From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 206AF1382C5 for ; Thu, 25 Jan 2018 21:56:01 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3333FE095E; Thu, 25 Jan 2018 21:55:56 +0000 (UTC) Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id ADEE7E0937 for ; Thu, 25 Jan 2018 21:55:55 +0000 (UTC) Received: by mail-lf0-x229.google.com with SMTP id f136so11734263lff.8 for ; Thu, 25 Jan 2018 13:55:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=q1ZA8t4I8zqSu80LchaW36ND++Ze3qvF1yxL46Op15Y=; b=rnqzmeXeUjXprg+HfKTR+N3ATpJafhQUpghoa4uE4bFyvsB70L4W4By30KwJRP3Y5j ls4GO/dCR7luPxInR1HgkR1+clrQSfxvZ2jkEWcxtzaC2WkG+fbULnNA8UEJM28EF822 PUsBwgUsTelMHwWTL+1387vyXrQIALVfG51+lXmmD44uj9Q0vtRMK46oTRB9LGlVbuhs 5DGGSd5+PsYQA0gtqIRlWaamQVYC5jI55K49f5nBNHFxR70aG4HsQWyU6VWdYosKLtPE 9zH6X2GP4hDMV3xNLxPi9RTidqbruAwYki6njlgIQaVLghNOSCB6bIx44v9RRnVbH4Ye uqnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-transfer-encoding; bh=q1ZA8t4I8zqSu80LchaW36ND++Ze3qvF1yxL46Op15Y=; b=jrppFjdplJkkbHqQ4G698dm4PtoXCMynH/QLuaQwBMUDkbDsqZNqsSjnlOvPvC7/+d UeDzxF1aGdrETPITtgF0jKjcuwCxVKE4hmHBSCUcIdgSxF6Z2ZJc7A39azDlyRChxzbr c4xM9y2sUxF/zXgkD0toI9XTlS0UgbxluiiD9bNotY45MbbH8XK1cyeGjplzKD7KKaO9 UdsJ9Ru0pEJ4OHzFRgPCd/5IMFCk/qQjCUHHqGDly+f1Ovk1cO8hwekWzbme1zTl3feN bNNMm/3BdTgJD9FE32Fghkq89SmNmrJQCLRedIHgZaKN1y7GzNG4agUWNymHTnFodq2q 7ZEA== X-Gm-Message-State: AKwxytdgyAz860vd4MKiNsksPSrOQ1PikgjOGNwiNVm9Wg+PX5Iq/MuH GYKBi6QOAAmEDD0elissGTHGRefHo22Vd3JWKSNeew== X-Google-Smtp-Source: AH8x224Us3bl1nCMbuVodb12wtffGT8KU0T8Ja6O0VSQW9b9LtUEr3kxY0YP3O4wuIVLY12za/64KtnhorbzIk08gdg= X-Received: by 10.25.163.68 with SMTP id m65mr6153824lfe.83.1516917353296; Thu, 25 Jan 2018 13:55:53 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.46.93.70 with HTTP; Thu, 25 Jan 2018 13:55:52 -0800 (PST) In-Reply-To: <1516916746.30594.3.camel@gentoo.org> References: <1516874667.1833.4.camel@gentoo.org> <1516883717.1833.10.camel@gentoo.org> <1516916746.30594.3.camel@gentoo.org> From: R0b0t1 Date: Thu, 25 Jan 2018 15:55:52 -0600 Message-ID: Subject: Re: [gentoo-dev] [News item review] Portage rsync tree verification (v2) To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Archives-Salt: fa083cb3-fb43-4137-b90d-d48b840b7504 X-Archives-Hash: 75b824901fa759f9c01e14948beee491 On Thu, Jan 25, 2018 at 3:45 PM, Micha=C5=82 G=C3=B3rny = wrote: > W dniu czw, 25.01.2018 o godzinie 21=E2=88=B637=E2=80=89+0000, u=C5=BCytk= ownik Robin H. > Johnson napisa=C5=82: >> On Thu, Jan 25, 2018 at 01:35:17PM +0100, Micha=C5=82 G=C3=B3rny wrote: >> > Title: Portage rsync tree verification >> > Author: Micha=C5=82 G=C3=B3rny >> > Posted: 2018-01-xx >> > Revision: 1 >> > News-Item-Format: 2.0 >> > Display-If-Installed: > >> Drop Display-If-Installed, they need to always see this until they know >> it was bootstrapped. > > Well, the idea was that if someone starts with stage that has >2.3.21, > then he has bootstrapped via verifying the stage signature. > >> > Starting with sys-apps/portage-2.3.22, Portage enables cryptographic >> > verification of the Gentoo rsync repository distributed over rsync >> > by default. >> >> Seems very wordy, suggested cleanup: >> > > Starting with sys-apps/portage-2.3.22, Portage will verify the Gento= o >> > > repository after rsync by default. >> > This aims to prevent malicious third parties from altering >> > the contents of the ebuild repository received by our users. >> > >> > This does not affect users syncing using git and other methods. >> > Appropriate verification mechanisms for them will be provided >> > in the future. >> >> Note that emerge-webrsync has verification via FEATURES=3Dwebrsync-gpg? > > I'm sorry, I have never used that. Does it cover full key maintenance > or rely on user to do the gpg work? > It used to be necessary to set up a GnuPG home for portage and pull the keys in, but now users can emerge app-crypt/gentoo-keys and set PORTAGE_GPG_DIR=3D"/var/lib/gentoo/gkeys/keyrings/gentoo/release". >> >> Rewrite: >> > > The new verification is intended for users who syncing via rsync. >> > > Users who sync by emerge-webrsync should see [linkref]. >> > > Verification mechanisms for other methods of sync will be provided i= n >> > > future. >> >> >> > On Gentoo installations created using installation media that included >> > portage-2.3.22, the keys will already be covered by the installation >> > media signatures. On existing installations, you need to manually >> > compare the primary key fingerprint (reported by gemato on every sync) >> > against the official Gentoo keys [1]. An example gemato output is: >> > INFO:root:Valid OpenPGP signature found: >> > INFO:root:- primary key: 1234567890ABCDEF1234567890ABCDEF12345678 >> > INFO:root:- subkey: FEDCBA0987654321FEDCBA0987654321FEDCBA09 >> >> Either we should use real key here, or specifically note this is a fake >> key output on purpose. > > Well, I've assumed most people would be able to figure out that it would > be quite a coincidence to see such a key id. I wanted to avoid putting > the real id so that people would actually check that HTTPS site instead > of relying on the security of news item delivery. > > Will send an updated version tomorrow. > > -- > Best regards, > Micha=C5=82 G=C3=B3rny > >