Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-dev@l.g.o, Roy Bamford <neddyseagoon@g.o>
Subject: Re: [gentoo-dev] [RFC] GLEP 74: Full-tree verification using Manifest files
Date: Fri, 27 Oct 2017 06:22:50
Message-Id: D2EE0060-D25D-4A6F-9D16-FD8F0CE0A24F@gentoo.org
In Reply to: Re: [gentoo-dev] [RFC] GLEP 74: Full-tree verification using Manifest files by Roy Bamford
1 Dnia 26 października 2017 23:58:53 CEST, Roy Bamford <neddyseagoon@g.o> napisał(a):
2 >On 2017.10.26 21:12, Michał Górny wrote:
3 >> Hi, everyone.
4 >>
5 >> After a week of hard work, I'd like to request your comments
6 >> on the draft of GLEP 74. This GLEP aims to replace the old
7 >> tree-signing
8 >> GLEPs 58 and 60 with a superior implementation and more complete
9 >> specification.
10 >>
11 >> The original tree-signing GLEPs were accepted a few years back but
12 >> they
13 >> have never been implemented. This specification, on the other hand,
14 >> comes with a working reference implementation for the verification
15 >> algorithm. I expect to finish the update/generation part in a few
16 >> days,
17 >> then work on additional optimizations (threading, incremental
18 >> verification, incremental updates).
19 >>
20 >> ReST: https://dev.gentoo.org/~mgorny/tmp/glep-0074.rst
21 >> HTML: https://dev.gentoo.org/~mgorny/tmp/glep-0074.html
22 >> impl: https://github.com/mgorny/gemato/
23 >>
24 >> Full text following for inline comments.
25 >>
26 >[snip lots of hard work]
27 >>
28 >> --
29 >> Best regards,
30 >> Michał Górny
31 >>
32 >>
33 >>
34 >
35 >Michał,
36 >
37 >Thank you for the hard work.
38 >
39 >This GLEP implies that users need to have the entire repository to
40 >validate
41 >and authenticate, if I understand it correctly.
42 >
43 >For example
44 >PORTAGE_RSYNC_EXTRA_OPTS="--exclude=<list_of_<package/categories>"
45 >wil still work but the resulting tree could not be authenticaed. as
46 >the top level signature would fail.
47 >
48 >The manifests would still work correctly because they only apply to
49 >the directory containing them. Pruning the repository at
50 >rsync time will therefore remove the manifents and the files that they
51 >cover.
52 >
53 >Is that understanding correct?
54
55 Yes. We can't technically distinguish intentional package removal by user from malicious third party stripping them. This is something that a package manager extension might handle but it doesn't belong in the spec.
56
57
58 --
59 Best regards,
60 Michał Górny (by phone)

Replies

Subject Author
Re: [gentoo-dev] [RFC] GLEP 74: Full-tree verification using Manifest files Dean Stephens <desultory@g.o>
Report Message
Find on MARC Find on Google Groups