From owner-freebsd-questions@FreeBSD.ORG Fri Feb 6 19:12:00 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5981810656C2 for ; Fri, 6 Feb 2009 19:12:00 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42]) by mx1.freebsd.org (Postfix) with ESMTP id DDCE78FC18 for ; Fri, 6 Feb 2009 19:11:59 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from phenom.cordula.ws (phenom [192.168.254.60]) by fw.farid-hajji.net (Postfix) with ESMTP id 0C9292E072; Fri, 6 Feb 2009 20:11:57 +0100 (CET) Date: Fri, 6 Feb 2009 20:11:57 +0100 From: cpghost To: Giorgos Keramidas Message-ID: <20090206191157.GB2438@phenom.cordula.ws> References: <4989B239.9090504@optiksecurite.com> <878wolpydl.fsf@kobe.laptop> <20090206165800.GB1444@phenom.cordula.ws> <871vubv66x.fsf@kobe.laptop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <871vubv66x.fsf@kobe.laptop> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: "freebsd-questions@freebsd.org" Subject: Re: OT: SVN checkout checksumming X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2009 19:12:00 -0000 On Fri, Feb 06, 2009 at 07:14:14PM +0200, Giorgos Keramidas wrote: > On Fri, 6 Feb 2009 17:58:00 +0100, cpghost wrote: > >> Let's assume for a moment that you install a post-commit hook that > >> generates a SHA-256 checksum of all the files in the latest repo > >> revision on the svn server. > >> > >> For the sake of simplicity, let's assume that this file is a simple, > >> plain text file that is named db/revs/NUMBER.sha256 where 'NUMBER' is > >> the revision number you are check-summing. > >> > >> How are you going to *safely* transmit those SHA-256 checksums to the > >> client on 'svn checkout'? > > > > Well, sorry to bring this back up, but again: how about signing > > NUMBER.sha256 with a GnuPG private key belonging to the FreeBSD > > Project? If there's a way to *safely* get the corresponding > > public key, checking the signature of the NUMBER.sha256 files > > would be trivial. > > If the signed data is not part of the actual repository, you have a > signature for a numeric value, not a signature for the *contents* of the > repository itself. Hmmm... yes, you're right. Only the digest would be signed in this case, and that's not enough. But if the (digest, revision) pair is signed, that would at least be useful (somewhat). So, let's say that NUMBER.sha256 starts with something like a comment: # r123456 ... and all this signed, would it be enough? Even if the repository isn't signed, one can compute the digests locally and check them with the *signed* list of digests. It may not catch everything because of possible collisions, but wouldn't that be already better than nothing? -cpghost. -- Cordula's Web. http://www.cordula.ws/