/[gentoo]/xml/htdocs/proj/en/glep/glep-0058.txt
Gentoo

Diff of /xml/htdocs/proj/en/glep/glep-0058.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.2 Revision 1.3
1GLEP: 58 1GLEP: 58
2Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest 2Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
3Version: $Revision: 1.2 $ 3Version: $Revision: 1.3 $
4Last-Modified: $Date: 2008/10/22 17:59:43 $ 4Last-Modified: $Date: 2008/10/22 18:01:42 $
5Author: Robin Hugh Johnson <robbat2@gentoo.org>, 5Author: Robin Hugh Johnson <robbat2@gentoo.org>,
6Status: Draft 6Status: Draft
7Type: Standards Track 7Type: Standards Track
8Content-Type: text/x-rst 8Content-Type: text/x-rst
9Requires: GLEP44, GLEP60 9Requires: GLEP44, GLEP60
80 80
812. Initialize two unordered sets: COVERED, ALL. 812. Initialize two unordered sets: COVERED, ALL.
82 82
83 1. 'ALL' will contain every file in the tree. 83 1. 'ALL' will contain every file in the tree.
84 2. 'COVERED' will contain every file that is mentioned in an existing 84 2. 'COVERED' will contain every file that is mentioned in an existing
85 Manifest2. 85 Manifest2.
86 86
873. Traverse the tree, depth-first. 873. Traverse the tree, depth-first.
88 88
89 1. At the top level only, ignore the following directories: distfiles, 89 1. At the top level only, ignore the following directories: distfiles,
90 packages, local 90 packages, local
91 2. If a directory contains a Manifest file, extract all relevant local 91 2. If a directory contains a Manifest file, extract all relevant local
92 files from it (presently: AUX, MISC, EBUILD; but should follow the 92 files from it (presently: AUX, MISC, EBUILD; but should follow the
93 evolution of Manifest2 entry types per [GLEPxx+5]), and place them 93 evolution of Manifest2 entry types per [GLEPxx+5]), and place them
94 into the COVERED set. 94 into the COVERED set.
95 3. Recursively add every file in the directory to the ALL set, 95 3. Recursively add every file in the directory to the ALL set,
96 pursusant to the exclusion list as mentioned in [GLEPxx+5]. 96 pursusant to the exclusion list as mentioned in [GLEPxx+5].
97 97
984. Produce a new set, UNCOVERED, as the set-difference (ALL)-(COVERED). 984. Produce a new set, UNCOVERED, as the set-difference (ALL)-(COVERED).
99 This is every item that is not covered by another Manifest, or part 99 This is every item that is not covered by another Manifest, or part
100 of an exclusion list. 100 of an exclusion list.
101 101
114 The package manager MUST not use the identifying string as a filename. 114 The package manager MUST not use the identifying string as a filename.
115 115
1168. The MetaManifest must ultimately be GnuPG-signed. 1168. The MetaManifest must ultimately be GnuPG-signed.
117 117
118 1. For the initial implementation, the same key as used for snapshot 118 1. For the initial implementation, the same key as used for snapshot
119 tarball signing is sufficient. 119 tarball signing is sufficient.
120 2. For the future, the key used for fully automated signing by infra 120 2. For the future, the key used for fully automated signing by infra
121 should not be on the same keyring as developer keys. See [GLEPxx+3 121 should not be on the same keyring as developer keys. See [GLEPxx+3
122 for further notes]. 122 for further notes].
123 123
124The above does not conflict the proposal contained in GLEP33, which 124The above does not conflict the proposal contained in GLEP33, which
125restructure eclasses to include subdirectories and Manifest files, as 125restructure eclasses to include subdirectories and Manifest files, as
126the Manifest rules above still provide indirect verification for all 126the Manifest rules above still provide indirect verification for all
127files after the GLEP33 restructuring if it comes to pass. 127files after the GLEP33 restructuring if it comes to pass.
164 manual intervention from the user. 164 manual intervention from the user.
165 165
1663. For a verification of the tree following an rsync: 1663. For a verification of the tree following an rsync:
167 167
168 1. Build a set 'ALL' of every file covered by the rsync. (exclude 168 1. Build a set 'ALL' of every file covered by the rsync. (exclude
169 distfiles/, packages/, local/) 169 distfiles/, packages/, local/)
170 2. M2-verify every entry in the MetaManifest, descending into inferior 170 2. M2-verify every entry in the MetaManifest, descending into inferior
171 Manifests as needed. Place the relative path of every checked item 171 Manifests as needed. Place the relative path of every checked item
172 into a set 'COVERED'. 172 into a set 'COVERED'.
173 3. Construct the set 'UNCOVERED' by set-difference between the ALL and 173 3. Construct the set 'UNCOVERED' by set-difference between the ALL and
174 COVERED sets. 174 COVERED sets.
175 4. For each file in the UNCOVERED set, assign a Manifest2 filetype. 175 4. For each file in the UNCOVERED set, assign a Manifest2 filetype.
176 5. If the filetype for any file in the UNCOVERED set requires a halt 176 5. If the filetype for any file in the UNCOVERED set requires a halt
177 on error, abort and display a suitable error. 177 on error, abort and display a suitable error.
178 6. Completed verification 178 6. Completed verification
179 179
1804. If checking at the installation of a package: 1804. If checking at the installation of a package:
181 181
182 1. M2-verify the entry in MetaManifest for the Manifest 182 1. M2-verify the entry in MetaManifest for the Manifest
183 2. M2-verify all relevant metadata/ contents if metadata/ is being 183 2. M2-verify all relevant metadata/ contents if metadata/ is being
184 used in any way (optionally done before dependancy checking). 184 used in any way (optionally done before dependancy checking).
185 3. M2-verifying the contents of the Manifest. 185 3. M2-verifying the contents of the Manifest.
186 4. Perform M2-verification of all eclasses and profiles used (both 186 4. Perform M2-verification of all eclasses and profiles used (both
187 directly and indirectly) by the ebuild. 187 directly and indirectly) by the ebuild.
188 188
189Notes: 189Notes:
190====== 190======
1911. For initial implementations, it is acceptable to check EVERY item in 1911. For initial implementations, it is acceptable to check EVERY item in
192 the eclass and profiles directory, rather than tracking the exact 192 the eclass and profiles directory, rather than tracking the exact
264 264
265====== 265======
266Thanks 266Thanks
267====== 267======
268I'd like to thank the following people for input on this GLEP. 268I'd like to thank the following people for input on this GLEP.
269
269- Patrick Lauer (patrick): Prodding me to get all of the tree-signing 270- Patrick Lauer (patrick): Prodding me to get all of the tree-signing
270 work finished, and helping to edit. 271 work finished, and helping to edit.
271- Ciaran McCreesh (ciaranm): Paludis Manifest2 272- Ciaran McCreesh (ciaranm): Paludis Manifest2
272- Brian Harring (ferringb): pkgcore Manifest2 273- Brian Harring (ferringb): pkgcore Manifest2
273- Marius Mauch (genone) & Zac Medico (zmedico): Portage Manifest2 274- Marius Mauch (genone) & Zac Medico (zmedico): Portage Manifest2

Legend:
Removed from v.1.2  
changed lines
  Added in v.1.3

  ViewVC Help
Powered by ViewVC 1.1.20