From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KDZyU-0005Xz-4M for garchives@archives.gentoo.org; Tue, 01 Jul 2008 07:08:26 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 743F4E049E; Tue, 1 Jul 2008 07:08:25 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 51B0DE049E for ; Tue, 1 Jul 2008 07:08:25 +0000 (UTC) Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id D74B767620 for ; Tue, 1 Jul 2008 07:08:24 +0000 (UTC) Received: from robbat2 by stork.gentoo.org with local (Exim 4.69) (envelope-from ) id 1KDZyO-0001S1-U8 for gentoo-commits@lists.gentoo.org; Tue, 01 Jul 2008 07:08:20 +0000 From: "Robin H. Johnson (robbat2)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, robbat2@gentoo.org Subject: [gentoo-commits] gentoo commit in users/robbat2/tree-signing-gleps: 01-distribution-process-security X-VCS-Repository: gentoo X-VCS-Files: 01-distribution-process-security X-VCS-Directories: users/robbat2/tree-signing-gleps X-VCS-Committer: robbat2 X-VCS-Committer-Name: Robin H. Johnson Content-Type: text/plain; charset=utf8 Message-Id: Sender: "Robin H. Johnson" Date: Tue, 01 Jul 2008 07:08:20 +0000 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 5c166775-5e2b-4b57-b323-ea20382702d3 X-Archives-Hash: f0a45707857eaa2f78d0f210810f88c3 robbat2 08/07/01 07:08:20 Modified: 01-distribution-process-security Log: Clarify spots where verification has failed and we must abort. Revision Changes Path 1.12 users/robbat2/tree-signing-gleps/01-distribution-pro= cess-security file : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-sig= ning-gleps/01-distribution-process-security?rev=3D1.12&view=3Dmarkup plain: http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-sig= ning-gleps/01-distribution-process-security?rev=3D1.12&content-type=3Dtex= t/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo/users/robbat2/tree-sig= ning-gleps/01-distribution-process-security?r1=3D1.11&r2=3D1.12 Index: 01-distribution-process-security =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /var/cvsroot/gentoo/users/robbat2/tree-signing-gleps/01-distrib= ution-process-security,v retrieving revision 1.11 retrieving revision 1.12 diff -p -w -b -B -u -u -r1.11 -r1.12 --- 01-distribution-process-security 1 Jul 2008 07:06:53 -0000 1.11 +++ 01-distribution-process-security 1 Jul 2008 07:08:20 -0000 1.12 @@ -1,7 +1,7 @@ GLEP: xx+1 Title: Security of distribution of Gentoo software - Infrastructure to U= ser distribution - MetaManifest -Version: $Revision: 1.11 $ -Last-Modified: $Date: 2008/07/01 07:06:53 $ +Version: $Revision: 1.12 $ +Last-Modified: $Date: 2008/07/01 07:08:20 $ Author: Robin Hugh Johnson ,=20 Status: Draft Type: Standards Track @@ -139,7 +139,7 @@ filetypes may be ignored on missing is d 1. Check the GnuPG signature on the MetaManifest against the keyring of automated Gentoo keys. See [GLEPxx+3] for full details regarding verification of GnuPG signatures.=20 -1.1. Do not continue if the signature check fails. +1.1. Abort if the signature check fails. =20 2. For a verification of the tree following an rsync: 2.1. Build a set 'ALL' of every file covered by the rsync. (exclude @@ -151,7 +151,7 @@ filetypes may be ignored on missing is d COVERED sets. 2.4. For each file in the UNCOVERED set, assign a Manifest2 filetype. 2.5. If the filetype for any file in the UNCOVERED set requires a halt - on error, do so. + on error, abort and display a suitable error. 2.6. Completed verification =20 3. If checking at the installation of a package: --=20 gentoo-commits@lists.gentoo.org mailing list