Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
Marius Mauch writes:
>> (1) Run "find /usr/portage -type f | xargs sha1sum -b"
>> on the Gentoo main system.
> What's the 'Gentoo main system'?
The one that carries the authoritative portage tree which
the secondary systems mirror.
>> (2) Sign the output with GPG.
> Who does that?
A script? I already commented on the problem of entering the
pass phrase, so I won't repeat it.
> Basically we do that already with Manifests, just that
> they don't cover the whole tree (yet).
Right. And the fact that they don't cover the whole tree is
exactly the problem I am talking about.
> signing of eclasses/profiles isn't done because of policy
> details
How long do you estimate will it take to get these problems
sorted out?
> But signature verification is a completely different
> beast.
The signatures have to be verified manually anyway, at least
initially. So I am fine with Portage not doing it for me as
long as the signatures _exist_.
> You want to make a huge list with checksums for all files
> and then sign that file. The major problem is that a)
> this list would have to be regenerated at every commit or
> at least each rsync update,
You can use the CVSROOT/* hooks to regenerate only the
hashes for those files that have actually changed. And that
"huge" file is more like 7 MB.
> b) signing would have to be automated which is pretty
> much a no-go
It is a lot better than not signing at all, IMHO. I also
commented on this before, so I won't repeat it.
> c) it would have to be done on the cvs server or the
> master rsync mirror, both are AFAIK already pretty loaded
> boxes.
Hashes can be regenerated incrementally; creating the
signature takes less than a second. Any decent system should
be able to survive that, IMHO. Should this turn out to be
absolutely *impossible*, then I guess you'll need a hardware
upgrade no matter what kind of authentication scheme you
would like to implement.
> the rsync update interval is 30 minutes and other actions
> have to be performed in that window that probably
> interfere with the checksum generation.
On my machine, which is not very fast at all, the entire
hash file can be regenerated from the scratch in about 4
minutes. So even if it takes 10 minutes on the Gentoo
system, that still leaves plenty of time for the other
tasks. It does require some attention to detail that these
processes don't interfere with each other, though. I guess
one would have to _try_ it.
Peter
--
gentoo-security@g.o mailing list
|
|
