| 1 |
commit: 9de08400de2f199c2e457edeedd7b88e9a02be8c |
| 2 |
Author: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Mon Nov 13 16:56:46 2017 +0000 |
| 4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Mon Nov 13 16:56:46 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/data/glep.git/commit/?id=9de08400 |
| 7 |
|
| 8 |
glep-0074: Clarify timestamp handling of sub-Manifests |
| 9 |
|
| 10 |
glep-0074.rst | 17 ++++++++++++----- |
| 11 |
1 file changed, 12 insertions(+), 5 deletions(-) |
| 12 |
|
| 13 |
diff --git a/glep-0074.rst b/glep-0074.rst |
| 14 |
index b4dd7a0..e8fc849 100644 |
| 15 |
--- a/glep-0074.rst |
| 16 |
+++ b/glep-0074.rst |
| 17 |
@@ -162,7 +162,7 @@ for which the verification failed. |
| 18 |
Timestamp verification |
| 19 |
---------------------- |
| 20 |
|
| 21 |
-The Manifest file can contain a ``TIMESTAMP`` entry to account |
| 22 |
+The top-level Manifest file can contain a ``TIMESTAMP`` entry to account |
| 23 |
for attacks against tree update distribution. If such an entry |
| 24 |
is present, it should be updated every time at least one |
| 25 |
of the Manifests changes. Every unique timestamp value must correspond |
| 26 |
@@ -180,6 +180,11 @@ using a secure channel from a trusted source for exact comparison. |
| 27 |
The exact details of such a solution are outside the scope of this |
| 28 |
specification. |
| 29 |
|
| 30 |
+``TIMESTAMP`` entries may also be present in sub-Manifests. Those |
| 31 |
+timestamps must not be newer than the timestamp of the top-level |
| 32 |
+Manifest (if present). This specification does not define any specific |
| 33 |
+use for them. |
| 34 |
+ |
| 35 |
|
| 36 |
Modern Manifest tags |
| 37 |
-------------------- |
| 38 |
@@ -190,10 +195,9 @@ The Manifest files can specify the following tags: |
| 39 |
Specifies a timestamp of when the Manifest file was last updated. |
| 40 |
The timestamp must be a valid second-precision ISO8601 extended format |
| 41 |
combined date and time in UTC timezone, i.e. using the following |
| 42 |
- ``strftime()`` format string: ``%Y-%m-%dT%H:%M:%SZ``. Optionally used |
| 43 |
- in the top-level Manifest file. The package manager can use it |
| 44 |
- to detect an outdated repository checkout as described in `Timestamp |
| 45 |
- verification`_. |
| 46 |
+ ``strftime()`` format string: ``%Y-%m-%dT%H:%M:%SZ``. Optional. |
| 47 |
+ The package manager can use it to detect an outdated repository |
| 48 |
+ checkout as described in `Timestamp verification`_. |
| 49 |
|
| 50 |
``MANIFEST <path> <size> <checksums>...`` |
| 51 |
Specifies a sub-Manifest. The sub-Manifest must be verified like |
| 52 |
@@ -605,6 +609,9 @@ in the distribution process, past the Manifest generation phase. Those |
| 53 |
files will most likely receive ``IGNORE`` entries and therefore |
| 54 |
be not suitable to safe use. |
| 55 |
|
| 56 |
+The specification permits additional timestamps in sub-Manifest files |
| 57 |
+for local use. A generic testing tool should ignore them. |
| 58 |
+ |
| 59 |
|
| 60 |
New vs deprecated tags |
| 61 |
---------------------- |
Archives