1 |
On Wed, Feb 18, 2009 at 11:27:41PM +0100, Robert Buchholz wrote: |
2 |
> On Wednesday 18 February 2009, Robin H. Johnson wrote: |
3 |
> > Using the converse, all files covered by AUX, DIST, MISC have GIT |
4 |
> > SHA1 commit ids. Explicitly performing a checksum on them is not |
5 |
> > needed, just extract it from Git. |
6 |
> These hashes would need to be regenerated for the rsync though, because |
7 |
> otherwise it does not provide integrity and this would make tree |
8 |
> signing impossible. Overlays would have to abandon the hashes though, |
9 |
> otherwise you'll get the same merge trouble again. |
10 |
On the git->rsync gateway: |
11 |
For non-distfiles: |
12 |
1. Extract SHA1 from Git |
13 |
2. Compare to actual file (Git does this implicitly, esp if you have |
14 |
signed Git commits, but you can check again if you want). |
15 |
3. Generate SHA256/RMD160/other. |
16 |
4. Append the full hash to Manifest. |
17 |
|
18 |
> It'll also ease attacks on distfiles when first mirroring them. |
19 |
Umm, no, you missed part of what I said. I noted that the newer |
20 |
Manifests in Git would contain the hashes for ONLY the distfiles, not |
21 |
for other files. Distfiles suffer zero reduction in security. |
22 |
The master box is NEVER generating the hash for a distfile. |
23 |
|
24 |
For distfiles: |
25 |
(server side) |
26 |
1. Full set of hashes (SHA1/SHA256/RMD160) is already in Manifest (in a |
27 |
GPG-signed Git commit). |
28 |
2. Verify the hash on mirroring the file |
29 |
(client side) |
30 |
3. Verify the hashes/distfile as normal. |
31 |
|
32 |
> hash and (2) only one box would need to be attacked via |
33 |
> man-in-the-middle, whereas it is currently two. |
34 |
Your count of needing to attack two boxes presently is wrong. Just pick |
35 |
some community rsyncNN.CC.gentoo.org that also hosts distfiles via |
36 |
HTTP/FTP, and attack that box, replacing both a Manifest and the |
37 |
distfile. |
38 |
|
39 |
-- |
40 |
Robin Hugh Johnson |
41 |
Gentoo Linux Developer & Infra Guy |
42 |
E-Mail : robbat2@g.o |
43 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |