[gentoo-soc] Gentoo-GPG: Final Report - gentoo-soc

From:	Angel Perivolaropoulos <justthisthing@×××××.com>
To:	gentoo-soc@l.g.o
Subject:	[gentoo-soc] Gentoo-GPG: Final Report
Date:	Sun, 21 Aug 2016 22:19:48
Message-Id:	`CAOR70Ghg9XAN5ZROBFhcGZLH+GRBvQgtnyzNptJEHnhSXd1PFg@mail.gmail.com`

1

Hello,

2

3

This is the last week of the Gentoo-GPG Google Summer of Code project. It

4

has been a fun ride where I learned a whole lot of things from little

5

Python tricks to how Portage verifies GnuPG signatures. It will be an

6

unforgettable experience that has helped me make an entrance to the open

7

source community and shown me the success and the difficulties that can be

8

found there. Now, for the summary of the work that I have done, I have

9

written it below in two segments, Gentoo-Keys and MetaManifest.

10

11

*Gentoo-Keys*

12

13

In my proposal which can be found here

14

<https://docs.google.com/document/d/14ZCjQuuoymPBgEEOgCs3Evu44t5ZWxfKSjOdU1AfPcU/edit?usp=sharing>,

15

I promised to deliver on many things, most which I was able to achieve,

16

while, in the end, one thing I decided not to prioritize for that time

17

frame, which I replaced with deliverables outside the proposal. More

18

specifically, due to the complexity of pyGPG and Gentoo-Keys, I was unable

19

to make unit tests and was advised not to by my mentors because of time

20

constraints. In return, I spent more time working the email reminder

21

generator and fixing older Gkeys functions. All the other deliverables were

22

accomplished.  A combined PR of all my code that has not yet been merged

23

can be found here <https://github.com/gentoo/gentoo-keys/pull/52>.

24

25

   1. Count Incorrect Qualified IDs and present them in the Spec Check

26

   summary.  (link

27

   <https://github.com/gentoo/gentoo-keys/commit/bacec7da1e7ff446f232d48dcf34b71966df7068>)

28

   (done in the bonding period)

29

   2. Added a requirements file that includes required packages for Gkeys

30

   to run. (link

31

   <https://github.com/gentoo/gentoo-keys/commit/0cb7bf0d8e0d4649f48631956eb3e8026b01639f>)

32

   (done in the 1st week)

33

   3. Fixed the move-seed function that was broken due to more recent

34

   patches. (link

35

   <https://github.com/gentoo/gentoo-keys/commit/423c3bf0b3ae993e15886858aede0a94372b55fd>)

36

   (done in the 1st week)

37

   4. Created the update key function that downloads and installs the seeds

38

   of a selected Gkeys category or all categories. (link

39

   <https://github.com/gentoo/gentoo-keys/pull/46>) (done in the 2nd and

40

   3rd week)

41

   5. Add automatic update seed check whenever Gkeys runs, that checks if

42

   the seeds match with the ones from the server and if not, it gives the user

43

   the option to use update-seed. (link

44

   <https://github.com/gentoo/gentoo-keys/pull/46>) (done in the 4th week

45

   and 5th week)

46

   6. Made the default GPG config file over-ridable in Gkeys-Gen during the

47

   generation of a new key. (link

48

   <https://github.com/gentoo/gentoo-keys/pull/48>) (done in the 4th week)

49

   7. Fixed a small bug in the verify function of Gkeys. (link

50

   <https://github.com/gentoo/gentoo-keys/pull/49>) (done in the 4th week)

51

   8. Created the send-key function (dubbed upload key in the proposal)

52

   that send the selected key/s in the selected server of the config file. In

53

   order to get that to work though, I had to make a small patch in pyGPG as

54

   well. (link <https://github.com/gentoo/gentoo-keys/pull/50>, link

55

   <https://github.com/dol-sen/pyGPG/commit/304a2998b9322dd199adc514c559093300ac7d1f>)

56

   (done in the 5th week)

57

   9. Created an email reminder generation script that works along with

58

   spec-check and using the Spec Check tuple, checks if a key has expired or

59

   is expiring in a selected time frame from the config file and if it is, it

60

   sends an email to the key's owner that includes all the information needed

61

   along with resources on how to update the key. It priorities emails with a

62

   preferred address found in the config file and has the option to login in

63

   either email account found again in the config file. (link

64

   <https://github.com/gentoo/gentoo-keys/pull/51>) (done in the 10th and

65

   11th week)

66

67

*Meta Manifest System*

68

69

In my proposal, I also promised to implement the new Meta Manifest system

70

according to GLEP:58 <https://wiki.gentoo.org/wiki/GLEP:58> which is a

71

system that provides a more efficient way to verify the integrity of Gentoo

72

distribution. It works is by creating many different Manifest files for all

73

important directories of a tree (ex. categories, profiles etc.) and then

74

adding the hash sums of those Manifest files to create a master Meta

75

Manifest file in the root directory, which is afterwards GPG signed by an

76

official Gentoo key. That way, the user only needs to verify the master

77

meta manifest file to check the integrity of the tree, which is much more

78

efficient than checking each manifest file separately. Here

79

<https://github.com/gentoo/portage/pull/38> is the link to the PR. The

80

project was divided in two parts:

81

82

   1. The creation and signing  process of the Meta Manifest files by using

83

   the logic above. (done in the 6th to 8th week)

84

   2. The verification and signature validation process of the Meta

85

   Manifest files.  (done in the 9th to 11th week)

86

87

*Plans for the future*

88

89

My plan for the future is to continue supporting my code for Portage like

90

making minor fixes and reworking some functions from the original manifest

91

code that seem a little inefficient. I would also like to become part of

92

the team developing Gentoo-Keys and prepare for the next release of the

93

platform.

94

95

*Conclusion*

96

97

Finally, I would like to thank all those people that helped me with the

98

project. Firstly my mentors, Pavlos 'dastergon' Ratis, Brian 'dol-sen'

99

Dolbec and Kristian 'K_F' Fiskerstrand for their guidance and suggestions,

100

and always being there whenever I had questions. Also, I would like to

101

thank Doug 'dwfreed' Freed, Zac 'zmedico' Medico and Gilles 'EvaSDK'

102

Dartiguelongue for reviewing my code and giving useful tips.

103

104

- aeroniero

1	Hello,
2
3	This is the last week of the Gentoo-GPG Google Summer of Code project. It
4	has been a fun ride where I learned a whole lot of things from little
5	Python tricks to how Portage verifies GnuPG signatures. It will be an
6	unforgettable experience that has helped me make an entrance to the open
7	source community and shown me the success and the difficulties that can be
8	found there. Now, for the summary of the work that I have done, I have
9	written it below in two segments, Gentoo-Keys and MetaManifest.
10
11	Gentoo-Keys
12
13	In my proposal which can be found here
14	<https://docs.google.com/document/d/14ZCjQuuoymPBgEEOgCs3Evu44t5ZWxfKSjOdU1AfPcU/edit?usp=sharing>,
15	I promised to deliver on many things, most which I was able to achieve,
16	while, in the end, one thing I decided not to prioritize for that time
17	frame, which I replaced with deliverables outside the proposal. More
18	specifically, due to the complexity of pyGPG and Gentoo-Keys, I was unable
19	to make unit tests and was advised not to by my mentors because of time
20	constraints. In return, I spent more time working the email reminder
21	generator and fixing older Gkeys functions. All the other deliverables were
22	accomplished. A combined PR of all my code that has not yet been merged
23	can be found here <https://github.com/gentoo/gentoo-keys/pull/52>.
24
25	1. Count Incorrect Qualified IDs and present them in the Spec Check
26	summary. (link
27	<https://github.com/gentoo/gentoo-keys/commit/bacec7da1e7ff446f232d48dcf34b71966df7068>)
28	(done in the bonding period)
29	2. Added a requirements file that includes required packages for Gkeys
30	to run. (link
31	<https://github.com/gentoo/gentoo-keys/commit/0cb7bf0d8e0d4649f48631956eb3e8026b01639f>)
32	(done in the 1st week)
33	3. Fixed the move-seed function that was broken due to more recent
34	patches. (link
35	<https://github.com/gentoo/gentoo-keys/commit/423c3bf0b3ae993e15886858aede0a94372b55fd>)
36	(done in the 1st week)
37	4. Created the update key function that downloads and installs the seeds
38	of a selected Gkeys category or all categories. (link
39	<https://github.com/gentoo/gentoo-keys/pull/46>) (done in the 2nd and
40	3rd week)
41	5. Add automatic update seed check whenever Gkeys runs, that checks if
42	the seeds match with the ones from the server and if not, it gives the user
43	the option to use update-seed. (link
44	<https://github.com/gentoo/gentoo-keys/pull/46>) (done in the 4th week
45	and 5th week)
46	6. Made the default GPG config file over-ridable in Gkeys-Gen during the
47	generation of a new key. (link
48	<https://github.com/gentoo/gentoo-keys/pull/48>) (done in the 4th week)
49	7. Fixed a small bug in the verify function of Gkeys. (link
50	<https://github.com/gentoo/gentoo-keys/pull/49>) (done in the 4th week)
51	8. Created the send-key function (dubbed upload key in the proposal)
52	that send the selected key/s in the selected server of the config file. In
53	order to get that to work though, I had to make a small patch in pyGPG as
54	well. (link <https://github.com/gentoo/gentoo-keys/pull/50>, link
55	<https://github.com/dol-sen/pyGPG/commit/304a2998b9322dd199adc514c559093300ac7d1f>)
56	(done in the 5th week)
57	9. Created an email reminder generation script that works along with
58	spec-check and using the Spec Check tuple, checks if a key has expired or
59	is expiring in a selected time frame from the config file and if it is, it
60	sends an email to the key's owner that includes all the information needed
61	along with resources on how to update the key. It priorities emails with a
62	preferred address found in the config file and has the option to login in
63	either email account found again in the config file. (link
64	<https://github.com/gentoo/gentoo-keys/pull/51>) (done in the 10th and
65	11th week)
66
67	Meta Manifest System
68
69	In my proposal, I also promised to implement the new Meta Manifest system
70	according to GLEP:58 <https://wiki.gentoo.org/wiki/GLEP:58> which is a
71	system that provides a more efficient way to verify the integrity of Gentoo
72	distribution. It works is by creating many different Manifest files for all
73	important directories of a tree (ex. categories, profiles etc.) and then
74	adding the hash sums of those Manifest files to create a master Meta
75	Manifest file in the root directory, which is afterwards GPG signed by an
76	official Gentoo key. That way, the user only needs to verify the master
77	meta manifest file to check the integrity of the tree, which is much more
78	efficient than checking each manifest file separately. Here
79	<https://github.com/gentoo/portage/pull/38> is the link to the PR. The
80	project was divided in two parts:
81
82	1. The creation and signing process of the Meta Manifest files by using
83	the logic above. (done in the 6th to 8th week)
84	2. The verification and signature validation process of the Meta
85	Manifest files. (done in the 9th to 11th week)
86
87	Plans for the future
88
89	My plan for the future is to continue supporting my code for Portage like
90	making minor fixes and reworking some functions from the original manifest
91	code that seem a little inefficient. I would also like to become part of
92	the team developing Gentoo-Keys and prepare for the next release of the
93	platform.
94
95	Conclusion
96
97	Finally, I would like to thank all those people that helped me with the
98	project. Firstly my mentors, Pavlos 'dastergon' Ratis, Brian 'dol-sen'
99	Dolbec and Kristian 'K_F' Fiskerstrand for their guidance and suggestions,
100	and always being there whenever I had questions. Also, I would like to
101	thank Doug 'dwfreed' Freed, Zac 'zmedico' Medico and Gilles 'EvaSDK'
102	Dartiguelongue for reviewing my code and giving useful tips.
103
104	- aeroniero

Gentoo Archives: gentoo-soc