If you are worried about getting a valid portage tree, you can always
use the emerge-webrsync command, and verify with the GPG signature.
I don't know if the latest portage supports it, but I use an old modified
script to perform the grunt work. I've attached it in case you're interested,
if it doesn't come through on the list, let me know and I can send directly.
- Chris
On Thu, Jan 13, 2005 at 01:47:27AM -0800, Ed Epstein wrote:
> Okay, recently I had my computer broken into remotely and I've been spending
> the last two weeks rebuilding all of the computers in the house. I'm still
> extremely paranoid, so anytime something weird happens on my desktop, I get
> freaked out.
>
> Just now I tried to emerge sync, for the first time in several days. I
> noticed
> that in the "hardware" line where it usually has a small line about the
> hardware of the server I'm sync'ing with, there was no information (just a
> comma) and this freaked me out because I usually see the hardware info, so I
> hit ctrl-c and now I'm double checking that the IP and domain name of the
> server in the rsync rotation makes sense, and a preliminary investigation
> indicates that it doesn't make sense, at least to me.
>
> The server it synced to was raptor.gentoo.org, and the stated IP address was
> 128.193.0.161. However, as far as I can tell, that IP address is in fact
> hillary.x.osuosl.org, and raptor.gentoo.org is 140.211.166.165.
>
> Now, I know that there is a rotation going on so maybe both of those machines
> are rsync mirrors and it's just the database that needs to be updated or
> something, but I'm really paranoid about my system's security right now so I
> am checking out every little thing that goes wrong or that seems weird as
> best as I can.
>
> I'm using the default RSYNC variable in make.globals,
> rsync://rsync.gentoo.org/gentoo-portage
>
> So is this discrepancy between domain name and IP address something to be
> concerned about, or am I a bit touchy right now?
>
> --Ed
#!/bin/sh
# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /home/cvsroot/gentoo-src/portage/bin/emerge-webrsync,v 1.3
2003/02/23 23:10:03 alain Exp $
# Author: Karl Trygve Kalleberg <[EMAIL PROTECTED]>
# Rewritten from the old, Perl-based emerge-webrsync script
GENTOO_MIRRORS="$(/usr/lib/portage/bin/portageq gentoo_mirrors)"
PORTDIR="$(/usr/lib/portage/bin/portageq portdir)"
KEYRING="$(grep "^PORTAGE_KEYRING=" /etc/make.conf | sed "s/^.*=//")"
syncpath="/var/tmp/emerge-webrsync"
if [ -z "$KEYRING" ] ; then
echo "Please set PORTAGE_KEYRING in /etc/make.conf to the location"
echo "of your public keyring."
exit 1
fi
if [ ! -d $syncpath ] ; then
mkdir -p $syncpath
fi
cd $syncpath
found=0
attempts=0
download=1
if [ "$1" == "-v" ] ; then
wgetops=
else
wgetops=-q
fi
if [ "$1" == "-n" ] ; then
download=0
fi
verify_sig() {
echo Verifying signature...
if gpg --keyring "$KEYRING" --verify $file.gpgsig $file ; then
echo "Good signature."
else
echo "Bad signature! Deleting suspect file."
rm -f $file $file.gpgsig
exit 1
fi
}
sync_local() {
echo Syncing local tree...
tar jxf $file
rm -f $file $file.gpgsig
# Make sure user and group file ownership is root
chown -R root:root portage
cd portage
rsync -av --progress --stats --delete --delete-after \
--exclude='distfiles/*' \
--exclude='packages/*' \
--exclude='local/*' \
. ${PORTDIR%%/}
cd ..
rm -rf portage
}
echo "Fetching most recent snapshot"
while (( $attempts < 40 )) ; do
day=`date -d "-$attempts day" +"%d"`
month=`date -d "-$attempts day" +"%m"`
year=`date -d "-$attempts day" +"%Y"`
file="portage-${year}${month}${day}.tar.bz2"
if [ -f $file ] && [ $download == 0 ] ; then
sync_local
exit 0
fi
for i in $GENTOO_MIRRORS ; do
url="${i}/snapshots/$file"
rm -f $file $file.gpgsig
if (wget $wgetops $url $url.gpgsig) && [ -s $file ] ; then
verify_sig
sync_local
echo
echo " *** Completed websync, please now perform a
normal rsync if possible."
echo " Update is current as of the of YYMMDD:
${year}${month}${day}"
echo
exit 0
fi
done
attempts=$[attempts+1]
done
rm -rf portage
exit 1
--
[email protected] mailing list
