URL:
<http://gna.org/task/?func=detailitem&item_id=1926>
Summary: integrated GPG sig checks: sv_gpgcheckfiles
Project: Savane
Submitted by: yeupou
Submitted on: jeu 23.06.2005 à 19:45
Should Start On: jeu 23.06.2005 à 00:00
Should be Finished on: lun 27.06.2005 à 00:00
Category: Backend
Priority: 5 - Immediate
Status: None
Privacy: Public
Assigned to: yeupou
Open/Closed: Open
Planned Release:
_______________________________________________________
Details:
Hello,
I'm rushing on this script since I made apt-get repositories for Savane.
Imagine the nightmare if someone was at some point inserting malicious stuff
into the packages, without our knowledge.
The only way to make sure packages are legit is to have their GPG signature
checked.
But I dont think it would be necessary, neither useful, to follow a
coercitive approach which would consist into restricted the way people access
the download area and put uploaded stuff in a temporary area until it is
checked.
Here's the little plan I wrote about it this morning, it should give you a
clear overview of how it is supposed to work. I think I'll implement it
tomorrow (should not be very complicated) or Monday.
## This script should be used via a cronjob to check if files in a download
## area are properly signed.
## Properly signed mean that it has been signed with a GPG signature that is
## in the related group keyring.
## The keyring should have been added by sv_groups in
/home/savane-keyrings/.
##
## The approach followed is to provide security in a non-coercitive way.
## File upload is allowed through usual means, file are assumed cleaned
until
## proven unclean:
## - user upload files in his download area
## - later, the cronjob look at it:
## * if no files are gpg signed, a file HEADER.html will be
## added (saving such previous file under another name), not
## user modifiable, saying files there cannot be checked
using
## gpg. One should assume they are clean, but only assume.
## This HEADER.html file will be added only in top
directory,
## not in subdirectories.
## * if files exists and are gpg signed properly (even if not
## all files)
## nothing is done specifically.
## If a HEADER.html added by Savane exists, it gets removed.
## The md5 of checked files is cached and will not be
checked
## unless their md5 change
## * if files exists, are gpg signed and the signature is not
## ok, files are moved in a subdirectory called
maybe-corrupted
## and a HEADER.html is added listing failed signature
checks,
## saying that one should not assume that files are clean.
## (this one will stay until the project upload properly
signed
## files)
## A mail should be sent to project admins.
## Additionnaly, a HEADER.html file would be added in
## maybe-corrupted, saying these files are questionable.
## This would happen in any directory, no matter how deep
they
## are.
##
## Note: maybe-corrupted dir and HEADER.html files will not be
## modifiable by projects members. They will be added
whenever
## it makes sense and they will be removed when incriminated
## files no longer exists.
_______________________________________________________
Reply to this item at:
<http://gna.org/task/?func=detailitem&item_id=1926>
_______________________________________________
Message posté via/par Gna!
http://gna.org/
_______________________________________________
Savane-dev mailing list
[email protected]
https://mail.gna.org/listinfo/savane-dev
