Holger Levsen <hol...@layer-acht.org> wrote Fri, 18 Mar 2016 10:00:48 -0400:
| > curl-tor -O https://www.ct.nordu.net/gaol.ct.nordu.net.pem> curl-tor -O https://www.ct.nordu.net/gaol.ct.nordu.net.pem.asc> gpg --verify gaol.ct.nordu.net.pem.asc | | but this is rather incomplete or meaningless? ;-) Or I don't see the | point as that certificate aint used anywhere? That's correct. Let's call it preparation for future verification of SCT's and STH's. :D (In reality, I forgot adding info about that and now I've decided to wait until someone asks for it.) | > Do once per .buildinfo file: | > | > printf "{\"blob\": \"$(cat file | base64)\"}" | \ | > curl-tor --data @- \ | > http://mvkhztpvqcxpdbn3.onion/open/gaol/v1/add-blob | | ok, seems easy enough. | | So I just did: | | printf "{\"test-h01ger\": \"$(cat /etc/motd | base64)\"}" | curl -A "" \ | -x socks4a://127.0.0.1:9050/ --data @- \ | http://mvkhztpvqcxpdbn3.onion/open/gaol/v1/add-blob | | Did the log receive that? If so, it's trivial to send them all to your | log… Should've rejected it ("blob" is magic and required). What did curl tell you? I bet it was 4xx rather than 200. | > NOTE2: The format for submitted data might change, most likely adding a | > requirement for a "sig" field with a signature over "blob" | | ok, please just tell us. Will do. | > NOTE3: you might want to put something in "blob" that makes it easy for | > you to select your entries from the log | | I guess the filename of the .buildinfo file will do. What if I reuse the | "blob" value? Sorry for using sloppy language. You might want to put something hopefully unique in the _value_ of the name/value pair with the name "blob". _______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds