From owner-freebsd-questions@freebsd.org Wed Jan 20 08:20:22 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF31CA88295 for ; Wed, 20 Jan 2016 08:20:22 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5B81E1FE3 for ; Wed, 20 Jan 2016 08:20:22 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (liminal.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3636:3bff:fed4:b0d6]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.2/8.15.2) with ESMTPSA id u0K8KKXY014807 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Wed, 20 Jan 2016 08:20:20 GMT (envelope-from matthew@FreeBSD.org) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host liminal.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3636:3bff:fed4:b0d6] claimed to be liminal.local Subject: Re: Downloading 10.2-RELEASE-p10 source without prayer To: freebsd-questions@freebsd.org References: From: Matthew Seaman X-Enigmail-Draft-Status: N1110 Message-ID: <569F4344.5020907@FreeBSD.org> Date: Wed, 20 Jan 2016 08:20:20 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="87TOxhQ4kuEHNIVgRHcmmTr5UEdRkIn1K" X-Virus-Scanned: clamav-milter 0.99 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2016 08:20:22 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --87TOxhQ4kuEHNIVgRHcmmTr5UEdRkIn1K Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 20/01/2016 01:30, Chris Stankevitz wrote: > On Tue, Jan 19, 2016 at 4:45 PM, Chris Stankevitz > wrote: >> > Of course I'm being sarcastic about the prayer... but is there a way= >> > (a tarball or special SVN tag/branch) to get the "official" >> > 10.2-RELEASE-p10 code? What do the freebsd-update servers use? > I could just look at "svn log -l 1" and see if it jives more or less > with the most recent freebsd-announce email. Depends how paranoid you want to be. If you download one of the DVD installation images, that should include base system sources and will have offline checksums that you can verify. You can then apply the patches from all of the SAs and ENs published since, all of which are digitally signed. That's probably as good as you can get in ensuring you've got authentic, untampered sources. Most people would find it good enough to use eg. freebsd-update -- the updates are cryptographically signed, so you can be reasonably certain that what it installs on your system is the same as what it has on the servers. It does use a pretty direct connection to the master SVN repository for obtaining the code it builds from, but you generally have to trust that it is using unadulterated sources itself. freebsd-update can maintain a copy of /usr/src for you. Or else you can just checkout the RELENG-10 branch from one of the SVN mirrors: # cd /usr # svn co https://svn.freebsd.org/base/releng/10.2 src The SSL cert on the server should be sufficient guarantee you've not been spoofed into some MITM scenario. Cheers, Matthew --87TOxhQ4kuEHNIVgRHcmmTr5UEdRkIn1K Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQJ8BAEBCgBmBQJWn0NEXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkAThnYP/0L65tCeb84hbADMXjMqUr3B XHZUX7sq+CGdZQQB8wsy9IAQuxrClxYszbjnMsheBSDHZTVLNRJZhRzGxV2TJjyR ZQNlSle8gerWyOCt2RZZxVSjcpMVGGprc6Hj9JQ+iRS51ZWoedEV/j4GcnCDceUZ QMmuuBFgGdmB37jsGAmsO8eGSCWEVT1MtoniEeha5RjLyASORdqL/HsWONMMBhw7 +UDMzKf9M37QOi7aQEk6MZEftIlYsxb6WYd0ZemoYQdx5iv0oasB3UMRGEaBbpQd 9axq24YW+v9QSCZGT0YxYvMZoilKaNmoPuAlQrqY8CBiZxKJT8mC0wAAjcmKqrbz ieUPwWdv3UrrhZb59+G5v/WIe4PV4ZrQUZBnSQ5KZO2JU8q2FhRvEPCQa4/GQEVV 2XYuVJTInNFtF2YjJKh0JbQYX6Zm4s4eyjrNb6xJAKtjcLYqgLncA5Fr9IppihlW Rk6hNY1+umR5PkK8JshBK2b7jUqxISkmn2w7QduxC/R3i/IeKO+NkOg3436NZigk 9MWkxnXKAmnCZKhyHPP6MrgDVPj1Miad5oZ2X3omjotaRPVsrPJnRqP/GjCsYSfP e5SvB6ZXyFpZ+o6LyAQl38BBgt2RV8LbzO51L/20l4M7ih+6RIqMcL9jmh4pguo7 sRZWwA+KUi90BSYZwfMH =tENU -----END PGP SIGNATURE----- --87TOxhQ4kuEHNIVgRHcmmTr5UEdRkIn1K--