From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5395813832E for ; Sun, 21 Aug 2016 22:19:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 98142E09B9; Sun, 21 Aug 2016 22:19:45 +0000 (UTC) Received: from mail-ua0-f174.google.com (mail-ua0-f174.google.com [209.85.217.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 17E87E09B9 for ; Sun, 21 Aug 2016 22:19:45 +0000 (UTC) Received: by mail-ua0-f174.google.com with SMTP id 74so160571522uau.0 for ; Sun, 21 Aug 2016 15:19:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=2KanigklyLZkrDA+JV/gIP/Edd8br5AWy+v42SgCC4k=; b=ACBYTHCM1CS4KhS6GzHjuhNyeMJxfG9eZy3IeJNz8VYjTCYrnLxma0/NK0IBzNkcHs N+T0ZMTkHQ+ePmPh/hLh5uuPXLJ26T6mZf6r7aofflOi3IjArkVlfLV/pQb+Rqh1wRuV rjnIfjvaataupiWoZMynyv7f5TGkcROcUmcrnq6zjlhHNF9hWjZ3v8Ogv3Xtsd7jxLVh begkFiCZttDZacCjqDexjIaP5QTDjkibtEjaMPQj8oSJ4AVjpLngGTHmOa1NCBaWdvxh CpTQHDE6w5gM6ggdOCWNkxvKymruI8hviahrGj0znWwldN3arFWy+WABTrTHPFivyH6g LsKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=2KanigklyLZkrDA+JV/gIP/Edd8br5AWy+v42SgCC4k=; b=A6qPcjZDzNkNwZWi1V/OZ3/qeTQsbjR5GkrB9Lxvu91IehbBHWhlNNRbGK22yzz419 b/WfjNaCmyH9M5aoRaL5b+K0WeY7MBRGQCv9h8bg/O+IdfTt8yom2R/Q4KqJ9NhTbkPG EGHrOEWjK7vYb69UQt2STaIzslNTTSGlhGcmFwPNufmfMJE46dwTUu3JRfGY0RyhOIja 1Dh9/yBII9h6MQolE/VOv2pEI6bepPp2aqK4jb7hnbImGiu6YrYV3w61NRKIZAJgwp/u 4m5H7F9Mfzn/ZlFszep220P+K8d4HbjJDro/5jh0q56P1koOTQcqO3UHWuRNYC6T/X++ +MLA== X-Gm-Message-State: AEkoouvSSICeuJ5zSLbA80XZMpYPFOuMVpmgsT5goPjLzkqp++cBt6QFkC2m+viE1gM3imMv7QKYt8rdrHsyvw== X-Received: by 10.31.137.8 with SMTP id l8mr9323255vkd.97.1471817984009; Sun, 21 Aug 2016 15:19:44 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-soc@lists.gentoo.org Reply-to: gentoo-soc@lists.gentoo.org MIME-Version: 1.0 Received: by 10.31.98.133 with HTTP; Sun, 21 Aug 2016 15:19:43 -0700 (PDT) From: Angel Perivolaropoulos Date: Mon, 22 Aug 2016 01:19:43 +0300 Message-ID: Subject: [gentoo-soc] Gentoo-GPG: Final Report To: gentoo-soc@lists.gentoo.org Content-Type: multipart/alternative; boundary=001a114660181c6c36053a9c5452 X-Archives-Salt: e8586f74-7689-4bca-9876-1350fb9ac207 X-Archives-Hash: 7b5312a18ff7a856a1938063a798c6b8 --001a114660181c6c36053a9c5452 Content-Type: text/plain; charset=UTF-8 Hello, This is the last week of the Gentoo-GPG Google Summer of Code project. It has been a fun ride where I learned a whole lot of things from little Python tricks to how Portage verifies GnuPG signatures. It will be an unforgettable experience that has helped me make an entrance to the open source community and shown me the success and the difficulties that can be found there. Now, for the summary of the work that I have done, I have written it below in two segments, Gentoo-Keys and MetaManifest. *Gentoo-Keys* In my proposal which can be found here , I promised to deliver on many things, most which I was able to achieve, while, in the end, one thing I decided not to prioritize for that time frame, which I replaced with deliverables outside the proposal. More specifically, due to the complexity of pyGPG and Gentoo-Keys, I was unable to make unit tests and was advised not to by my mentors because of time constraints. In return, I spent more time working the email reminder generator and fixing older Gkeys functions. All the other deliverables were accomplished. A combined PR of all my code that has not yet been merged can be found here . 1. Count Incorrect Qualified IDs and present them in the Spec Check summary. (link ) (done in the bonding period) 2. Added a requirements file that includes required packages for Gkeys to run. (link ) (done in the 1st week) 3. Fixed the move-seed function that was broken due to more recent patches. (link ) (done in the 1st week) 4. Created the update key function that downloads and installs the seeds of a selected Gkeys category or all categories. (link ) (done in the 2nd and 3rd week) 5. Add automatic update seed check whenever Gkeys runs, that checks if the seeds match with the ones from the server and if not, it gives the user the option to use update-seed. (link ) (done in the 4th week and 5th week) 6. Made the default GPG config file over-ridable in Gkeys-Gen during the generation of a new key. (link ) (done in the 4th week) 7. Fixed a small bug in the verify function of Gkeys. (link ) (done in the 4th week) 8. Created the send-key function (dubbed upload key in the proposal) that send the selected key/s in the selected server of the config file. In order to get that to work though, I had to make a small patch in pyGPG as well. (link , link ) (done in the 5th week) 9. Created an email reminder generation script that works along with spec-check and using the Spec Check tuple, checks if a key has expired or is expiring in a selected time frame from the config file and if it is, it sends an email to the key's owner that includes all the information needed along with resources on how to update the key. It priorities emails with a preferred address found in the config file and has the option to login in either email account found again in the config file. (link ) (done in the 10th and 11th week) *Meta Manifest System* In my proposal, I also promised to implement the new Meta Manifest system according to GLEP:58 which is a system that provides a more efficient way to verify the integrity of Gentoo distribution. It works is by creating many different Manifest files for all important directories of a tree (ex. categories, profiles etc.) and then adding the hash sums of those Manifest files to create a master Meta Manifest file in the root directory, which is afterwards GPG signed by an official Gentoo key. That way, the user only needs to verify the master meta manifest file to check the integrity of the tree, which is much more efficient than checking each manifest file separately. Here is the link to the PR. The project was divided in two parts: 1. The creation and signing process of the Meta Manifest files by using the logic above. (done in the 6th to 8th week) 2. The verification and signature validation process of the Meta Manifest files. (done in the 9th to 11th week) *Plans for the future* My plan for the future is to continue supporting my code for Portage like making minor fixes and reworking some functions from the original manifest code that seem a little inefficient. I would also like to become part of the team developing Gentoo-Keys and prepare for the next release of the platform. *Conclusion* Finally, I would like to thank all those people that helped me with the project. Firstly my mentors, Pavlos 'dastergon' Ratis, Brian 'dol-sen' Dolbec and Kristian 'K_F' Fiskerstrand for their guidance and suggestions, and always being there whenever I had questions. Also, I would like to thank Doug 'dwfreed' Freed, Zac 'zmedico' Medico and Gilles 'EvaSDK' Dartiguelongue for reviewing my code and giving useful tips. - aeroniero --001a114660181c6c36053a9c5452 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hello,

This is the last week of the Gentoo-GPG Go= ogle Summer of Code project. It has been a fun ride where I learned a whole lot of=20 things from little Python tricks to how Portage verifies GnuPG=20 signatures. It will be an unforgettable experience that has helped me=20 make an entrance to the open source community and shown me the success=20 and the difficulties that can be found there. Now, for the summary of=20 the work that I have done, I have written it below in two segments,=20 Gentoo-Keys and MetaManifest.

Gentoo-Keys

In m= y proposal which can be found here, I promised to deliver on many things, most which I was able to achieve, while, in the end, one thing I decided not to prioritize for that time=20 frame, which I replaced with deliverables outside the proposal. More=20 specifically, due to the complexity of pyGPG and Gentoo-Keys, I was=20 unable to make unit tests and was advised not to by my mentors because=20 of time constraints. In return, I spent more time working the email=20 reminder generator and fixing older Gkeys functions. All the other=20 deliverables were accomplished.=C2=A0 A combined PR of all my code that has= not yet been merged can be found here.

  1. Count Incorrect Qualified IDs and pre= sent them in the Spec Check summary.=C2=A0 (link= ) (done in the bonding period)
  2. Added a requirements file that inclu= des required packages for Gkeys to run. (link) (= done in the 1st week)
  3. Fixed the move-seed function that was broken = due to more recent patches. (link) (done in the = 1st week)
  4. Created the update key function that downloads and instal= ls the seeds of a selected Gkeys category or all categories. (link) (done in the 2nd and= 3rd week)
  5. Add automatic update seed check whenever Gkeys runs, that checks if the=20 seeds match with the ones from the server and if not, it gives the user=20 the option to use update-seed. (link) (done in the 4th week and 5th week)
  6. Made t= he default GPG config file over-ridable in Gkeys-Gen during the generation = of a new key. (li= nk) (done in the 4th week)
  7. Fixed a small bug in the verify func= tion of Gkeys. (l= ink) (done in the 4th week)
  8. Created the send-key function (dubbed upload key in the proposal) that send the selected key/s in the selected server of the config file. In order to=20 get that to work though, I had to make a small patch in pyGPG as well. (link, link) (done in the 5th week)
  9. Created an email reminder generation script that works along with spec-check=20 and using the Spec Check tuple, checks if a key has expired or is=20 expiring in a selected time frame from the config file and if it is, it=20 sends an email to the key's owner that includes all the information=20 needed along with resources on how to update the key. It priorities=20 emails with a preferred address found in the config file and has the=20 option to login in either email account found again in the config file. (link) (done in = the 10th and 11th week)

Meta Manifest System

In my proposal, I also promised to implement the new Meta Manifest sys= tem according to GLEP:58 which is a system that provides a more efficient way to verify the=20 integrity of Gentoo distribution. It works is by creating many=20 different Manifest files for all important directories of a tree (ex.=20 categories, profiles etc.) and then adding the hash sums of those=20 Manifest files to create a master Meta Manifest file in the root=20 directory, which is afterwards GPG signed by an official Gentoo key.=20 That way, the user only needs to verify the master meta manifest file to check the integrity of the tree, which is much more efficient than=20 checking each manifest file separately. Here is the link to the PR. The project was divided = in two parts:

  1. The creation and signing=C2=A0 process of the Meta= Manifest files by using the logic above. (done in the 6th to 8th week)
  2. The verification and signature validation process of the Meta Manifest= files.=C2=A0 (done in the 9th to 11th week)

Plans for = the future

My plan for the future is to continue supporting my code for Portage like=20 making minor fixes and reworking some functions from the original=20 manifest code that seem a little inefficient. I would also like to=20 become part of the team developing Gentoo-Keys and prepare for the next=20 release of the platform.

Conclusion

Finally, I would like to thank all those people that helped me with the project. Firstly my mentors, Pavlos 'dastergon' Ratis, Brian 'dol-sen&#= 39; Dolbec=20 and Kristian 'K_F' Fiskerstrand= for=20 their guidance and suggestions, and always being there whenever I had=20 questions. Also, I would like to thank Doug 'dwfreed' Freed, Zac=20 'zmedico' Medico and Gilles 'EvaSDK' Dartiguelongue for rev= iewing my=20 code and giving useful tips.

- aeroniero

--001a114660181c6c36053a9c5452--