Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Robin H. Johnson (robbat2)" <robbat2@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in users/robbat2/tree-signing-gleps: 01-distribution-process-security
Date: Tue, 01 Jul 2008 07:08:26
Message-Id: E1KDZyO-0001S1-U8@stork.gentoo.org
1 robbat2 08/07/01 07:08:20
2
3 Modified: 01-distribution-process-security
4 Log:
5 Clarify spots where verification has failed and we must abort.
6
7 Revision Changes Path
8 1.12 users/robbat2/tree-signing-gleps/01-distribution-process-security
9
10 file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?rev=1.12&view=markup
11 plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?rev=1.12&content-type=text/plain
12 diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security?r1=1.11&r2=1.12
13
14 Index: 01-distribution-process-security
15 ===================================================================
16 RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/01-distribution-process-security,v
17 retrieving revision 1.11
18 retrieving revision 1.12
19 diff -p -w -b -B -u -u -r1.11 -r1.12
20 --- 01-distribution-process-security 1 Jul 2008 07:06:53 -0000 1.11
21 +++ 01-distribution-process-security 1 Jul 2008 07:08:20 -0000 1.12
22 @@ -1,7 +1,7 @@
23 GLEP: xx+1
24 Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
25 -Version: $Revision: 1.11 $
26 -Last-Modified: $Date: 2008/07/01 07:06:53 $
27 +Version: $Revision: 1.12 $
28 +Last-Modified: $Date: 2008/07/01 07:08:20 $
29 Author: Robin Hugh Johnson <robbat2@g.o>,
30 Status: Draft
31 Type: Standards Track
32 @@ -139,7 +139,7 @@ filetypes may be ignored on missing is d
33 1. Check the GnuPG signature on the MetaManifest against the keyring of
34 automated Gentoo keys. See [GLEPxx+3] for full details regarding
35 verification of GnuPG signatures.
36 -1.1. Do not continue if the signature check fails.
37 +1.1. Abort if the signature check fails.
38
39 2. For a verification of the tree following an rsync:
40 2.1. Build a set 'ALL' of every file covered by the rsync. (exclude
41 @@ -151,7 +151,7 @@ filetypes may be ignored on missing is d
42 COVERED sets.
43 2.4. For each file in the UNCOVERED set, assign a Manifest2 filetype.
44 2.5. If the filetype for any file in the UNCOVERED set requires a halt
45 - on error, do so.
46 + on error, abort and display a suitable error.
47 2.6. Completed verification
48
49 3. If checking at the installation of a package:
50
51
52
53 --
54 gentoo-commits@l.g.o mailing list
Report Message
Find on MARC Find on Google Groups