Date: Wed, 27 Oct 2004 09:41:58 +0200 From: Bertrand JUGLAS <bertux@frenchcube.net> To: Colin Percival <colin.percival@wadham.ox.ac.uk> Cc: freebsd-security@freebsd.org Subject: Re: please test: Secure ports tree updating Message-ID: <417F5146.5010506@frenchcube.net> In-Reply-To: <417EAC7E.2040103@wadham.ox.ac.uk> References: <417EAC7E.2040103@wadham.ox.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Colin Percival wrote: > CVSup is slow, insecure, and a memory hog. However, until now > it's been the only option for keeping an up-to-date ports tree, > and (thanks to all of the recent work on vuxml and portaudit) > it has become quite obvious that keeping an up-to-date ports > tree is very important. > > To provide a secure, lightweight, and fast alternative to CVSup, > I've written portsnap. As the name suggests, this is a system > for building, *signing*, and distributing compressed snapshots > of the ports tree, which can then be extracted into /usr/ports > as needed. > > Portsnap is: > * Lightweight. It's a 15kB shell script which uses under 50kB > of other binaries. > * Designed for frequent updating. Unlike CVSup, it doesn't > need to transmit a complete list of files in the ports tree each > time it runs; in fact, if there are no updates available, it only > needs to fetch a single file of 256 bytes. > * Secure. Using code from FreeBSD Update, the ports snapshots > are signed using a 2048-bit RSA key. > * HTTP-only. That's right, you don't need to beg your network > maintainer to allow outgoing connections on port 5999 any more. :-) > > Right now I'm only building snapshots once per day, but after > this has had some testing I'll increase that to once every 1-2 > hours. Similarly, portsnap isn't in the ports tree yet, but it > will appear there once I'm satisfied with the testing that it > has received. > > So please go and test! Portsnap can be downloaded from > http://www.daemonology.net/portsnap/ > > Colin Percival > PS. I'm not sure how many testers this message is going to elicit, > nor how much bandwidth portsnap.daemonology.net can comfortably > handle. I may come back tomorrow and ask for some mirrors. :-) > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" I'm going to test it on a fresh FreeBSD 4.10-RELEASE install and if the download file size is small i will mirror it on my website. I will later post results from my testing. i hope to read from you soon, Bertrand Juglas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?417F5146.5010506>