Blockchain-based security layer for the AUR
It's goal is to alleviate some of the AUR's security issues by building a hash database in a private Ethereum blockchain.
This repository contains several components:
- The primary program, aursec
- The Solidity code (Ethereum smart contract), in Ethereum
- The paper
- Our presentations
We manage and test the solidity code using Populus, but end users don't need to install that.
The main program is available in the AUR.
To install it by hand, simply call
make install in the
aursec folder and create a system user and group named
You will need the following dependencies:
firejail: required in
geth: to run the local blockchain.
pandoc: to compile the man-pages.
xxd, required in
acpi: to check charging status in
bc: required in
Aursec can be used to verify sources by hand. We also provide a wrapper for
aursync (from aurutils) which transparently calls
However, our hope is that the major AUR helpers will catch on and make themselves extensible, or integrate aursec directly.
In the mean time, you can use one like
bauerbill, which supports custom hooks, and create one that calls aursec. We hope to provide example hooks for various AUR helpers in the future.
Before using the program, run
aursec-init and ensure that
aursec-blockchain.service is running and
aursec-blockchain-mine.timer is enabled.
The basic usage is as follows:
aursec-hashprints a package ID and hash to stdout, which can be piped to
aursec-verify-hashes, which verifies packages against the blockchain using
aursec-chain, which is a bash API for the blockchain component.
aursecis a powerful convenience wrapper around these.
For more precise information, please read the man pages; their markdown sources are included in this repository. Aursec(7) contains a thorough introduction into the use and design of this project.