Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-scm
Navigation:
Lists: gentoo-scm: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-scm@g.o
From: "Robin H. Johnson" <robbat2@g.o>
Subject: Re: gentoo-x86 on git - Manifests
Date: Wed, 18 Feb 2009 17:18:27 -0800
On Wed, Feb 18, 2009 at 11:27:41PM +0100, Robert Buchholz wrote:
> On Wednesday 18 February 2009, Robin H. Johnson wrote:
> > Using the converse, all files covered by AUX, DIST, MISC have GIT
> > SHA1 commit ids. Explicitly performing a checksum on them is not
> > needed, just extract it from Git.
> These hashes would need to be regenerated for the rsync though, because 
> otherwise it does not provide integrity and this would make tree 
> signing impossible. Overlays would have to abandon the hashes though, 
> otherwise you'll get the same merge trouble again.
On the git->rsync gateway:
For non-distfiles:
1. Extract SHA1 from Git 
2. Compare to actual file (Git does this implicitly, esp if you have
   signed Git commits, but you can check again if you want).
3. Generate SHA256/RMD160/other.
4. Append the full hash to Manifest.

> It'll also ease attacks on distfiles when first mirroring them. 
Umm, no, you missed part of what I said. I noted that the newer
Manifests in Git would contain the hashes for ONLY the distfiles, not
for other files. Distfiles suffer zero reduction in security.
The master box is NEVER generating the hash for a distfile.

For distfiles:
(server side)
1. Full set of hashes (SHA1/SHA256/RMD160) is already in Manifest (in a
   GPG-signed Git commit).
2. Verify the hash on mirroring the file
(client side)
3. Verify the hashes/distfile as normal.

> hash and (2) only one box would need to be attacked via 
> man-in-the-middle, whereas it is currently two.
Your count of needing to attack two boxes presently is wrong. Just pick
some community rsyncNN.CC.gentoo.org that also hosts distfiles via
HTTP/FTP, and attack that box, replacing both a Manifest and the
distfile.

-- 
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail     : robbat2@g.o
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85
Attachment:
pgpzQ2AjXCHdt.pgp (PGP signature)
Replies:
Re: gentoo-x86 on git - Manifests
-- Arun Raghavan
Re: gentoo-x86 on git - Manifests
-- Robert Buchholz
References:
gentoo-x86 on git - Manifests
-- Maciej Mrozowski
Re: gentoo-x86 on git - Manifests
-- Donnie Berkholz
Re: gentoo-x86 on git - Manifests
-- Robin H. Johnson
Re: gentoo-x86 on git - Manifests
-- Robert Buchholz
Navigation:
Lists: gentoo-scm: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: gentoo-x86 on git - Manifests
Next by thread:
Re: gentoo-x86 on git - Manifests
Previous by date:
Re: gentoo-x86 on git - Manifests
Next by date:
Re: gentoo-x86 on git - Manifests


Updated Jun 17, 2009

Summary: Archive of the gentoo-scm mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.