From owner-freebsd-questions@FreeBSD.ORG Fri Feb 6 17:14:31 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0CD261065676 for ; Fri, 6 Feb 2009 17:14:31 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.freebsd.org (Postfix) with ESMTP id 63A508FC17 for ; Fri, 6 Feb 2009 17:14:30 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from kobe.laptop (adsl91-225.kln.forthnet.gr [77.49.58.225]) (authenticated bits=128) by igloo.linux.gr (8.14.3/8.14.3/Debian-5) with ESMTP id n16HEFjl010591 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 6 Feb 2009 19:14:21 +0200 Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.3/8.14.3) with ESMTP id n16HEFYL045408; Fri, 6 Feb 2009 19:14:15 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.14.3/8.14.3/Submit) id n16HEEBC045407; Fri, 6 Feb 2009 19:14:14 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) From: Giorgos Keramidas To: cpghost References: <4989B239.9090504@optiksecurite.com> <878wolpydl.fsf@kobe.laptop> <20090206165800.GB1444@phenom.cordula.ws> Date: Fri, 06 Feb 2009 19:14:14 +0200 In-Reply-To: <20090206165800.GB1444@phenom.cordula.ws> (cpghost@cordula.ws's message of "Fri, 6 Feb 2009 17:58:00 +0100") Message-ID: <871vubv66x.fsf@kobe.laptop> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-MailScanner-ID: n16HEFjl010591 X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.868, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.53, BAYES_00 -2.60) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: "freebsd-questions@freebsd.org" Subject: Re: OT: SVN checkout checksumming X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2009 17:14:31 -0000 On Fri, 6 Feb 2009 17:58:00 +0100, cpghost wrote: >> Let's assume for a moment that you install a post-commit hook that >> generates a SHA-256 checksum of all the files in the latest repo >> revision on the svn server. >> >> For the sake of simplicity, let's assume that this file is a simple, >> plain text file that is named db/revs/NUMBER.sha256 where 'NUMBER' is >> the revision number you are check-summing. >> >> How are you going to *safely* transmit those SHA-256 checksums to the >> client on 'svn checkout'? > > Well, sorry to bring this back up, but again: how about signing > NUMBER.sha256 with a GnuPG private key belonging to the FreeBSD > Project? If there's a way to *safely* get the corresponding > public key, checking the signature of the NUMBER.sha256 files > would be trivial. If the signed data is not part of the actual repository, you have a signature for a numeric value, not a signature for the *contents* of the repository itself. I think I am missing something here...