From: Mark Kubacki <wmark@hurrikane.de>
To: gentoo-portage-dev@lists.gentoo.org
Subject: Re: [gentoo-portage-dev] Security and Comparison of Portage with other Package Managers
Date: Sun, 8 Mar 2015 16:02:27 +0100 [thread overview]
Message-ID: <CAHw5crL31zfxmEg4rMEnpWczDbgeXf_r3QLTJv0HC4ke-jKFrg@mail.gmail.com> (raw)
In-Reply-To: <54FB8922.90408@gentoo.org>
On 03/06/2015 09:50 AM, Mark Kubacki wrote:
>
> And by default you cannot compare the result with any authoritative source.
2015-03-08 0:26 GMT+01:00 Zac Medico <zmedico@gentoo.org>:
>
> Ideally, we can rely on security mechanisms built into git [1], possibly
> involving signed commits.
Some brownfield thinking here, without GIT and not replacing GIT:
1. Find and compile all directories two levels deep in a file
"category.idx" and sign it.
2. Sign every Manifest.
3. Distribute that as usual.
Will need N+1 checks (N × Manifest + 1 × category present/missing) and
doesn't break anything already deployed.
Contributors (individuals, teams) need to provide a public key before
submitting, and the "mirror source" (authority) just checks against
the author's signature and signs (1) and (2) with its own key
("official portage tree root key X"). That way, in the end, it's
enough to announce only one signing key for every tree.
(It's easier with binhosts, because all you need to sign is "Packages{,gz}".)
There are many interoperable implementations of OpenBSD's "signify"
[2] (sha256 + ed25519). Implementations are simple and small enough
[3] to be included into Portage to not require GPG.
--
Mark
[2] http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/signify.1?query=signify&arch=i386
[3] http://ed25519.cr.yp.to/python/ed25519.py — needs reading the key
and hashing the file to be checked
next prev parent reply other threads:[~2015-03-08 15:03 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-05 14:49 [gentoo-portage-dev] Security and Comparison of Portage with other Package Managers Patrick Schleizer
2015-03-05 15:30 ` Rick "Zero_Chaos" Farina
2015-03-05 19:14 ` Patrick Schleizer
2015-03-06 0:56 ` Rick "Zero_Chaos" Farina
2015-03-06 13:53 ` Mark Kubacki
2015-03-06 15:20 ` Rick "Zero_Chaos" Farina
2015-03-06 16:13 ` Brian Dolbec
2015-03-06 17:50 ` Mark Kubacki
2015-03-07 23:26 ` Zac Medico
2015-03-08 1:24 ` Brian Dolbec
2015-03-08 2:31 ` Zac Medico
2015-03-08 5:44 ` Brian Dolbec
2015-03-08 14:59 ` Patrick Schleizer
2015-03-08 20:10 ` Zac Medico
2015-03-08 15:02 ` Mark Kubacki [this message]
2015-03-08 21:02 ` Zac Medico
2015-03-06 15:43 ` Patrick Schleizer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHw5crL31zfxmEg4rMEnpWczDbgeXf_r3QLTJv0HC4ke-jKFrg@mail.gmail.com \
--to=wmark@hurrikane.de \
--cc=gentoo-portage-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox