/[gentoo]/xml/htdocs/proj/en/glep/glep-0058.txt
Gentoo

Diff of /xml/htdocs/proj/en/glep/glep-0058.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.3 Revision 1.4
1GLEP: 58 1GLEP: 58
2Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest 2Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
3Version: $Revision: 1.3 $ 3Version: $Revision: 1.4 $
4Last-Modified: $Date: 2008/10/22 18:01:42 $ 4Last-Modified: $Date: 2008/10/28 07:45:27 $
5Author: Robin Hugh Johnson <robbat2@gentoo.org>, 5Author: Robin Hugh Johnson <robbat2@gentoo.org>,
6Status: Draft 6Status: Draft
7Type: Standards Track 7Type: Standards Track
8Content-Type: text/x-rst 8Content-Type: text/x-rst
9Requires: GLEP44, GLEP60 9Requires: 44, 60
10Created: October 2006 10Created: October 2006
11Updated: November 2007, June 2008, July 2008, October 2008 11Updated: November 2007, June 2008, July 2008, October 2008
12Post-History: ... 12Post-History:
13 13
14======== 14========
15Abstract 15Abstract
16======== 16========
17MetaManifest provides a means of verifiable distribution from Gentoo 17MetaManifest provides a means of verifiable distribution from Gentoo
88 88
89 1. At the top level only, ignore the following directories: distfiles, 89 1. At the top level only, ignore the following directories: distfiles,
90 packages, local 90 packages, local
91 2. If a directory contains a Manifest file, extract all relevant local 91 2. If a directory contains a Manifest file, extract all relevant local
92 files from it (presently: AUX, MISC, EBUILD; but should follow the 92 files from it (presently: AUX, MISC, EBUILD; but should follow the
93 evolution of Manifest2 entry types per [GLEPxx+5]), and place them 93 evolution of Manifest2 entry types per [#GLEP60]), and place them
94 into the COVERED set. 94 into the COVERED set.
95 3. Recursively add every file in the directory to the ALL set, 95 3. Recursively add every file in the directory to the ALL set,
96 pursusant to the exclusion list as mentioned in [GLEPxx+5]. 96 pursusant to the exclusion list as mentioned in [#GLEP60].
97 97
984. Produce a new set, UNCOVERED, as the set-difference (ALL)-(COVERED). 984. Produce a new set, UNCOVERED, as the set-difference (ALL)-(COVERED).
99 This is every item that is not covered by another Manifest, or part 99 This is every item that is not covered by another Manifest, or part
100 of an exclusion list. 100 of an exclusion list.
101 101
1168. The MetaManifest must ultimately be GnuPG-signed. 1168. The MetaManifest must ultimately be GnuPG-signed.
117 117
118 1. For the initial implementation, the same key as used for snapshot 118 1. For the initial implementation, the same key as used for snapshot
119 tarball signing is sufficient. 119 tarball signing is sufficient.
120 2. For the future, the key used for fully automated signing by infra 120 2. For the future, the key used for fully automated signing by infra
121 should not be on the same keyring as developer keys. See [GLEPxx+3 121 should not be on the same keyring as developer keys. See [#GLEPxx+3
122 for further notes]. 122 for further notes].
123 123
124The above does not conflict the proposal contained in GLEP33, which 124The above does not conflict the proposal contained in GLEP33, which
125restructure eclasses to include subdirectories and Manifest files, as 125restructure eclasses to include subdirectories and Manifest files, as
126the Manifest rules above still provide indirect verification for all 126the Manifest rules above still provide indirect verification for all
150Procedure for verifying an item in the MetaManifest: 150Procedure for verifying an item in the MetaManifest:
151---------------------------------------------------- 151----------------------------------------------------
152In the following, I've used term 'M2-verify' to note following the hash 152In the following, I've used term 'M2-verify' to note following the hash
153verification procedures as defined by the Manifest2 format - which 153verification procedures as defined by the Manifest2 format - which
154compromise checking the file length, and that the hashes match. Which 154compromise checking the file length, and that the hashes match. Which
155filetypes may be ignored on missing is discussed in [GLEPxx+5]. 155filetypes may be ignored on missing is discussed in [#GLEP60].
156 156
1571. Check the GnuPG signature on the MetaManifest against the keyring of 1571. Check the GnuPG signature on the MetaManifest against the keyring of
158 automated Gentoo keys. See [GLEPxx+3] for full details regarding 158 automated Gentoo keys. See [#GLEPxx+3] for full details regarding
159 verification of GnuPG signatures. 159 verification of GnuPG signatures.
160 1. Abort if the signature check fails. 160 1. Abort if the signature check fails.
161 161
1622. Check the Timestamp header. If it is significently out of date 1622. Check the Timestamp header. If it is significently out of date
163 compared to the local clock or a trusted source, halt or require 163 compared to the local clock or a trusted source, halt or require
209users. 209users.
210 210
211-------------------------------------------- 211--------------------------------------------
212MetaManifest and the new Manifest2 filetypes 212MetaManifest and the new Manifest2 filetypes
213-------------------------------------------- 213--------------------------------------------
214While [GLEPxx+5] describes the addition of new filetypes, these are NOT 214While [#GLEP60] describes the addition of new filetypes, these are NOT
215needed for implementation of the MetaManifest proposal. Without the new 215needed for implementation of the MetaManifest proposal. Without the new
216filetypes, all entries in the MetaManifest would be of type 'MISC'. 216filetypes, all entries in the MetaManifest would be of type 'MISC'.
217 217
218---------------------------------------------------- 218----------------------------------------------------
219Timestamps & Additional distribution of MetaManifest 219Timestamps & Additional distribution of MetaManifest

Legend:
Removed from v.1.3  
changed lines
  Added in v.1.4

  ViewVC Help
Powered by ViewVC 1.1.20