Date: Wed, 20 Jan 2016 08:20:20 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: Downloading 10.2-RELEASE-p10 source without prayer Message-ID: <569F4344.5020907@FreeBSD.org> In-Reply-To: <CAPi0psuP96f--dnRKpWZaDtsKX-1N=n%2B4hJ_yhwnB19-iOHaKg@mail.gmail.com> References: <CAPi0psv=XoZ4Zd_J4g-dLLOTtD9FCCbdiTn7AaA6BX4QwS4-og@mail.gmail.com> <CAPi0psuP96f--dnRKpWZaDtsKX-1N=n%2B4hJ_yhwnB19-iOHaKg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --87TOxhQ4kuEHNIVgRHcmmTr5UEdRkIn1K Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 20/01/2016 01:30, Chris Stankevitz wrote: > On Tue, Jan 19, 2016 at 4:45 PM, Chris Stankevitz > <chrisstankevitz@gmail.com> wrote: >> > Of course I'm being sarcastic about the prayer... but is there a way= >> > (a tarball or special SVN tag/branch) to get the "official" >> > 10.2-RELEASE-p10 code? What do the freebsd-update servers use? > I could just look at "svn log -l 1" and see if it jives more or less > with the most recent freebsd-announce email. Depends how paranoid you want to be. If you download one of the DVD installation images, that should include base system sources and will have offline checksums that you can verify. You can then apply the patches from all of the SAs and ENs published since, all of which are digitally signed. That's probably as good as you can get in ensuring you've got authentic, untampered sources. Most people would find it good enough to use eg. freebsd-update -- the updates are cryptographically signed, so you can be reasonably certain that what it installs on your system is the same as what it has on the servers. It does use a pretty direct connection to the master SVN repository for obtaining the code it builds from, but you generally have to trust that it is using unadulterated sources itself. freebsd-update can maintain a copy of /usr/src for you. Or else you can just checkout the RELENG-10 branch from one of the SVN mirrors: # cd /usr # svn co https://svn.freebsd.org/base/releng/10.2 src The SSL cert on the server should be sufficient guarantee you've not been spoofed into some MITM scenario. Cheers, Matthew --87TOxhQ4kuEHNIVgRHcmmTr5UEdRkIn1K Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQJ8BAEBCgBmBQJWn0NEXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkAThnYP/0L65tCeb84hbADMXjMqUr3B XHZUX7sq+CGdZQQB8wsy9IAQuxrClxYszbjnMsheBSDHZTVLNRJZhRzGxV2TJjyR ZQNlSle8gerWyOCt2RZZxVSjcpMVGGprc6Hj9JQ+iRS51ZWoedEV/j4GcnCDceUZ QMmuuBFgGdmB37jsGAmsO8eGSCWEVT1MtoniEeha5RjLyASORdqL/HsWONMMBhw7 +UDMzKf9M37QOi7aQEk6MZEftIlYsxb6WYd0ZemoYQdx5iv0oasB3UMRGEaBbpQd 9axq24YW+v9QSCZGT0YxYvMZoilKaNmoPuAlQrqY8CBiZxKJT8mC0wAAjcmKqrbz ieUPwWdv3UrrhZb59+G5v/WIe4PV4ZrQUZBnSQ5KZO2JU8q2FhRvEPCQa4/GQEVV 2XYuVJTInNFtF2YjJKh0JbQYX6Zm4s4eyjrNb6xJAKtjcLYqgLncA5Fr9IppihlW Rk6hNY1+umR5PkK8JshBK2b7jUqxISkmn2w7QduxC/R3i/IeKO+NkOg3436NZigk 9MWkxnXKAmnCZKhyHPP6MrgDVPj1Miad5oZ2X3omjotaRPVsrPJnRqP/GjCsYSfP e5SvB6ZXyFpZ+o6LyAQl38BBgt2RV8LbzO51L/20l4M7ih+6RIqMcL9jmh4pguo7 sRZWwA+KUi90BSYZwfMH =tENU -----END PGP SIGNATURE----- --87TOxhQ4kuEHNIVgRHcmmTr5UEdRkIn1K--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?569F4344.5020907>