Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rsync verification updates + git verification using gemato #252

Closed
wants to merge 8 commits into from
Closed

rsync verification updates + git verification using gemato #252

wants to merge 8 commits into from

Conversation

mgorny
Copy link
Member

@mgorny mgorny commented Feb 4, 2018

@mgorny
rsync: Verify the value of sync-rsync-verify-jobs
1f736b8
@mgorny
rsync: Use gemato routines directly instead of calling the CLI tool
b2a6f24
@mgorny
rsync: Verify the Manifest signature even if tree is unchanged
d0d650c 
Always verify the Manifest signature if verification is enabled.
Skipping the deep tree verification for unchanged case is reasonable
but we need to make sure the Manifest signature stays valid to catch
the case of the signing key being revoked.
@mgorny
rsync: Pre-indent the try-finally block for gemato key scope
fdf169f
@mgorny
rsync: Load and update keys early
692804f 
Load and update keys early to avoid delaying failures post rsync. Any
failure will prevent verification from happening, and presumably most of
the users will prefer fixing it and trying to sync again. For that case,
it is better to perform the task before actual rsync to avoid
unnecessarily rsyncing twice.
@mgorny
rsync: Issue an explicit warning if Manifest timestamp is >24hr old
cf923de 
Issue an explicit warning if the Manifest timestamp for Gentoo
repository is 24 hours behind the system clock. This is meant to detect
attacks based on preventing the user from upgrading.
@mgorny
git: Support verifying commit signature post-sync
fc29fe1 
Add a new sync-git-verify-commit-signature option (defaulting to false)
that verifies the top commit signature after syncing. The verification
is currently done using built-in git routines.

The verification passes if the signature is good or untrusted.
In the latter case, a warning is printed. In any other case,
the verification causes sync to fail and an appropriate error is output.
@mgorny
git: Support running the verification against sync-openpgp-key-path
2ce674e
zmedico
zmedico approved these changes Feb 5, 2018
View reviewed changes
Copy link
Member

@zmedico zmedico left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe change not a non-negative integer to not a positive integer, but otherwise looks good.

@gentoo-bot gentoo-bot closed this in d30191b Feb 5, 2018
@mgorny mgorny deleted the gemato-v3 branch February 5, 2018 18:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmedico zmedico zmedico approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@mgorny @zmedico