[gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0060.txt glep-0059.txt glep-0058.txt

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0060.txt glep-0059.txt glep-0058.txt
@ 2008-10-22 17:59 Robin H. Johnson (robbat2)
  0 siblings, 0 replies; only message in thread
From: Robin H. Johnson (robbat2) @ 2008-10-22 17:59 UTC (permalink / raw
  To: gentoo-commits

robbat2     08/10/22 17:59:43

  Modified:             glep-0060.txt glep-0059.txt glep-0058.txt
  Log:
  Fix RST validation for tree-signing GLEPS.

Revision  Changes    Path
1.2                  xml/htdocs/proj/en/glep/glep-0060.txt

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0060.txt?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0060.txt?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0060.txt?r1=1.1&r2=1.2

Index: glep-0060.txt
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0060.txt,v
retrieving revision 1.1
retrieving revision 1.2
diff -p -w -b -B -u -u -r1.1 -r1.2
--- glep-0060.txt	21 Oct 2008 23:30:47 -0000	1.1
+++ glep-0060.txt	22 Oct 2008 17:59:43 -0000	1.2
@@ -1,7 +1,7 @@
 GLEP: 60
 Title: Manifest2 filetypes
-Version: $Revision: 1.1 $
-Last-Modified: $Date: 2008/10/21 23:30:47 $
+Version: $Revision: 1.2 $
+Last-Modified: $Date: 2008/10/22 17:59:43 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org> 
 Status: Draft
 Type: Standards Track
@@ -93,7 +93,7 @@ MISC
 New filetypes:
 --------------
 _INFO (new, abstract)
-~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~
 - This is the functionality of the old AUX, but does not include the
   implicit 'files/' prefix in the path, and is verified relative to the
   working directory instead of $FILESDIR.
@@ -101,7 +101,7 @@ _INFO (new, abstract)
   is not an error unless the package manager is attempting to be strict.
 
 _CRIT (new, abstract)
-~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~
 - _CRIT is based off the _INFO type.
 - The modification or absence of a file listed as a _CRIT-derived type 
   must be treated as an error.



1.2                  xml/htdocs/proj/en/glep/glep-0059.txt

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt?r1=1.1&r2=1.2

Index: glep-0059.txt
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0059.txt,v
retrieving revision 1.1
retrieving revision 1.2
diff -p -w -b -B -u -u -r1.1 -r1.2
--- glep-0059.txt	21 Oct 2008 23:30:47 -0000	1.1
+++ glep-0059.txt	22 Oct 2008 17:59:43 -0000	1.2
@@ -1,7 +1,7 @@
 GLEP: 59
 Title: Manifest2 hash policies and security implications
-Version: $Revision: 1.1 $
-Last-Modified: $Date: 2008/10/21 23:30:47 $
+Version: $Revision: 1.2 $
+Last-Modified: $Date: 2008/10/22 17:59:43 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org>, 
 Status: Draft
 Type: Standards Track
@@ -134,10 +134,10 @@ References
   Report 2004/204. Available online from:
   http://eprint.iacr.org/2004/207.pdf
 
-[J04] Joux, Antoie. (2004). "Multicollisions in Iterated Hash Functions
-  - Application to Cascaded Constructions;" Proceedings of CRYPTO 2004,
-  Franklin, M. (Ed); Lecture Notes in Computer Science 3152, pp. 
-  306-316. Available online from:
+[J04] Joux, Antoie. (2004).  "Multicollisions in Iterated Hash 
+  Functions - Application to Cascaded Constructions;" Proceedings of
+  CRYPTO 2004, Franklin, M. (Ed); Lecture Notes in Computer Science
+  3152, pp.  306-316. Available online from:
   http://web.cecs.pdx.edu/~teshrim/spring06/papers/general-attacks/multi-joux.pdf
 
 [K06a] Klima, V. (2006). "Tunnels in Hash Functions: MD5 Collisions



1.2                  xml/htdocs/proj/en/glep/glep-0058.txt

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?r1=1.1&r2=1.2

Index: glep-0058.txt
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt,v
retrieving revision 1.1
retrieving revision 1.2
diff -p -w -b -B -u -u -r1.1 -r1.2
--- glep-0058.txt	21 Oct 2008 23:30:47 -0000	1.1
+++ glep-0058.txt	22 Oct 2008 17:59:43 -0000	1.2
@@ -1,7 +1,7 @@
 GLEP: 58
 Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
-Version: $Revision: 1.1 $
-Last-Modified: $Date: 2008/10/21 23:30:47 $
+Version: $Revision: 1.2 $
+Last-Modified: $Date: 2008/10/22 17:59:43 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org>, 
 Status: Draft
 Type: Standards Track
@@ -79,18 +79,20 @@ Procedure for creating the MetaManifest 
    this procedure applies to overlays as well).
 
 2. Initialize two unordered sets: COVERED, ALL.
-2.1. 'ALL' will contain every file in the tree.
-2.2. 'COVERED' will contain every file that is mentioned in an existing
+
+   1. 'ALL' will contain every file in the tree.
+   2. 'COVERED' will contain every file that is mentioned in an existing
      Manifest2.
 
 3. Traverse the tree, depth-first.
-3.1. At the top level only, ignore the following directories: distfiles,
+
+   1. At the top level only, ignore the following directories: distfiles,
      packages, local
-3.2. If a directory contains a Manifest file, extract all relevant local
+   2. If a directory contains a Manifest file, extract all relevant local
      files from it (presently: AUX, MISC, EBUILD; but should follow the
      evolution of Manifest2 entry types per [GLEPxx+5]), and place them
      into the COVERED set.
-3.3. Recursively add every file in the directory to the ALL set,
+   3. Recursively add every file in the directory to the ALL set,
      pursusant to the exclusion list as mentioned in [GLEPxx+5].
 
 4. Produce a new set, UNCOVERED, as the set-difference (ALL)-(COVERED).
@@ -112,9 +114,10 @@ Procedure for creating the MetaManifest 
    The package manager MUST not use the identifying string as a filename.
 
 8. The MetaManifest must ultimately be GnuPG-signed.
-8.1. For the initial implementation, the same key as used for snapshot
+
+   1. For the initial implementation, the same key as used for snapshot
      tarball signing is sufficient.
-8.2. For the future, the key used for fully automated signing by infra
+   2. For the future, the key used for fully automated signing by infra
      should not be on the same keyring as developer keys. See [GLEPxx+3
      for further notes].
 
@@ -154,31 +157,33 @@ filetypes may be ignored on missing is d
 1. Check the GnuPG signature on the MetaManifest against the keyring of
    automated Gentoo keys. See [GLEPxx+3] for full details regarding
    verification of GnuPG signatures. 
-1.1. Abort if the signature check fails.
+   1. Abort if the signature check fails.
 
 2. Check the Timestamp header. If it is significently out of date
    compared to the local clock or a trusted source, halt or require
    manual intervention from the user.
 
 3. For a verification of the tree following an rsync:
-3.1. Build a set 'ALL' of every file covered by the rsync. (exclude
+
+   1. Build a set 'ALL' of every file covered by the rsync. (exclude
      distfiles/, packages/, local/)
-3.2. M2-verify every entry in the MetaManifest, descending into inferior
+   2. M2-verify every entry in the MetaManifest, descending into inferior
      Manifests as needed. Place the relative path of every checked item
      into a set 'COVERED'.
-3.3. Construct the set 'UNCOVERED' by set-difference between the ALL and
+   3. Construct the set 'UNCOVERED' by set-difference between the ALL and
      COVERED sets.
-3.4. For each file in the UNCOVERED set, assign a Manifest2 filetype.
-3.5. If the filetype for any file in the UNCOVERED set requires a halt
+   4. For each file in the UNCOVERED set, assign a Manifest2 filetype.
+   5. If the filetype for any file in the UNCOVERED set requires a halt
      on error, abort and display a suitable error.
-3.6. Completed verification
+   6. Completed verification
 
 4. If checking at the installation of a package:
-4.1. M2-verify the entry in MetaManifest for the Manifest
-4.2. M2-verify all relevant metadata/ contents if metadata/ is being
+
+   1. M2-verify the entry in MetaManifest for the Manifest
+   2. M2-verify all relevant metadata/ contents if metadata/ is being
      used in any way (optionally done before dependancy checking).
-4.3. M2-verifying the contents of the Manifest. 
-4.4. Perform M2-verification of all eclasses and profiles used (both
+   3. M2-verifying the contents of the Manifest. 
+   4. Perform M2-verification of all eclasses and profiles used (both
      directly and indirectly) by the ebuild.
 
 Notes:






^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2008-10-22 17:59 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-10-22 17:59 [gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0060.txt glep-0059.txt glep-0058.txt Robin H. Johnson (robbat2)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox