* [gentoo-dev] Initial tests for full-tree Manifest verification (MetaManifest)
@ 2017-11-25 21:05 Michał Górny
2017-11-25 22:34 ` Jonas Stein
0 siblings, 1 reply; 2+ messages in thread
From: Michał Górny @ 2017-11-25 21:05 UTC (permalink / raw
To: gentoo-dev-announce; +Cc: gentoo-dev
Hi, everyone.
Last night Infra has started deploying the initial version of full-tree
Manifest coverage (MetaManifest) on rsync mirrors. While things are not
yet fully settled down, we think it is ready for the initial public
testing.
The Manifest format is based on GLEP 74 [1] draft. Its earlier version
has been pre-approved by Council for testing on 20171112 [2] meeting.
Please note that the format may still be subject to changes, and you
should not rely on it or a fully defined behavior of the tooling.
Along with the change, we have also made some changes to the git->rsync
pipeline and switched the local Manifest hashes to BLAKE2B + SHA512.
Users will experience a one-time resync of all package Manifests.
Afterwards, only relevant package Manifests and their parent Manifests
should be updating.
The package Manifests remain compatible with the existing format
and are still verified using the existing tooling. However, performing
a full-tree verification at the moment requires using the external
app-portage/gemato [3] tool. The work on Portage integration is planned
to start after some initial testing.
To verify the repository after updating from rsync:
$ gemato verify "$(portageq get_repo_path / gentoo)"
If you experience any problems with rsync or the verification process,
please let us know.
Git mirror users are not affected. The git repository is still verified
against the git commit signatures.
[1]:https://www.gentoo.org/glep/glep-0074.html
[2]:https://projects.gentoo.org/council/meeting-logs/20171112-summary.txt
[3]:https://github.com/mgorny/gemato
--
Best regards,
Michał Górny
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [gentoo-dev] Initial tests for full-tree Manifest verification (MetaManifest)
2017-11-25 21:05 [gentoo-dev] Initial tests for full-tree Manifest verification (MetaManifest) Michał Górny
@ 2017-11-25 22:34 ` Jonas Stein
0 siblings, 0 replies; 2+ messages in thread
From: Jonas Stein @ 2017-11-25 22:34 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1.1: Type: text/plain, Size: 494 bytes --]
On 25/11/17 22:05, Michał Górny wrote:
> Hi, everyone.
>
> Last night Infra has started deploying the initial version of full-tree
> Manifest coverage (MetaManifest) on rsync mirrors. While things are not
> yet fully settled down, we think it is ready for the initial public
> testing.
Thanks to all involved developers for pushing this forward.
I can just roughly imagine how many hours, mails, discussions on IRC and
nerves had been required for this.
Best,
--
Jonas
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 981 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-11-25 22:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-25 21:05 [gentoo-dev] Initial tests for full-tree Manifest verification (MetaManifest) Michał Górny
2017-11-25 22:34 ` Jonas Stein
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox