On Thu, Sep 09, 2010 at 02:12:05PM -0700, Shawn Walker wrote: > On 09/ 9/10 02:02 PM, [email protected] wrote: > ... > >IMO, the case for verifying compromised systems duplicates functionality > >already implemented in bart(1) and tripwire, but I'm willing to listen > >to reasonable arguments to the contrary. > > The problem with relying on bart(1) and tripwire is that pkg(5) > drives system updates using elfhash as opposed to the standard file > digest mechanism that other utilities use. > > That makes it difficult to use tools other than pkg(1) to verify the system.
Understood, but in order for this to work correctly, we'd have to save an entire snapshot of the pkg metadata after every image modifying operation. At that point, you may as well just re-generate the bart(1) or tripwire databases based upon the state of the image after the update. -j _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
