[gentoo-commits] data/glep:master commit in: / - gentoo-commits

From:	"Michał Górny" <mgorny@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] data/glep:master commit in: /
Date:	Sat, 25 Nov 2017 20:49:43
Message-Id:	`1511642956.690d69f57d1a4d353db489c0b5f85017c2d874cb.mgorny@gentoo`

1

commit:     690d69f57d1a4d353db489c0b5f85017c2d874cb

2

Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>

3

AuthorDate: Tue Nov 21 17:14:53 2017 +0000

4

Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>

5

CommitDate: Sat Nov 25 20:49:16 2017 +0000

6

URL:        https://gitweb.gentoo.org/data/glep.git/commit/?id=690d69f5

7

8

glep-0074: Apply suggestions from Ulrich Müller

9

10

 glep-0074.rst | 47 +++++++++++++++++++++++++----------------------

11

 1 file changed, 25 insertions(+), 22 deletions(-)

12

13

diff --git a/glep-0074.rst b/glep-0074.rst

14

index 46ad9fe..278882d 100644

15

--- a/glep-0074.rst

16

+++ b/glep-0074.rst

17

@@ -181,7 +181,8 @@ During the verification process, the client should compare the timestamp

18

 against the update time obtained from a local clock or a trusted time

19

 source. If the comparison result indicates that the Manifest at the time

20

 of receiving was already significantly outdated, the client should

21

-either fail the verification or require manual confirmation from user.

22

+either fail the verification or require manual confirmation from

23

+the user.

24

25

 Furthermore, the Manifest provider may employ additional methods

26

 of distributing the timestamps of recently generated Manifests

27

@@ -202,11 +203,11 @@ The Manifest files can specify the following tags:

28

29

 ``TIMESTAMP <iso8601>``

30

   Specifies a timestamp of when the Manifest file was last updated.

31

-  The timestamp must be a valid second-precision ISO8601 extended format

32

-  combined date and time in UTC timezone, i.e. using the following

33

-  ``strftime()`` format string: ``%Y-%m-%dT%H:%M:%SZ``. Optional.

34

-  The package manager can use it to detect an outdated repository

35

-  checkout as described in `Timestamp verification`_.

36

+  The timestamp must be a valid second-precision ISO 8601 extended

37

+  format combined date and time in UTC timezone, i.e. using

38

+  the following ``strftime()`` format string: ``%Y-%m-%dT%H:%M:%SZ``.

39

+  Optional. The package manager can use it to detect an outdated

40

+  repository checkout as described in `Timestamp verification`_.

41

42

 ``MANIFEST <path> <size> <checksums>...``

43

   Specifies a sub-Manifest. The sub-Manifest must be verified like

44

@@ -218,7 +219,8 @@ The Manifest files can specify the following tags:

45

   Ignores a subdirectory or file from Manifest checks. If the specified

46

   path is present, it and its contents are omitted from the Manifest

47

   verification (always pass). *Path* must be a plain file or directory

48

-  path without a trailing slash, and must not contain wildcards.

49

+  path without a trailing slash. Wildcards are not supported

50

+  and wildcard characters are interpreted literally.

51

52

 ``DATA <path> <size> <checksums>...``

53

   Specifies a regular file subject to Manifest verification. The file

54

@@ -250,7 +252,7 @@ allowed at the package directory level:

55

56

 ``AUX <filename> <size> <checksums>...``

57

   Equivalent to the ``DATA`` type, except that the filename is relative

58

-  to ``files/`` subdirectory.

59

+  to the ``files/`` subdirectory.

60

61

62

 Algorithm for full-tree verification

63

@@ -267,9 +269,9 @@ can be used:

64

    from the *present* set.

65

66

 3. Process all ``MANIFEST`` entries, recursively. Verify the Manifest

67

-   files according to `file verification`_ section, and include their

68

-   entries in the current Manifest entry list (using paths relative

69

-   to directories containing the Manifests).

70

+   files according to the `file verification`_ section, and include

71

+   their entries in the current Manifest entry list (using paths

72

+   relative to directories containing the Manifests).

73

74

 4. Process all ``IGNORE`` entries. Remove any paths matching them

75

    from the *present* set.

76

@@ -277,12 +279,12 @@ can be used:

77

 5. Collect all files covered by ``DATA``, ``MISC``, ``EBUILD``

78

    and ``AUX`` entries into the *covered* set.

79

80

-6. Verify the entries in *covered* set for incompatible duplicates

81

+6. Verify the entries in the *covered* set for incompatible duplicates

82

    and collisions with ignored files as explained in `Manifest file

83

    locations and nesting`_.

84

85

 7. Verify all the files in the union of the *present* and *covered*

86

-   sets, according to `file verification`_ section.

87

+   sets, according to the `file verification`_ section.

88

89

90

 Algorithm for finding parent Manifests

91

@@ -299,7 +301,7 @@ the following algorithm can be used:

92

93

 3. If the current directory contains a ``Manifest`` file:

94

95

-   a. If a ``IGNORE`` entry in the ``Manifest`` file covers

96

+   a. If an ``IGNORE`` entry in the ``Manifest`` file covers

97

       the *original* directory (or one of the parent directories), stop.

98

99

    b. Otherwise, store the current directory as *last_found*.

100

@@ -560,7 +562,7 @@ specification syntax [#PMS-FETCH]_ implicitly makes it impossible to use

101

 filenames containing whitespace.

102

103

 This specification aims to avoid arbitrary restrictions. For this

104

-reason, the filename characters are only restricted by excluding two

105

+reason, filename characters are only restricted by excluding two

106

 technically problematic groups:

107

108

 1. The NULL character (``U+0000``) is normally used to indicate the end

109

@@ -568,7 +570,7 @@ technically problematic groups:

110

    written using C. Furthermore, it is not allowed in any known

111

    filesystem.

112

113

-2. The whitespace characters are used to separate Manifest fields. While

114

+2. Whitespace characters are used to separate Manifest fields. While

115

    technically it would be enough to restrict space (``U+0020``)

116

    character that is normally used as the separator, all whitespace

117

    characters are forbidden to avoid confusion and implementation

118

@@ -628,7 +630,7 @@ Two arguments were mentioned for the usefulness of a ``MISC`` type:

119

 1. being able to reduce the checkout size by stripping unnecessary

120

    files out, and

121

122

-2. being able to run update automatically generated files locally

123

+2. being able to update automatically generated files locally

124

    without causing unnecessary verification failures.

125

126

 However, the usefulness of ``MISC`` in both cases is doubtful.

127

@@ -675,7 +677,7 @@ should provide an ability to obtain the timestamps of all Manifests

128

 from a recent timeframe over a secure channel from a trusted source

129

 for comparison.

130

131

-Strictly speaking, this information is already provided by the various

132

+Strictly speaking, this information is provided by the various

133

 ``metadata/timestamp*`` files that are already present. However,

134

 including the value in the Manifest itself has a little cost

135

 and provides the ability to perform the verification stand-alone.

136

@@ -817,7 +819,7 @@ exposes decompressor vulnerabilities, or a zip bomb.

137

138

 The OpenPGP cleartext signature covers the contents of the Manifest,

139

 and is therefore compressed along with them. The possibility of using

140

-detached signature has been considered but it was rejected as

141

+a detached signature has been considered but it was rejected as

142

 unnecessary complexity for minor gain.

143

144

 Technically, a similar result could be effected via moving all the data

145

@@ -829,8 +831,8 @@ The existence of additional entries for uncompressed Manifest checksums

146

 was debated. However, plain entries for the uncompressed file would

147

 be confusing if only the compressed file existed, and conflicting

148

 if both uncompressed and compressed variants existed. Furthermore,

149

-it has been pointed out that ``DIST`` entries do not have uncompressed

150

-variant either.

151

+it has been pointed out that ``DIST`` entries do not have

152

+an uncompressed variant either.

153

154

155

 Performance considerations

156

@@ -962,12 +964,13 @@ References

157

    (https://www2.cs.arizona.edu/stork/packagemanagersecurity/attacks-on-package-managers.html)

158

159

 .. [#DIST] According to Robin H. Johnson, 8.4% of all DIST entries

160

-   at the time of writing are duplicate, representing a 2 MiB

161

+   at the time of writing are duplicate, representing 2 MiB

162

    out of 25 MiB of DIST entries altogether.

163

164

 .. [#GEMATO] gemato: Gentoo Manifest Tool

165

    (https://github.com/mgorny/gemato/)

166

167

+

168

 Copyright

169

 =========

170

 This work is licensed under the Creative Commons Attribution-ShareAlike 3.0

1	commit: 690d69f57d1a4d353db489c0b5f85017c2d874cb
2	Author: Michał Górny <mgorny <AT> gentoo <DOT> org>
3	AuthorDate: Tue Nov 21 17:14:53 2017 +0000
4	Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
5	CommitDate: Sat Nov 25 20:49:16 2017 +0000
6	URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=690d69f5
7
8	glep-0074: Apply suggestions from Ulrich Müller
9
10	glep-0074.rst \| 47 +++++++++++++++++++++++++----------------------
11	1 file changed, 25 insertions(+), 22 deletions(-)
12
13	diff --git a/glep-0074.rst b/glep-0074.rst
14	index 46ad9fe..278882d 100644
15	--- a/glep-0074.rst
16	+++ b/glep-0074.rst
17	@@ -181,7 +181,8 @@ During the verification process, the client should compare the timestamp
18	against the update time obtained from a local clock or a trusted time
19	source. If the comparison result indicates that the Manifest at the time
20	of receiving was already significantly outdated, the client should
21	-either fail the verification or require manual confirmation from user.
22	+either fail the verification or require manual confirmation from
23	+the user.
24
25	Furthermore, the Manifest provider may employ additional methods
26	of distributing the timestamps of recently generated Manifests
27	@@ -202,11 +203,11 @@ The Manifest files can specify the following tags:
28
29	``TIMESTAMP <iso8601>``
30	Specifies a timestamp of when the Manifest file was last updated.
31	- The timestamp must be a valid second-precision ISO8601 extended format
32	- combined date and time in UTC timezone, i.e. using the following
33	- ``strftime()`` format string: ``%Y-%m-%dT%H:%M:%SZ``. Optional.
34	- The package manager can use it to detect an outdated repository
35	- checkout as described in `Timestamp verification`_.
36	+ The timestamp must be a valid second-precision ISO 8601 extended
37	+ format combined date and time in UTC timezone, i.e. using
38	+ the following ``strftime()`` format string: ``%Y-%m-%dT%H:%M:%SZ``.
39	+ Optional. The package manager can use it to detect an outdated
40	+ repository checkout as described in `Timestamp verification`_.
41
42	``MANIFEST <path> <size> <checksums>...``
43	Specifies a sub-Manifest. The sub-Manifest must be verified like
44	@@ -218,7 +219,8 @@ The Manifest files can specify the following tags:
45	Ignores a subdirectory or file from Manifest checks. If the specified
46	path is present, it and its contents are omitted from the Manifest
47	verification (always pass). Path must be a plain file or directory
48	- path without a trailing slash, and must not contain wildcards.
49	+ path without a trailing slash. Wildcards are not supported
50	+ and wildcard characters are interpreted literally.
51
52	``DATA <path> <size> <checksums>...``
53	Specifies a regular file subject to Manifest verification. The file
54	@@ -250,7 +252,7 @@ allowed at the package directory level:
55
56	``AUX <filename> <size> <checksums>...``
57	Equivalent to the ``DATA`` type, except that the filename is relative
58	- to ``files/`` subdirectory.
59	+ to the ``files/`` subdirectory.
60
61
62	Algorithm for full-tree verification
63	@@ -267,9 +269,9 @@ can be used:
64	from the present set.
65
66	3. Process all ``MANIFEST`` entries, recursively. Verify the Manifest
67	- files according to `file verification`_ section, and include their
68	- entries in the current Manifest entry list (using paths relative
69	- to directories containing the Manifests).
70	+ files according to the `file verification`_ section, and include
71	+ their entries in the current Manifest entry list (using paths
72	+ relative to directories containing the Manifests).
73
74	4. Process all ``IGNORE`` entries. Remove any paths matching them
75	from the present set.
76	@@ -277,12 +279,12 @@ can be used:
77	5. Collect all files covered by ``DATA``, ``MISC``, ``EBUILD``
78	and ``AUX`` entries into the covered set.
79
80	-6. Verify the entries in covered set for incompatible duplicates
81	+6. Verify the entries in the covered set for incompatible duplicates
82	and collisions with ignored files as explained in `Manifest file
83	locations and nesting`_.
84
85	7. Verify all the files in the union of the present and covered
86	- sets, according to `file verification`_ section.
87	+ sets, according to the `file verification`_ section.
88
89
90	Algorithm for finding parent Manifests
91	@@ -299,7 +301,7 @@ the following algorithm can be used:
92
93	3. If the current directory contains a ``Manifest`` file:
94
95	- a. If a ``IGNORE`` entry in the ``Manifest`` file covers
96	+ a. If an ``IGNORE`` entry in the ``Manifest`` file covers
97	the original directory (or one of the parent directories), stop.
98
99	b. Otherwise, store the current directory as last_found.
100	@@ -560,7 +562,7 @@ specification syntax [#PMS-FETCH]_ implicitly makes it impossible to use
101	filenames containing whitespace.
102
103	This specification aims to avoid arbitrary restrictions. For this
104	-reason, the filename characters are only restricted by excluding two
105	+reason, filename characters are only restricted by excluding two
106	technically problematic groups:
107
108	1. The NULL character (``U+0000``) is normally used to indicate the end
109	@@ -568,7 +570,7 @@ technically problematic groups:
110	written using C. Furthermore, it is not allowed in any known
111	filesystem.
112
113	-2. The whitespace characters are used to separate Manifest fields. While
114	+2. Whitespace characters are used to separate Manifest fields. While
115	technically it would be enough to restrict space (``U+0020``)
116	character that is normally used as the separator, all whitespace
117	characters are forbidden to avoid confusion and implementation
118	@@ -628,7 +630,7 @@ Two arguments were mentioned for the usefulness of a ``MISC`` type:
119	1. being able to reduce the checkout size by stripping unnecessary
120	files out, and
121
122	-2. being able to run update automatically generated files locally
123	+2. being able to update automatically generated files locally
124	without causing unnecessary verification failures.
125
126	However, the usefulness of ``MISC`` in both cases is doubtful.
127	@@ -675,7 +677,7 @@ should provide an ability to obtain the timestamps of all Manifests
128	from a recent timeframe over a secure channel from a trusted source
129	for comparison.
130
131	-Strictly speaking, this information is already provided by the various
132	+Strictly speaking, this information is provided by the various
133	``metadata/timestamp*`` files that are already present. However,
134	including the value in the Manifest itself has a little cost
135	and provides the ability to perform the verification stand-alone.
136	@@ -817,7 +819,7 @@ exposes decompressor vulnerabilities, or a zip bomb.
137
138	The OpenPGP cleartext signature covers the contents of the Manifest,
139	and is therefore compressed along with them. The possibility of using
140	-detached signature has been considered but it was rejected as
141	+a detached signature has been considered but it was rejected as
142	unnecessary complexity for minor gain.
143
144	Technically, a similar result could be effected via moving all the data
145	@@ -829,8 +831,8 @@ The existence of additional entries for uncompressed Manifest checksums
146	was debated. However, plain entries for the uncompressed file would
147	be confusing if only the compressed file existed, and conflicting
148	if both uncompressed and compressed variants existed. Furthermore,
149	-it has been pointed out that ``DIST`` entries do not have uncompressed
150	-variant either.
151	+it has been pointed out that ``DIST`` entries do not have
152	+an uncompressed variant either.
153
154
155	Performance considerations
156	@@ -962,12 +964,13 @@ References
157	(https://www2.cs.arizona.edu/stork/packagemanagersecurity/attacks-on-package-managers.html)
158
159	.. [#DIST] According to Robin H. Johnson, 8.4% of all DIST entries
160	- at the time of writing are duplicate, representing a 2 MiB
161	+ at the time of writing are duplicate, representing 2 MiB
162	out of 25 MiB of DIST entries altogether.
163
164	.. [#GEMATO] gemato: Gentoo Manifest Tool
165	(https://github.com/mgorny/gemato/)
166
167	+
168	Copyright
169	=========
170	This work is licensed under the Creative Commons Attribution-ShareAlike 3.0

Gentoo Archives: gentoo-commits