1 |
robbat2 08/10/28 07:47:53 |
2 |
|
3 |
Modified: glep-0057.html glep-0059.html glep-0060.html |
4 |
glep-0061.html |
5 |
Added: glep-0058.html |
6 |
Log: |
7 |
Regen HTML. |
8 |
|
9 |
Revision Changes Path |
10 |
1.3 xml/htdocs/proj/en/glep/glep-0057.html |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0057.html?rev=1.3&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0057.html?rev=1.3&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0057.html?r1=1.2&r2=1.3 |
15 |
|
16 |
Index: glep-0057.html |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0057.html,v |
19 |
retrieving revision 1.2 |
20 |
retrieving revision 1.3 |
21 |
diff -p -w -b -B -u -u -r1.2 -r1.3 |
22 |
--- glep-0057.html 22 Oct 2008 18:03:40 -0000 1.2 |
23 |
+++ glep-0057.html 28 Oct 2008 07:47:52 -0000 1.3 |
24 |
@@ -27,9 +27,9 @@ |
25 |
</tr> |
26 |
<tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Overview</td> |
27 |
</tr> |
28 |
-<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.1</td> |
29 |
+<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.2</td> |
30 |
</tr> |
31 |
-<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0057.txt?cvsroot=gentoo">2008/10/21 23:30:47</a></td> |
32 |
+<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0057.txt?cvsroot=gentoo">2008/10/28 07:45:07</a></td> |
33 |
</tr> |
34 |
<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson <robbat2 at gentoo.org></td> |
35 |
</tr> |
36 |
@@ -43,6 +43,8 @@ |
37 |
</tr> |
38 |
<tr class="field"><th class="field-name">Updated:</th><td class="field-body">May 2006, October 2006, Novemeber 2007, June 2008, July 2008, October 2008</td> |
39 |
</tr> |
40 |
+<tr class="field"><th class="field-name">Post-History:</th><td class="field-body"></td> |
41 |
+</tr> |
42 |
</tbody> |
43 |
</table> |
44 |
<hr /> |
45 |
@@ -165,10 +167,10 @@ Infrastructure.</li> |
46 |
mirrors (this includes both HTTP and rsync distribution).</li> |
47 |
</ul> |
48 |
</blockquote> |
49 |
-<p>Both processes need their security improved. In [GLEPxx+2] we will discuss |
50 |
+<p>Both processes need their security improved. In [#GLEPxx+2] we will discuss |
51 |
how to improve the security of the first process. The relatively |
52 |
speaking simpler process of file distribution will be described in |
53 |
-[GLEPxx+1]. Since it can be implemented without having to change the |
54 |
+[#GLEP58]. Since it can be implemented without having to change the |
55 |
workflow and behaviour of developers we hope to get it done in a |
56 |
reasonably short timeframe.</p> |
57 |
</div> |
58 |
@@ -207,7 +209,7 @@ modifications to our development process |
59 |
fully authorized to provide materials for distribution. Partial |
60 |
protection can be gained by Portage and Infrastructure changes, but the |
61 |
real improvements needed are developer education and continued |
62 |
-vigilance. This is further discussed in [GLEPxx+2].</p> |
63 |
+vigilance. This is further discussed in [#GLEPxx+2].</p> |
64 |
<p>This security is still limited in scope - protection against compromised |
65 |
developers is very expensive, and even complex systems like peer review |
66 |
/ multiple signatures can be broken by colluding developers. There are many |
67 |
@@ -220,7 +222,7 @@ cannot be complete (as the User may be a |
68 |
that Gentoo infrastructure and the mirrors are not a weak point. This |
69 |
objective is actually much closer than it seems already - most of the |
70 |
work has been completed for other things!. This is further discussed in |
71 |
-[GLEP58]. As this process has the most to gain in security, and the |
72 |
+[#GLEP58]. As this process has the most to gain in security, and the |
73 |
most immediate impact, it should be implemented before or at the same |
74 |
time as any changes to process #1. Security at this layer is already |
75 |
available in the signed daily snapshots, but we can extend it to cover |
76 |
@@ -378,7 +380,7 @@ Open Publication License, v1.0.</p> |
77 |
<div class="footer"> |
78 |
<hr class="footer" /> |
79 |
<a class="reference external" href="glep-0057.txt">View document source</a>. |
80 |
-Generated on: 2008-10-22 18:02 UTC. |
81 |
+Generated on: 2008-10-28 07:47 UTC. |
82 |
Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. |
83 |
|
84 |
</div> |
85 |
|
86 |
|
87 |
|
88 |
1.3 xml/htdocs/proj/en/glep/glep-0059.html |
89 |
|
90 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?rev=1.3&view=markup |
91 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?rev=1.3&content-type=text/plain |
92 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.html?r1=1.2&r2=1.3 |
93 |
|
94 |
Index: glep-0059.html |
95 |
=================================================================== |
96 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0059.html,v |
97 |
retrieving revision 1.2 |
98 |
retrieving revision 1.3 |
99 |
diff -p -w -b -B -u -u -r1.2 -r1.3 |
100 |
--- glep-0059.html 22 Oct 2008 18:03:40 -0000 1.2 |
101 |
+++ glep-0059.html 28 Oct 2008 07:47:52 -0000 1.3 |
102 |
@@ -27,9 +27,9 @@ |
103 |
</tr> |
104 |
<tr class="field"><th class="field-name">Title:</th><td class="field-body">Manifest2 hash policies and security implications</td> |
105 |
</tr> |
106 |
-<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.2</td> |
107 |
+<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.3</td> |
108 |
</tr> |
109 |
-<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0059.txt?cvsroot=gentoo">2008/10/22 17:59:43</a></td> |
110 |
+<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0059.txt?cvsroot=gentoo">2008/10/28 07:45:44</a></td> |
111 |
</tr> |
112 |
<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson <robbat2 at gentoo.org>,</td> |
113 |
</tr> |
114 |
@@ -43,10 +43,12 @@ |
115 |
</tr> |
116 |
<tr class="field"><th class="field-name">Created:</th><td class="field-body">October 2006</td> |
117 |
</tr> |
118 |
-<tr class="field"><th class="field-name">Updated:</th><td class="field-body">November 2007, June 2008, July 2008</td> |
119 |
+<tr class="field"><th class="field-name">Updated:</th><td class="field-body">November 2007, June 2008, July 2008, October 2008</td> |
120 |
</tr> |
121 |
<tr class="field"><th class="field-name">Updates:</th><td class="field-body">44</td> |
122 |
</tr> |
123 |
+<tr class="field"><th class="field-name">Post-History:</th><td class="field-body"></td> |
124 |
+</tr> |
125 |
</tbody> |
126 |
</table> |
127 |
<hr /> |
128 |
@@ -236,7 +238,7 @@ Open Publication License, v1.0.</p> |
129 |
<div class="footer"> |
130 |
<hr class="footer" /> |
131 |
<a class="reference external" href="glep-0059.txt">View document source</a>. |
132 |
-Generated on: 2008-10-22 18:02 UTC. |
133 |
+Generated on: 2008-10-28 07:47 UTC. |
134 |
Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. |
135 |
|
136 |
</div> |
137 |
|
138 |
|
139 |
|
140 |
1.3 xml/htdocs/proj/en/glep/glep-0060.html |
141 |
|
142 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0060.html?rev=1.3&view=markup |
143 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0060.html?rev=1.3&content-type=text/plain |
144 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0060.html?r1=1.2&r2=1.3 |
145 |
|
146 |
Index: glep-0060.html |
147 |
=================================================================== |
148 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0060.html,v |
149 |
retrieving revision 1.2 |
150 |
retrieving revision 1.3 |
151 |
diff -p -w -b -B -u -u -r1.2 -r1.3 |
152 |
--- glep-0060.html 22 Oct 2008 18:03:40 -0000 1.2 |
153 |
+++ glep-0060.html 28 Oct 2008 07:47:52 -0000 1.3 |
154 |
@@ -27,9 +27,9 @@ |
155 |
</tr> |
156 |
<tr class="field"><th class="field-name">Title:</th><td class="field-body">Manifest2 filetypes</td> |
157 |
</tr> |
158 |
-<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.2</td> |
159 |
+<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.3</td> |
160 |
</tr> |
161 |
-<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0060.txt?cvsroot=gentoo">2008/10/22 17:59:43</a></td> |
162 |
+<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0060.txt?cvsroot=gentoo">2008/10/28 07:46:51</a></td> |
163 |
</tr> |
164 |
<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson <robbat2 at gentoo.org></td> |
165 |
</tr> |
166 |
@@ -43,91 +43,81 @@ |
167 |
</tr> |
168 |
<tr class="field"><th class="field-name">Created:</th><td class="field-body">November 2007</td> |
169 |
</tr> |
170 |
-<tr class="field"><th class="field-name">Updated:</th><td class="field-body">June 2008, July 2008</td> |
171 |
+<tr class="field"><th class="field-name">Updated:</th><td class="field-body">June 2008, July 2008, October 2008</td> |
172 |
</tr> |
173 |
<tr class="field"><th class="field-name">Updates:</th><td class="field-body">44</td> |
174 |
</tr> |
175 |
+<tr class="field"><th class="field-name">Post-History:</th><td class="field-body"></td> |
176 |
+</tr> |
177 |
</tbody> |
178 |
</table> |
179 |
<hr /> |
180 |
<div class="contents topic" id="contents"> |
181 |
<p class="topic-title first">Contents</p> |
182 |
<ul class="simple"> |
183 |
-<li><a class="reference internal" href="#abstract" id="id16">Abstract</a></li> |
184 |
-<li><a class="reference internal" href="#motivation" id="id17">Motivation</a></li> |
185 |
-<li><a class="reference internal" href="#specification" id="id18">Specification</a><ul> |
186 |
-<li><a class="reference internal" href="#general" id="id19">General</a></li> |
187 |
-<li><a class="reference internal" href="#excluded-files" id="id20">Excluded files</a></li> |
188 |
-<li><a class="reference internal" href="#existing-filetypes" id="id21">Existing filetypes:</a><ul> |
189 |
-<li><a class="reference internal" href="#aux" id="id22">AUX</a></li> |
190 |
-<li><a class="reference internal" href="#ebuild" id="id23">EBUILD</a></li> |
191 |
-<li><a class="reference internal" href="#dist" id="id24">DIST</a></li> |
192 |
-<li><a class="reference internal" href="#misc" id="id25">MISC</a></li> |
193 |
-</ul> |
194 |
-</li> |
195 |
-<li><a class="reference internal" href="#new-filetypes" id="id26">New filetypes:</a><ul> |
196 |
-<li><a class="reference internal" href="#info-new-abstract" id="id27">_INFO (new, abstract)</a></li> |
197 |
-<li><a class="reference internal" href="#crit-new-abstract" id="id28">_CRIT (new, abstract)</a></li> |
198 |
-<li><a class="reference internal" href="#id9" id="id29">EBUILD</a></li> |
199 |
-<li><a class="reference internal" href="#id10" id="id30">DIST</a></li> |
200 |
-<li><a class="reference internal" href="#id11" id="id31">MISC</a></li> |
201 |
-<li><a class="reference internal" href="#manifest-new" id="id32">MANIFEST (new)</a></li> |
202 |
-<li><a class="reference internal" href="#eclass-new" id="id33">ECLASS (new)</a></li> |
203 |
-<li><a class="reference internal" href="#data-new" id="id34">DATA (new)</a></li> |
204 |
-<li><a class="reference internal" href="#exec-new" id="id35">EXEC (new)</a></li> |
205 |
-<li><a class="reference internal" href="#unknown-new" id="id36">UNKNOWN (new)</a></li> |
206 |
-</ul> |
207 |
-</li> |
208 |
-<li><a class="reference internal" href="#on-bloat" id="id37">On Bloat</a></li> |
209 |
-<li><a class="reference internal" href="#chosing-a-filetype" id="id38">Chosing a filetype</a></li> |
210 |
-</ul> |
211 |
-</li> |
212 |
-<li><a class="reference internal" href="#backwards-compatibility" id="id39">Backwards Compatibility</a></li> |
213 |
-<li><a class="reference internal" href="#thanks-to" id="id40">Thanks to</a></li> |
214 |
-<li><a class="reference internal" href="#references" id="id41">References</a></li> |
215 |
-<li><a class="reference internal" href="#copyright" id="id42">Copyright</a></li> |
216 |
+<li><a class="reference internal" href="#abstract" id="id4">Abstract</a></li> |
217 |
+<li><a class="reference internal" href="#motivation" id="id5">Motivation</a></li> |
218 |
+<li><a class="reference internal" href="#specification" id="id6">Specification</a><ul> |
219 |
+<li><a class="reference internal" href="#general" id="id7">General</a></li> |
220 |
+<li><a class="reference internal" href="#excluded-files" id="id8">Excluded files</a></li> |
221 |
+<li><a class="reference internal" href="#existing-filetypes" id="id9">Existing filetypes:</a><ul> |
222 |
+<li><a class="reference internal" href="#aux" id="id10">AUX</a></li> |
223 |
+<li><a class="reference internal" href="#ebuild" id="id11">EBUILD</a></li> |
224 |
+<li><a class="reference internal" href="#dist" id="id12">DIST</a></li> |
225 |
+<li><a class="reference internal" href="#misc" id="id13">MISC</a></li> |
226 |
+</ul> |
227 |
+</li> |
228 |
+<li><a class="reference internal" href="#new-filetypes" id="id14">New filetypes:</a><ul> |
229 |
+<li><a class="reference internal" href="#info-new-abstract" id="id15">_INFO (new, abstract)</a></li> |
230 |
+<li><a class="reference internal" href="#crit-new-abstract" id="id16">_CRIT (new, abstract)</a></li> |
231 |
+<li><a class="reference internal" href="#id1" id="id17">EBUILD</a></li> |
232 |
+<li><a class="reference internal" href="#id2" id="id18">DIST</a></li> |
233 |
+<li><a class="reference internal" href="#id3" id="id19">MISC</a></li> |
234 |
+<li><a class="reference internal" href="#manifest-new" id="id20">MANIFEST (new)</a></li> |
235 |
+<li><a class="reference internal" href="#eclass-new" id="id21">ECLASS (new)</a></li> |
236 |
+<li><a class="reference internal" href="#data-new" id="id22">DATA (new)</a></li> |
237 |
+<li><a class="reference internal" href="#exec-new" id="id23">EXEC (new)</a></li> |
238 |
+<li><a class="reference internal" href="#unknown-new" id="id24">UNKNOWN (new)</a></li> |
239 |
+</ul> |
240 |
+</li> |
241 |
+<li><a class="reference internal" href="#on-bloat" id="id25">On Bloat</a></li> |
242 |
+<li><a class="reference internal" href="#chosing-a-filetype" id="id26">Chosing a filetype</a></li> |
243 |
+</ul> |
244 |
+</li> |
245 |
+<li><a class="reference internal" href="#backwards-compatibility" id="id27">Backwards Compatibility</a></li> |
246 |
+<li><a class="reference internal" href="#thanks-to" id="id28">Thanks to</a></li> |
247 |
+<li><a class="reference internal" href="#references" id="id29">References</a></li> |
248 |
+<li><a class="reference internal" href="#copyright" id="id30">Copyright</a></li> |
249 |
</ul> |
250 |
</div> |
251 |
<div class="section" id="abstract"> |
252 |
-<h1><a class="toc-backref" href="#id16">Abstract</a></h1> |
253 |
-<p>Clarification of the Manifest2 [GLEP44] specification, including new types to |
254 |
+<h1><a class="toc-backref" href="#id4">Abstract</a></h1> |
255 |
+<p>Clarification of the Manifest2 [#GLEP44] specification, including new types to |
256 |
help in the tree-signing specification.</p> |
257 |
</div> |
258 |
<div class="section" id="motivation"> |
259 |
-<h1><a class="toc-backref" href="#id17">Motivation</a></h1> |
260 |
-<p>[GLEP44] was not entirely clear on the usage of filetype specifiers. |
261 |
+<h1><a class="toc-backref" href="#id5">Motivation</a></h1> |
262 |
+<p>[#GLEP44] was not entirely clear on the usage of filetype specifiers. |
263 |
This document serves to provide some of the internal logic used by |
264 |
Portage at the point of writing, as well as adding new types to cover |
265 |
the rest of the tree, for the purposes of tree-signing coverage.</p> |
266 |
</div> |
267 |
<div class="section" id="specification"> |
268 |
-<h1><a class="toc-backref" href="#id18">Specification</a></h1> |
269 |
+<h1><a class="toc-backref" href="#id6">Specification</a></h1> |
270 |
<div class="section" id="general"> |
271 |
-<h2><a class="toc-backref" href="#id19">General</a></h2> |
272 |
+<h2><a class="toc-backref" href="#id7">General</a></h2> |
273 |
<p>For any given directory with a Manifest file, every file located in that |
274 |
directory, or a sub-directory must be listed in that Manifest file, |
275 |
unless stated otherwise in the following sections. The Manifest file |
276 |
must not contain an entry for itself.</p> |
277 |
</div> |
278 |
<div class="section" id="excluded-files"> |
279 |
-<h2><a class="toc-backref" href="#id20">Excluded files</a></h2> |
280 |
+<h2><a class="toc-backref" href="#id8">Excluded files</a></h2> |
281 |
<p>When generating or validating a Manifest, or commiting to a version |
282 |
control system, the package manager should endeavour to ignore files |
283 |
created by a version control system, backup files from text editors. A |
284 |
-non-exhaustive list is suggested here: CVS/, .svn/, .bzr/, .git/, .hg/, |
285 |
-.#*, <a href="#id1"><span class="problematic" id="id2">*</span></a>.rej, <a href="#id3"><span class="problematic" id="id4">*</span></a>.orig, <a href="#id5"><span class="problematic" id="id6">*</span></a>.bak, <a href="#id7"><span class="problematic" id="id8">*</span></a>~.</p> |
286 |
-<div class="system-message" id="id1"> |
287 |
-<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">glep-0060.txt</tt>, line 37); <em><a href="#id2">backlink</a></em></p> |
288 |
-Inline emphasis start-string without end-string.</div> |
289 |
-<div class="system-message" id="id3"> |
290 |
-<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">glep-0060.txt</tt>, line 37); <em><a href="#id4">backlink</a></em></p> |
291 |
-Inline emphasis start-string without end-string.</div> |
292 |
-<div class="system-message" id="id5"> |
293 |
-<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">glep-0060.txt</tt>, line 37); <em><a href="#id6">backlink</a></em></p> |
294 |
-Inline emphasis start-string without end-string.</div> |
295 |
-<div class="system-message" id="id7"> |
296 |
-<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">glep-0060.txt</tt>, line 37); <em><a href="#id8">backlink</a></em></p> |
297 |
-Inline emphasis start-string without end-string.</div> |
298 |
+non-exhaustive list is suggested here: <tt class="docutils literal"><span class="pre">CVS/</span></tt>, <tt class="docutils literal"><span class="pre">.svn/</span></tt>, <tt class="docutils literal"><span class="pre">.bzr/</span></tt>, |
299 |
+<tt class="docutils literal"><span class="pre">.git/</span></tt>, <tt class="docutils literal"><span class="pre">.hg/</span></tt>, <tt class="docutils literal"><span class="pre">.#*</span></tt>, <tt class="docutils literal"><span class="pre">*.rej</span></tt>, <tt class="docutils literal"><span class="pre">*.orig</span></tt>, <tt class="docutils literal"><span class="pre">*.bak</span></tt>, <tt class="docutils literal"><span class="pre">*~</span></tt>.</p> |
300 |
<p>Additionally, for a transitional Manifest1->Manifest2 system, old-style |
301 |
digest files located in a 'files/' directory, may be excluded from |
302 |
Manifest2 generation, or included with a type of MISC.</p> |
303 |
@@ -136,9 +126,9 @@ during validation if the existence of a |
304 |
security risk.</p> |
305 |
</div> |
306 |
<div class="section" id="existing-filetypes"> |
307 |
-<h2><a class="toc-backref" href="#id21">Existing filetypes:</a></h2> |
308 |
+<h2><a class="toc-backref" href="#id9">Existing filetypes:</a></h2> |
309 |
<div class="section" id="aux"> |
310 |
-<h3><a class="toc-backref" href="#id22">AUX</a></h3> |
311 |
+<h3><a class="toc-backref" href="#id10">AUX</a></h3> |
312 |
<ul class="simple"> |
313 |
<li>The AUX type is used for all items under the 'files' subdirectory.</li> |
314 |
<li>They should be verified relative to $FILESDIR.</li> |
315 |
@@ -150,7 +140,7 @@ modified or absent.</li> |
316 |
</ul> |
317 |
</div> |
318 |
<div class="section" id="ebuild"> |
319 |
-<h3><a class="toc-backref" href="#id23">EBUILD</a></h3> |
320 |
+<h3><a class="toc-backref" href="#id11">EBUILD</a></h3> |
321 |
<ul class="simple"> |
322 |
<li>The EBUILD type is used solely for files ending in .ebuild, or other |
323 |
suffixes as defined by the EAPI.</li> |
324 |
@@ -160,7 +150,7 @@ treated as an error.</li> |
325 |
</ul> |
326 |
</div> |
327 |
<div class="section" id="dist"> |
328 |
-<h3><a class="toc-backref" href="#id24">DIST</a></h3> |
329 |
+<h3><a class="toc-backref" href="#id12">DIST</a></h3> |
330 |
<ul class="simple"> |
331 |
<li>The DIST type is used for distfiles</li> |
332 |
<li>They may be found directly via the $DISTDIR setting of the package |
333 |
@@ -171,7 +161,7 @@ fetch or unpack).</li> |
334 |
</ul> |
335 |
</div> |
336 |
<div class="section" id="misc"> |
337 |
-<h3><a class="toc-backref" href="#id25">MISC</a></h3> |
338 |
+<h3><a class="toc-backref" href="#id13">MISC</a></h3> |
339 |
<ul class="simple"> |
340 |
<li>The MISC type covers all remaining files in a directory.</li> |
341 |
<li>MISC is intended to mark all content that was not used in |
342 |
@@ -186,9 +176,9 @@ been deleted from the tree.</li> |
343 |
</div> |
344 |
</div> |
345 |
<div class="section" id="new-filetypes"> |
346 |
-<h2><a class="toc-backref" href="#id26">New filetypes:</a></h2> |
347 |
+<h2><a class="toc-backref" href="#id14">New filetypes:</a></h2> |
348 |
<div class="section" id="info-new-abstract"> |
349 |
-<h3><a class="toc-backref" href="#id27">_INFO (new, abstract)</a></h3> |
350 |
+<h3><a class="toc-backref" href="#id15">_INFO (new, abstract)</a></h3> |
351 |
<ul class="simple"> |
352 |
<li>This is the functionality of the old AUX, but does not include the |
353 |
implicit 'files/' prefix in the path, and is verified relative to the |
354 |
@@ -198,36 +188,36 @@ is not an error unless the package manag |
355 |
</ul> |
356 |
</div> |
357 |
<div class="section" id="crit-new-abstract"> |
358 |
-<h3><a class="toc-backref" href="#id28">_CRIT (new, abstract)</a></h3> |
359 |
+<h3><a class="toc-backref" href="#id16">_CRIT (new, abstract)</a></h3> |
360 |
<ul class="simple"> |
361 |
<li>_CRIT is based off the _INFO type.</li> |
362 |
<li>The modification or absence of a file listed as a _CRIT-derived type |
363 |
must be treated as an error.</li> |
364 |
</ul> |
365 |
</div> |
366 |
-<div class="section" id="id9"> |
367 |
-<h3><a class="toc-backref" href="#id29">EBUILD</a></h3> |
368 |
+<div class="section" id="id1"> |
369 |
+<h3><a class="toc-backref" href="#id17">EBUILD</a></h3> |
370 |
<ul class="simple"> |
371 |
<li>Now derived from _CRIT.</li> |
372 |
<li>Otherwise unchanged.</li> |
373 |
</ul> |
374 |
</div> |
375 |
-<div class="section" id="id10"> |
376 |
-<h3><a class="toc-backref" href="#id30">DIST</a></h3> |
377 |
+<div class="section" id="id2"> |
378 |
+<h3><a class="toc-backref" href="#id18">DIST</a></h3> |
379 |
<ul class="simple"> |
380 |
<li>Now derived from _CRIT.</li> |
381 |
<li>Otherwise unchanged.</li> |
382 |
</ul> |
383 |
</div> |
384 |
-<div class="section" id="id11"> |
385 |
-<h3><a class="toc-backref" href="#id31">MISC</a></h3> |
386 |
+<div class="section" id="id3"> |
387 |
+<h3><a class="toc-backref" href="#id19">MISC</a></h3> |
388 |
<ul class="simple"> |
389 |
<li>Now derived from _INFO.</li> |
390 |
<li>Otherwise unchanged.</li> |
391 |
</ul> |
392 |
</div> |
393 |
<div class="section" id="manifest-new"> |
394 |
-<h3><a class="toc-backref" href="#id32">MANIFEST (new)</a></h3> |
395 |
+<h3><a class="toc-backref" href="#id20">MANIFEST (new)</a></h3> |
396 |
<ul class="simple"> |
397 |
<li>The MANIFEST type is explicitly to cover all nested Manifest files.</li> |
398 |
<li>During validation, this serves as an indicator that the package |
399 |
@@ -241,7 +231,7 @@ Deletion of an entire category is not.</ |
400 |
</ul> |
401 |
</div> |
402 |
<div class="section" id="eclass-new"> |
403 |
-<h3><a class="toc-backref" href="#id33">ECLASS (new)</a></h3> |
404 |
+<h3><a class="toc-backref" href="#id21">ECLASS (new)</a></h3> |
405 |
<ul class="simple"> |
406 |
<li>uses _CRIT.</li> |
407 |
<li>This type shall be used for all eclasses only.</li> |
408 |
@@ -249,7 +239,7 @@ Deletion of an entire category is not.</ |
409 |
</ul> |
410 |
</div> |
411 |
<div class="section" id="data-new"> |
412 |
-<h3><a class="toc-backref" href="#id34">DATA (new)</a></h3> |
413 |
+<h3><a class="toc-backref" href="#id22">DATA (new)</a></h3> |
414 |
<ul class="simple"> |
415 |
<li>uses _CRIT.</li> |
416 |
<li>The DATA type shall be used for all files that directly affect the |
417 |
@@ -257,7 +247,7 @@ package manager, such as metadata/cache/ |
418 |
</ul> |
419 |
</div> |
420 |
<div class="section" id="exec-new"> |
421 |
-<h3><a class="toc-backref" href="#id35">EXEC (new)</a></h3> |
422 |
+<h3><a class="toc-backref" href="#id23">EXEC (new)</a></h3> |
423 |
<ul class="simple"> |
424 |
<li>uses _CRIT.</li> |
425 |
<li>If the file gets sourced, executed, or causes a change (patches) in |
426 |
@@ -268,7 +258,7 @@ repository for important files.</li> |
427 |
</ul> |
428 |
</div> |
429 |
<div class="section" id="unknown-new"> |
430 |
-<h3><a class="toc-backref" href="#id36">UNKNOWN (new)</a></h3> |
431 |
+<h3><a class="toc-backref" href="#id24">UNKNOWN (new)</a></h3> |
432 |
<ul class="simple"> |
433 |
<li>uses _CRIT.</li> |
434 |
<li>All other files that are not covered by another type should be |
435 |
@@ -277,14 +267,14 @@ considered as 'UNKNOWN'.</li> |
436 |
</div> |
437 |
</div> |
438 |
<div class="section" id="on-bloat"> |
439 |
-<h2><a class="toc-backref" href="#id37">On Bloat</a></h2> |
440 |
+<h2><a class="toc-backref" href="#id25">On Bloat</a></h2> |
441 |
<p>If repeated use of a common path prefix is considered a bloat problem, a |
442 |
Manifest file should be added inside the common directory, however this |
443 |
should not be done blindly, as bloat by inodes is more significant for |
444 |
the majority of use cases.</p> |
445 |
</div> |
446 |
<div class="section" id="chosing-a-filetype"> |
447 |
-<h2><a class="toc-backref" href="#id38">Chosing a filetype</a></h2> |
448 |
+<h2><a class="toc-backref" href="#id26">Chosing a filetype</a></h2> |
449 |
<ol class="arabic"> |
450 |
<li><dl class="first docutils"> |
451 |
<dt>matches Manifest</dt> |
452 |
@@ -293,22 +283,14 @@ the majority of use cases.</p> |
453 |
</dl> |
454 |
</li> |
455 |
<li><dl class="first docutils"> |
456 |
-<dt>matches <a href="#id12"><span class="problematic" id="id13">*</span></a>.ebuild</dt> |
457 |
-<dd><div class="first system-message" id="id12"> |
458 |
-<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">glep-0060.txt</tt>, line 174); <em><a href="#id13">backlink</a></em></p> |
459 |
-<p>Inline emphasis start-string without end-string.</p> |
460 |
-</div> |
461 |
-<p class="last">=> EBUILD, stop.</p> |
462 |
+<dt>matches <tt class="docutils literal"><span class="pre">*.ebuild</span></tt></dt> |
463 |
+<dd><p class="first last">=> EBUILD, stop.</p> |
464 |
</dd> |
465 |
</dl> |
466 |
</li> |
467 |
<li><dl class="first docutils"> |
468 |
-<dt>matches <a href="#id14"><span class="problematic" id="id15">*</span></a>.eclass</dt> |
469 |
-<dd><div class="first system-message" id="id14"> |
470 |
-<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">glep-0060.txt</tt>, line 176); <em><a href="#id15">backlink</a></em></p> |
471 |
-<p>Inline emphasis start-string without end-string.</p> |
472 |
-</div> |
473 |
-<p class="last">=> ECLASS, stop.</p> |
474 |
+<dt>matches <tt class="docutils literal"><span class="pre">*.eclass</span></tt></dt> |
475 |
+<dd><p class="first last">=> ECLASS, stop.</p> |
476 |
</dd> |
477 |
</dl> |
478 |
</li> |
479 |
@@ -319,25 +301,25 @@ the majority of use cases.</p> |
480 |
</dl> |
481 |
</li> |
482 |
<li><dl class="first docutils"> |
483 |
-<dt>matches files/*</dt> |
484 |
+<dt>matches <tt class="docutils literal"><span class="pre">files/*</span></tt></dt> |
485 |
<dd><p class="first last">=> AUX, continue [see note].</p> |
486 |
</dd> |
487 |
</dl> |
488 |
</li> |
489 |
<li><dl class="first docutils"> |
490 |
-<dt>matches {<em>.sh,</em>.bashrc,*.patch,...}</dt> |
491 |
+<dt>matches any of <tt class="docutils literal"><span class="pre">*.sh</span></tt>, <tt class="docutils literal"><span class="pre">*.bashrc</span></tt>, <tt class="docutils literal"><span class="pre">*.patch</span></tt>, ...</dt> |
492 |
<dd><p class="first last">=> EXEC, stop.</p> |
493 |
</dd> |
494 |
</dl> |
495 |
</li> |
496 |
<li><dl class="first docutils"> |
497 |
-<dt>matches {metadata/cache/<em>,profiles/,package.</em>,use.mask*,...}</dt> |
498 |
+<dt>matches any of <tt class="docutils literal"><span class="pre">metadata/cache/*</span></tt>, <tt class="docutils literal"><span class="pre">profiles/</span></tt>, <tt class="docutils literal"><span class="pre">package.*</span></tt>, <tt class="docutils literal"><span class="pre">use.mask*</span></tt>, ...</dt> |
499 |
<dd><p class="first last">=> DATA, stop.</p> |
500 |
</dd> |
501 |
</dl> |
502 |
</li> |
503 |
<li><dl class="first docutils"> |
504 |
-<dt>matches {ChangeLog,metadata.xml,*.desc,...}</dt> |
505 |
+<dt>matches any of <tt class="docutils literal"><span class="pre">ChangeLog</span></tt>, <tt class="docutils literal"><span class="pre">metadata.xml</span></tt>, <tt class="docutils literal"><span class="pre">*.desc</span></tt>, ...</dt> |
506 |
<dd><p class="first last">=> MISC, stop.</p> |
507 |
</dd> |
508 |
</dl> |
509 |
@@ -351,32 +333,32 @@ the majority of use cases.</p> |
510 |
</ol> |
511 |
<p>The logic behind 5, 6, 7 is ensuring that every item that by it's |
512 |
presence or absense may be dangerous should always be treated strictly. |
513 |
-(Consider epatch given a directory of patches ${FILESDIR}/${PV}/, where |
514 |
-it blindly includes them, or alternatively, the package.mask file or a |
515 |
-profile being altered/missing).</p> |
516 |
+(Consider epatch given a directory of patches <tt class="docutils literal"><span class="pre">${FILESDIR}/${PV}/</span></tt>, |
517 |
+where it blindly includes them, or alternatively, the package.mask file |
518 |
+or a profile being altered/missing).</p> |
519 |
<p>Note: The AUX entries should only be generated if we are generating a |
520 |
compatible Manifest that supports older versions of Portage. They should |
521 |
be generated along with the new type.</p> |
522 |
</div> |
523 |
</div> |
524 |
<div class="section" id="backwards-compatibility"> |
525 |
-<h1><a class="toc-backref" href="#id39">Backwards Compatibility</a></h1> |
526 |
+<h1><a class="toc-backref" href="#id27">Backwards Compatibility</a></h1> |
527 |
<p>For generation of existing package Manifests, the AUX entries must |
528 |
continue to be present for the standard Portage deprecation cycle. |
529 |
The new entries may be included already in all Manifest files, as they |
530 |
will be ignored by older Portage versions. Over time, ECLASS, DATA, |
531 |
EXEC, UNKNOWN may replace the existing AUX type.</p> |
532 |
-<p>The adoption of this proposal does also affect [GLEPxx+1] as part of |
533 |
+<p>The adoption of this proposal does also affect [#GLEP58] as part of |
534 |
this GLEP series, however this GLEP was an offset of the research in |
535 |
that GLEP.</p> |
536 |
</div> |
537 |
<div class="section" id="thanks-to"> |
538 |
-<h1><a class="toc-backref" href="#id40">Thanks to</a></h1> |
539 |
+<h1><a class="toc-backref" href="#id28">Thanks to</a></h1> |
540 |
<p>I'd like to thank the following people for input on this GLEP. |
541 |
- Marius Mauch (genone) & Zac Medico (zmedico): Portage Manifest2</p> |
542 |
</div> |
543 |
<div class="section" id="references"> |
544 |
-<h1><a class="toc-backref" href="#id41">References</a></h1> |
545 |
+<h1><a class="toc-backref" href="#id29">References</a></h1> |
546 |
<table class="docutils footnote" frame="void" id="glep44" rules="none"> |
547 |
<colgroup><col class="label" /><col /></colgroup> |
548 |
<tbody valign="top"> |
549 |
@@ -386,7 +368,7 @@ that GLEP.</p> |
550 |
</table> |
551 |
</div> |
552 |
<div class="section" id="copyright"> |
553 |
-<h1><a class="toc-backref" href="#id42">Copyright</a></h1> |
554 |
+<h1><a class="toc-backref" href="#id30">Copyright</a></h1> |
555 |
<p>Copyright (c) 2007 by Robin Hugh Johnson. This material may be |
556 |
distributed only subject to the terms and conditions set forth in the |
557 |
Open Publication License, v1.0.</p> |
558 |
@@ -397,7 +379,7 @@ Open Publication License, v1.0.</p> |
559 |
<div class="footer"> |
560 |
<hr class="footer" /> |
561 |
<a class="reference external" href="glep-0060.txt">View document source</a>. |
562 |
-Generated on: 2008-10-22 18:02 UTC. |
563 |
+Generated on: 2008-10-28 07:47 UTC. |
564 |
Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. |
565 |
|
566 |
</div> |
567 |
|
568 |
|
569 |
|
570 |
1.3 xml/htdocs/proj/en/glep/glep-0061.html |
571 |
|
572 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0061.html?rev=1.3&view=markup |
573 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0061.html?rev=1.3&content-type=text/plain |
574 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0061.html?r1=1.2&r2=1.3 |
575 |
|
576 |
Index: glep-0061.html |
577 |
=================================================================== |
578 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0061.html,v |
579 |
retrieving revision 1.2 |
580 |
retrieving revision 1.3 |
581 |
diff -p -w -b -B -u -u -r1.2 -r1.3 |
582 |
--- glep-0061.html 22 Oct 2008 18:03:40 -0000 1.2 |
583 |
+++ glep-0061.html 28 Oct 2008 07:47:52 -0000 1.3 |
584 |
@@ -27,9 +27,9 @@ |
585 |
</tr> |
586 |
<tr class="field"><th class="field-name">Title:</th><td class="field-body">Manifest2 compression</td> |
587 |
</tr> |
588 |
-<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.1</td> |
589 |
+<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.2</td> |
590 |
</tr> |
591 |
-<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0061.txt?cvsroot=gentoo">2008/10/21 23:30:47</a></td> |
592 |
+<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0061.txt?cvsroot=gentoo">2008/10/28 07:45:56</a></td> |
593 |
</tr> |
594 |
<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson <robbat2 at gentoo.org></td> |
595 |
</tr> |
596 |
@@ -43,8 +43,12 @@ |
597 |
</tr> |
598 |
<tr class="field"><th class="field-name">Created:</th><td class="field-body">July 2008</td> |
599 |
</tr> |
600 |
+<tr class="field"><th class="field-name">Updated:</th><td class="field-body">October 2008</td> |
601 |
+</tr> |
602 |
<tr class="field"><th class="field-name">Updates:</th><td class="field-body">44</td> |
603 |
</tr> |
604 |
+<tr class="field"><th class="field-name">Post-History:</th><td class="field-body"></td> |
605 |
+</tr> |
606 |
</tbody> |
607 |
</table> |
608 |
<hr /> |
609 |
@@ -123,7 +127,7 @@ Open Publication License, v1.0.</p> |
610 |
<div class="footer"> |
611 |
<hr class="footer" /> |
612 |
<a class="reference external" href="glep-0061.txt">View document source</a>. |
613 |
-Generated on: 2008-10-22 18:02 UTC. |
614 |
+Generated on: 2008-10-28 07:47 UTC. |
615 |
Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. |
616 |
|
617 |
</div> |
618 |
|
619 |
|
620 |
|
621 |
1.1 xml/htdocs/proj/en/glep/glep-0058.html |
622 |
|
623 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.html?rev=1.1&view=markup |
624 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.html?rev=1.1&content-type=text/plain |
625 |
|
626 |
Index: glep-0058.html |
627 |
=================================================================== |
628 |
<?xml version="1.0" encoding="utf-8" ?> |
629 |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
630 |
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
631 |
|
632 |
<head> |
633 |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
634 |
<meta name="generator" content="Docutils 0.5: http://docutils.sourceforge.net/" /> |
635 |
<title>GLEP 58 -- Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest</title> |
636 |
<link rel="stylesheet" href="tools/glep.css" type="text/css" /></head> |
637 |
<body bgcolor="white"> |
638 |
<table class="navigation" cellpadding="0" cellspacing="0" |
639 |
width="100%" border="0"> |
640 |
<tr><td class="navicon" width="150" height="35"> |
641 |
<a href="http://www.gentoo.org/" title="Gentoo Linux Home Page"> |
642 |
<img src="http://www.gentoo.org/images/gentoo-new.gif" alt="[Gentoo]" |
643 |
border="0" width="150" height="35" /></a></td> |
644 |
<td class="textlinks" align="left"> |
645 |
[<b><a href="http://www.gentoo.org/">Gentoo Linux Home</a></b>] |
646 |
[<b><a href="http://www.gentoo.org/proj/en/glep">GLEP Index</a></b>] |
647 |
[<b><a href="http://www.gentoo.org/proj/en/glep/glep-0058.txt">GLEP Source</a></b>] |
648 |
</td></tr></table> |
649 |
<table class="rfc2822 docutils field-list" frame="void" rules="none"> |
650 |
<col class="field-name" /> |
651 |
<col class="field-body" /> |
652 |
<tbody valign="top"> |
653 |
<tr class="field"><th class="field-name">GLEP:</th><td class="field-body">58</td> |
654 |
</tr> |
655 |
<tr class="field"><th class="field-name">Title:</th><td class="field-body">Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest</td> |
656 |
</tr> |
657 |
<tr class="field"><th class="field-name">Version:</th><td class="field-body">1.4</td> |
658 |
</tr> |
659 |
<tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0058.txt?cvsroot=gentoo">2008/10/28 07:45:27</a></td> |
660 |
</tr> |
661 |
<tr class="field"><th class="field-name">Author:</th><td class="field-body">Robin Hugh Johnson <robbat2 at gentoo.org>,</td> |
662 |
</tr> |
663 |
<tr class="field"><th class="field-name">Status:</th><td class="field-body">Draft</td> |
664 |
</tr> |
665 |
<tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td> |
666 |
</tr> |
667 |
<tr class="field"><th class="field-name">Content-Type:</th><td class="field-body"><a class="reference external" href="glep-0002.html">text/x-rst</a></td> |
668 |
</tr> |
669 |
<tr class="field"><th class="field-name">Requires:</th><td class="field-body"><a class="reference external" href="http://www.gentoo.org/proj/en/glepglep-0044.html">44</a> <a class="reference external" href="http://www.gentoo.org/proj/en/glepglep-0060.html">60</a></td> |
670 |
</tr> |
671 |
<tr class="field"><th class="field-name">Created:</th><td class="field-body">October 2006</td> |
672 |
</tr> |
673 |
<tr class="field"><th class="field-name">Updated:</th><td class="field-body">November 2007, June 2008, July 2008, October 2008</td> |
674 |
</tr> |
675 |
<tr class="field"><th class="field-name">Post-History:</th><td class="field-body"></td> |
676 |
</tr> |
677 |
</tbody> |
678 |
</table> |
679 |
<hr /> |
680 |
<div class="contents topic" id="contents"> |
681 |
<p class="topic-title first">Contents</p> |
682 |
<ul class="simple"> |
683 |
<li><a class="reference internal" href="#abstract" id="id1">Abstract</a></li> |
684 |
<li><a class="reference internal" href="#motivation" id="id2">Motivation</a></li> |
685 |
<li><a class="reference internal" href="#specification" id="id3">Specification</a><ul> |
686 |
<li><a class="reference internal" href="#procedure-for-creating-the-metamanifest-file" id="id4">Procedure for creating the MetaManifest file:</a></li> |
687 |
<li><a class="reference internal" href="#verification-of-one-or-more-items-from-the-metamanifest" id="id5">Verification of one or more items from the MetaManifest:</a></li> |
688 |
<li><a class="reference internal" href="#procedure-for-verifying-an-item-in-the-metamanifest" id="id6">Procedure for verifying an item in the MetaManifest:</a><ul> |
689 |
<li><a class="reference internal" href="#notes" id="id7">Notes:</a></li> |
690 |
</ul> |
691 |
</li> |
692 |
</ul> |
693 |
</li> |
694 |
<li><a class="reference internal" href="#implementation-notes" id="id8">Implementation Notes</a><ul> |
695 |
<li><a class="reference internal" href="#metamanifest-and-the-new-manifest2-filetypes" id="id9">MetaManifest and the new Manifest2 filetypes</a></li> |
696 |
<li><a class="reference internal" href="#timestamps-additional-distribution-of-metamanifest" id="id10">Timestamps & Additional distribution of MetaManifest</a></li> |
697 |
<li><a class="reference internal" href="#metamanifest-size-considerations" id="id11">MetaManifest size considerations</a></li> |
698 |
</ul> |
699 |
</li> |
700 |
<li><a class="reference internal" href="#backwards-compatibility" id="id12">Backwards Compatibility</a></li> |
701 |
<li><a class="reference internal" href="#thanks" id="id13">Thanks</a></li> |
702 |
<li><a class="reference internal" href="#references" id="id14">References</a></li> |
703 |
<li><a class="reference internal" href="#copyright" id="id15">Copyright</a></li> |
704 |
</ul> |
705 |
</div> |
706 |
<div class="section" id="abstract"> |
707 |
<h1><a class="toc-backref" href="#id1">Abstract</a></h1> |
708 |
<p>MetaManifest provides a means of verifiable distribution from Gentoo |
709 |
Infrastructure to a user system, while data is conveyed over completely |
710 |
untrusted networks and system, by extending the Manifest2 specification, |
711 |
and adding a top-level Manifest file, with support for other nested |
712 |
Manifests.</p> |
713 |
</div> |
714 |
<div class="section" id="motivation"> |
715 |
<h1><a class="toc-backref" href="#id2">Motivation</a></h1> |
716 |
<p>As part of a comprehensive security plan, we need a way to prove that |
717 |
something originating from Gentoo as an organization (read Gentoo-owned |
718 |
hardware, run by infrastructure), has not been tampered with. This |
719 |
allows the usage of third-party rsync mirrors, without worrying that |
720 |
they have modified something critical (e.g. eclasses, which are still |
721 |
unsigned).</p> |
722 |
<p>Securing the untrusted distribution is one of the easier tasks in the |
723 |
security plan - in short, all that is required is having a hash of every |
724 |
item in the tree, and signing that hash to prove it came from Gentoo.</p> |
725 |
<p>Ironically we have a hashed and signed distribution (it's just not used |
726 |
by most users, due to it's drawbacks): Our tree snapshot tarballs have |
727 |
hashes and signatures.</p> |
728 |
<p>So now we want to add the same verification to our material that is |
729 |
distributed by rsync. We already provide hashes of subsets of the tree - |
730 |
our Manifests protect individual packages. However metadata, eclasses |
731 |
and profiles are not protected at this time. The directories of |
732 |
packages and distfiles are NOT covered by this, as they are not |
733 |
distributed by rsync.</p> |
734 |
<p>This portion of the tree-signing work provides only the following |
735 |
guarantee: A user can prove that the tree from the Gentoo infrastructure |
736 |
has not been tampered with since leaving the Gentoo infrastructure. |
737 |
No other guarantees, either implicit or explicit are made.</p> |
738 |
<p>Additionally, distributing a set of the most recent MetaManifests from a |
739 |
trusted source allows validation of trees that come from community |
740 |
mirrors, and allows detection of all cases of malicious mirrors (either |
741 |
by deliberate delay, replay [C08a, C08b] or alteration).</p> |
742 |
</div> |
743 |
<div class="section" id="specification"> |
744 |
<h1><a class="toc-backref" href="#id3">Specification</a></h1> |
745 |
<p>For lack of a better name, the following solution should be known as the |
746 |
MetaManifest. Those responsible for the name have already been sacked.</p> |
747 |
<p>MetaManifest basically contains hashes of every file in the tree, either |
748 |
directly or indirectly. The direct case applies to ANY file that does |
749 |
not appear in an existing Manifest file (e.g. eclasses, Manifest files |
750 |
themselves). The indirect case is covered by the CONTENTS of existing |
751 |
Manifest files. If the Manifest itself is correct, we know that by |
752 |
tracking the hash of the Manifest, we can be assured that the contents |
753 |
are protected.</p> |
754 |
<p>In the following, the MetaManifest file is a file named 'Manifest', |
755 |
located at the root of a repository.</p> |
756 |
<div class="section" id="procedure-for-creating-the-metamanifest-file"> |
757 |
<h2><a class="toc-backref" href="#id4">Procedure for creating the MetaManifest file:</a></h2> |
758 |
<ol class="arabic simple"> |
759 |
<li>Start at the root of the Gentoo Portage tree (gentoo-x86, although |
760 |
this procedure applies to overlays as well).</li> |
761 |
<li>Initialize two unordered sets: COVERED, ALL.<ol class="arabic"> |
762 |
<li>'ALL' will contain every file in the tree.</li> |
763 |
<li>'COVERED' will contain every file that is mentioned in an existing |
764 |
Manifest2.</li> |
765 |
</ol> |
766 |
</li> |
767 |
<li>Traverse the tree, depth-first.<ol class="arabic"> |
768 |
<li>At the top level only, ignore the following directories: distfiles, |
769 |
packages, local</li> |
770 |
<li>If a directory contains a Manifest file, extract all relevant local |
771 |
files from it (presently: AUX, MISC, EBUILD; but should follow the |
772 |
evolution of Manifest2 entry types per [#GLEP60]), and place them |
773 |
into the COVERED set.</li> |
774 |
<li>Recursively add every file in the directory to the ALL set, |
775 |
pursusant to the exclusion list as mentioned in [#GLEP60].</li> |
776 |
</ol> |
777 |
</li> |
778 |
<li>Produce a new set, UNCOVERED, as the set-difference (ALL)-(COVERED). |
779 |
This is every item that is not covered by another Manifest, or part |
780 |
of an exclusion list.</li> |
781 |
<li>If an existing MetaManifest file is present, remove it.</li> |
782 |
<li>For each file in UNCOVERED, assign a Manifest2 type, produce the |
783 |
hashes, and add with the filetype to the MetaManifest file.</li> |
784 |
<li>For unique identification of the MetaManifest, a header line should |
785 |
be included, using the exact contents of the metadata/timestamp.x |
786 |
file, so that a MetaManifest may be tied back to a tree as |
787 |
distributed by the rsync mirror system. The string of |
788 |
'metadata/timestamp.x' should be included to identify this revision |
789 |
of MetaManifest generation. Eg: |
790 |
"Timestamp: metadata/timestamp.x: 1215722461 Thu Jul 10 20:41:01 2008 UTC" |
791 |
The package manager MUST not use the identifying string as a filename.</li> |
792 |
<li>The MetaManifest must ultimately be GnuPG-signed.<ol class="arabic"> |
793 |
<li>For the initial implementation, the same key as used for snapshot |
794 |
tarball signing is sufficient.</li> |
795 |
<li>For the future, the key used for fully automated signing by infra |
796 |
should not be on the same keyring as developer keys. See [#GLEPxx+3 |
797 |
for further notes].</li> |
798 |
</ol> |
799 |
</li> |
800 |
</ol> |
801 |
<p>The above does not conflict the proposal contained in GLEP33, which |
802 |
restructure eclasses to include subdirectories and Manifest files, as |
803 |
the Manifest rules above still provide indirect verification for all |
804 |
files after the GLEP33 restructuring if it comes to pass.</p> |
805 |
<p>If other Manifests are added (such as per-category, or protecting |
806 |
versioned eclases), the size of the MetaManifest will be greatly |
807 |
reduced, and this specification was written with such a possible future |
808 |
addition in mind.</p> |
809 |
<p>MetaManifest generation will take place as part of the existing process |
810 |
by infrastructure that takes the contents of CVS and prepares it for |
811 |
distribution via rsync, which includes generating metadata. In-tree |
812 |
Manifest files are not checked at this point, as they are assumed to be |
813 |
correct.</p> |
814 |
</div> |
815 |
<div class="section" id="verification-of-one-or-more-items-from-the-metamanifest"> |
816 |
<h2><a class="toc-backref" href="#id5">Verification of one or more items from the MetaManifest:</a></h2> |
817 |
<p>There are two times that this may happen: firstly, immediately after the |
818 |
rsync has completed - this has the advantage that the kernel file cache |
819 |
is hot, and checking the entire tree can be accomplished quickly. |
820 |
Secondly, the MetaManifest should be checked during installation of a |
821 |
package.</p> |
822 |
</div> |
823 |
<div class="section" id="procedure-for-verifying-an-item-in-the-metamanifest"> |
824 |
<h2><a class="toc-backref" href="#id6">Procedure for verifying an item in the MetaManifest:</a></h2> |
825 |
<p>In the following, I've used term 'M2-verify' to note following the hash |
826 |
verification procedures as defined by the Manifest2 format - which |
827 |
compromise checking the file length, and that the hashes match. Which |
828 |
filetypes may be ignored on missing is discussed in [#GLEP60].</p> |
829 |
<ol class="arabic simple"> |
830 |
<li>Check the GnuPG signature on the MetaManifest against the keyring of |
831 |
automated Gentoo keys. See [#GLEPxx+3] for full details regarding |
832 |
verification of GnuPG signatures. |
833 |
1. Abort if the signature check fails.</li> |
834 |
<li>Check the Timestamp header. If it is significently out of date |
835 |
compared to the local clock or a trusted source, halt or require |
836 |
manual intervention from the user.</li> |
837 |
<li>For a verification of the tree following an rsync:<ol class="arabic"> |
838 |
<li>Build a set 'ALL' of every file covered by the rsync. (exclude |
839 |
distfiles/, packages/, local/)</li> |
840 |
<li>M2-verify every entry in the MetaManifest, descending into inferior |
841 |
Manifests as needed. Place the relative path of every checked item |
842 |
into a set 'COVERED'.</li> |
843 |
<li>Construct the set 'UNCOVERED' by set-difference between the ALL and |
844 |
COVERED sets.</li> |
845 |
<li>For each file in the UNCOVERED set, assign a Manifest2 filetype.</li> |
846 |
<li>If the filetype for any file in the UNCOVERED set requires a halt |
847 |
on error, abort and display a suitable error.</li> |
848 |
<li>Completed verification</li> |
849 |
</ol> |
850 |
</li> |
851 |
<li>If checking at the installation of a package:<ol class="arabic"> |
852 |
<li>M2-verify the entry in MetaManifest for the Manifest</li> |
853 |
<li>M2-verify all relevant metadata/ contents if metadata/ is being |
854 |
used in any way (optionally done before dependancy checking).</li> |
855 |
<li>M2-verifying the contents of the Manifest.</li> |
856 |
<li>Perform M2-verification of all eclasses and profiles used (both |
857 |
directly and indirectly) by the ebuild.</li> |
858 |
</ol> |
859 |
</li> |
860 |
</ol> |
861 |
<div class="section" id="notes"> |
862 |
<h3><a class="toc-backref" href="#id7">Notes:</a></h3> |
863 |
<ol class="arabic simple"> |
864 |
<li>For initial implementations, it is acceptable to check EVERY item in |
865 |
the eclass and profiles directory, rather than tracking the exact |
866 |
files used by every eclass (see note #2). Later implementations |
867 |
should strive to only verify individual eclasses and profiles as |
868 |
needed.</li> |
869 |
<li>Tracking of exact files is of specific significance to the libtool |
870 |
eclass, as it stores patches under eclass/ELT-patches, and as such |
871 |
that would not be picked up by any tracing of the inherit function. |
872 |
This may be alleviated by a later eclass and ebuild variable that |
873 |
explicitly declares what files from the tree are used by a package.</li> |
874 |
</ol> |
875 |
</div> |
876 |
</div> |
877 |
</div> |
878 |
<div class="section" id="implementation-notes"> |
879 |
<h1><a class="toc-backref" href="#id8">Implementation Notes</a></h1> |
880 |
<p>For this portion of the tree-signing work, no actions are required of |
881 |
the individual Gentoo developers. They will continue to develop and |
882 |
commit as they do presently, and the MetaManifest is added by |
883 |
Infrastructure during the tree generation process, and distributed to |
884 |
users.</p> |
885 |
<div class="section" id="metamanifest-and-the-new-manifest2-filetypes"> |
886 |
<h2><a class="toc-backref" href="#id9">MetaManifest and the new Manifest2 filetypes</a></h2> |
887 |
<p>While [#GLEP60] describes the addition of new filetypes, these are NOT |
888 |
needed for implementation of the MetaManifest proposal. Without the new |
889 |
filetypes, all entries in the MetaManifest would be of type 'MISC'.</p> |
890 |
</div> |
891 |
<div class="section" id="timestamps-additional-distribution-of-metamanifest"> |
892 |
<h2><a class="toc-backref" href="#id10">Timestamps & Additional distribution of MetaManifest</a></h2> |
893 |
<p>As discussed by [C08a,C08b], malicious third-party mirrors may use the |
894 |
principles of exclusion and replay to deny an update to clients, while |
895 |
at the same time recording the identity of clients to attack.</p> |
896 |
<p>This should be guarded against by including a timestamp in the header of |
897 |
the MetaManifest, as well as distributing the latest MetaManifests by a |
898 |
trusted channel.</p> |
899 |
<p>On all rsync mirrors directly maintained by the Gentoo infrastructure, |
900 |
and not on community mirrors, there should be a new module |
901 |
'gentoo-portage-metamanifests'. Within this module, all MetaManifests |
902 |
for a recent time frame (eg one week) should be kept, named as |
903 |
"MetaManifest.$TS", where $TS is the timestamp from inside the file. |
904 |
The most recent MetaManifest should always be symlinked as |
905 |
MetaManifest.current. The possibility of serving the recent |
906 |
MetaManifests via HTTPS should also be explored to mitigate MitM |
907 |
attacks.</p> |
908 |
<p>The package manager should obtain MetaManifest.current and use it to |
909 |
decide is the tree is too out of date per operation #2 of the |
910 |
verification process. The decision about freshness should be a |
911 |
user-configuration setting, with the ability to override.</p> |
912 |
</div> |
913 |
<div class="section" id="metamanifest-size-considerations"> |
914 |
<h2><a class="toc-backref" href="#id11">MetaManifest size considerations</a></h2> |
915 |
<p>With only two levels of Manifests (per-package and top-level), every |
916 |
rsync will cause a lot of traffic transfering the modified top-level |
917 |
MetaManifest. To reduce this, per-category Manifests are strongly |
918 |
recommended. Alternatively, if the distribution method efficently |
919 |
handles small patch-like changes in an existing file, using an |
920 |
uncompressed MetaManifest may be acceptable (this would primarily be |
921 |
distributed version control systems). Other suggestions in reducing this |
922 |
traffic are welcomed.</p> |
923 |
</div> |
924 |
</div> |
925 |
<div class="section" id="backwards-compatibility"> |
926 |
<h1><a class="toc-backref" href="#id12">Backwards Compatibility</a></h1> |
927 |
<ul class="simple"> |
928 |
<li>There are no backwards compatibility issues, as old versions of |
929 |
Portage do not look for a Manifest file at the top level of the tree.</li> |
930 |
<li>Manifest2-aware versions of Portage ignore all entries that they are |
931 |
not certain how to handle. Enabling headers and PGP signing to be |
932 |
conducted easily.</li> |
933 |
</ul> |
934 |
</div> |
935 |
<div class="section" id="thanks"> |
936 |
<h1><a class="toc-backref" href="#id13">Thanks</a></h1> |
937 |
<p>I'd like to thank the following people for input on this GLEP.</p> |
938 |
<ul class="simple"> |
939 |
<li>Patrick Lauer (patrick): Prodding me to get all of the tree-signing |
940 |
work finished, and helping to edit.</li> |
941 |
<li>Ciaran McCreesh (ciaranm): Paludis Manifest2</li> |
942 |
<li>Brian Harring (ferringb): pkgcore Manifest2</li> |
943 |
<li>Marius Mauch (genone) & Zac Medico (zmedico): Portage Manifest2</li> |
944 |
<li>Ned Ludd (solar) - Security concept review</li> |
945 |
</ul> |
946 |
</div> |
947 |
<div class="section" id="references"> |
948 |
<h1><a class="toc-backref" href="#id14">References</a></h1> |
949 |
<dl class="docutils"> |
950 |
<dt>[C08a] Cappos, J et al. (2008). "Package Management Security".</dt> |
951 |
<dd>University of Arizona Technical Report TR08-02. Available online |
952 |
from: <a class="reference external" href="ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf">ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf</a></dd> |
953 |
<dt>[C08b] Cappos, J et al. (2008). "Attacks on Package Managers"</dt> |
954 |
<dd>Available online at: |
955 |
<a class="reference external" href="http://www.cs.arizona.edu/people/justin/packagemanagersecurity/">http://www.cs.arizona.edu/people/justin/packagemanagersecurity/</a></dd> |
956 |
</dl> |
957 |
</div> |
958 |
<div class="section" id="copyright"> |
959 |
<h1><a class="toc-backref" href="#id15">Copyright</a></h1> |
960 |
<p>Copyright (c) 2006 by Robin Hugh Johnson. This material may be |
961 |
distributed only subject to the terms and conditions set forth in the |
962 |
Open Publication License, v1.0.</p> |
963 |
<p>vim: tw=72 ts=2 expandtab:</p> |
964 |
</div> |
965 |
|
966 |
</div> |
967 |
<div class="footer"> |
968 |
<hr class="footer" /> |
969 |
<a class="reference external" href="glep-0058.txt">View document source</a>. |
970 |
Generated on: 2008-10-28 07:47 UTC. |
971 |
Generated by <a class="reference external" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source. |
972 |
|
973 |
</div> |
974 |
</body> |
975 |
</html> |