the file (client side) 3. Verify the hashes/distfile as normal.
> hash and (2) only one box would need to be attacked via > man-in-the-middle, whereas it is currently two.
Your count of needing to attack two boxes presently is wrong. Just pick some community rsyncNN.CC.gentoo.org that also hosts distfiles via HTTP/FTP, and attack that box, replacing both a Manifest and the distfile. -- Robin Hugh Johnson Gentoo Linux Developer & Infra Guy E-Mail : robbat2@g.o GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85

Replies

Subject Author
Re: [gentoo-scm] gentoo-x86 on git - Manifests Robert Buchholz <rbu@g.o>
Re: [gentoo-scm] gentoo-x86 on git - Manifests Arun Raghavan <ford_prefect@g.o>