From owner-freebsd-hackers@FreeBSD.ORG Wed Nov 19 11:37:18 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 964A4106567F for ; Wed, 19 Nov 2008 11:37:18 +0000 (UTC) (envelope-from freebsd-hackers@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 4B7398FC18 for ; Wed, 19 Nov 2008 11:37:18 +0000 (UTC) (envelope-from freebsd-hackers@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1L2lMt-0004dB-Uz for freebsd-hackers@freebsd.org; Wed, 19 Nov 2008 11:37:11 +0000 Received: from 195.208.174.178 ([195.208.174.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 19 Nov 2008 11:37:11 +0000 Received: from vadim_nuclight by 195.208.174.178 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 19 Nov 2008 11:37:11 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-hackers@freebsd.org From: Vadim Goncharov Followup-To: gmane.os.freebsd.current Date: Wed, 19 Nov 2008 11:37:01 +0000 (UTC) Organization: Nuclear Lightning @ Tomsk, TPU AVTF Hostel Lines: 31 Message-ID: References: <200809222233.26053.max@love2party.net> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 195.208.174.178 X-Comment-To: Max Laier User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Cc: freebsd-current@freebsd.org Subject: Re: cosum: Checkout verification PoC X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vadim_nuclight@mail.ru List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2008 11:37:18 -0000 Hi Max Laier! On Mon, 22 Sep 2008 22:33:25 +0200; Max Laier wrote about 'cosum: Checkout verification PoC': > the attached script will generate md5 and sha256 checksums of a checkout and > try to find the corresponding svn-revision. This can help to verify that your > checkout from cvsupX.yy.freebsd.org is authentic. Not that there is reason to > believe that we have compromised cvsup-servers. This is just something I've > been toying with and wanted to let you know to see if people find the idea > interesting. I'd also be interested in reviews of the concept (note that I > know that https would be a good idea, I just cba to setup a certificate). > The coverage currently is head and stable/{6,7} svn revision 179451:183186 > (i.e. since the first svn commit up to "2008-09-19 16:51:41 +0200". I don't > yet have a cronjob in place to generate new checksums, so this will become > less useful quick. If people do find it interesting, however, I could > certainly roll something. > As you can see, the script is ready to checksum cvs and svn checkouts. If you > obtain your checkout from some local git/hg/svk/... mirror you must modify the > find excludes accordingly. > Let me know what you think. This is a good solution for our users caring about security. I think such definitely should be incorporated into base system and server-side support be provided at freebsd.org on official basis. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]