Archives
Archives
| From: | "Michał Górny" <mgorny@g.o> |
|---|---|
| To: | gentoo-portage-dev@l.g.o |
| Subject: | [gentoo-portage-dev] [PATCH] rsync: Improve gemato rsync Manifest verification logic |
| Date: | Thu, 01 Feb 2018 12:17:16 |
| Message-Id: | 20180201121707.8623-1-mgorny@gentoo.org |
| 1 | Hi, |
| 2 | |
| 3 | Here's a batch of patches meant to be merged after the bugfix release. |
| 4 | They replace the calls to "gemato" executable with Python routine calls, |
| 5 | and further improve the security. |
| 6 | |
| 7 | The notable improvements are: |
| 8 | |
| 9 | 1. New shiny e-style output ;-). |
| 10 | |
| 11 | 2. Manifest signature is always verified, even if the tree is considered |
| 12 | unchanged. This allows us to detect recent key revocation even |
| 13 | without having other changes to verify. |
| 14 | |
| 15 | 3. OpenPGP keys are loaded and updated before rsync. This allows us |
| 16 | to bail out early, and let the user fix the situation without having |
| 17 | to do the whole rsync routine multiple times. |
| 18 | |
| 19 | 4. Manifest timestamp is compared to the local clock, and a warning |
| 20 | is issued if the tree received is at least 24 hours old. This allows |
| 21 | us to detect attacks based on preventing the user from upgrading. |
| 22 | |
| 23 | -- |
| 24 | Best regards, |
| 25 | Michał Górny |
| Subject | Author |
|---|---|
| [gentoo-portage-dev] [PATCH 1/5] rsync: Verify the value of sync-rsync-verify-jobs | "Michał Górny" <mgorny@g.o> |
| [gentoo-portage-dev] [PATCH 2/5] rsync: Use gemato routines directly instead of calling the CLI tool | "Michał Górny" <mgorny@g.o> |
| [gentoo-portage-dev] [PATCH 3/5] rsync: Verify the Manifest signature even if tree is unchanged | "Michał Górny" <mgorny@g.o> |
| [gentoo-portage-dev] [PATCH 4/5] rsync: Load and update keys early | "Michał Górny" <mgorny@g.o> |
| [gentoo-portage-dev] [PATCH 5/5] rsync: Issue an explicit warning if Manifest timestamp is >24hr old | "Michał Górny" <mgorny@g.o> |