Re: OT: SVN checkout checksumming
On Fri, 6 Feb 2009 20:11:57 +0100, cpghost wrote: >On Fri, Feb 06, 2009 at 07:14:14PM +0200, Giorgos Keramidas wrote: >>On Fri, 6 Feb 2009 17:58:00 +0100, cpghost wrote: Let's assume for a moment that you install a post-commit hook that generates a SHA-256 checksum of all the files in the latest repo revision on the svn server. For the sake of simplicity, let's assume that this file is a simple, plain text file that is named db/revs/NUMBER.sha256 where 'NUMBER' is the revision number you are check-summing. How are you going to *safely* transmit those SHA-256 checksums to the client on 'svn checkout'? >>> >>> Well, sorry to bring this back up, but again: how about signing >>> NUMBER.sha256 with a GnuPG private key belonging to the FreeBSD >>> Project? If there's a way to *safely* get the corresponding >>> public key, checking the signature of the NUMBER.sha256 files >>> would be trivial. >> >> If the signed data is not part of the actual repository, you have a >> signature for a numeric value, not a signature for the *contents* of the >> repository itself. > > Hmmm... yes, you're right. Only the digest would be signed in this > case, and that's not enough. But if the (digest, revision) pair is > signed, that would at least be useful (somewhat). > > So, let's say that NUMBER.sha256 starts with something like a comment: > > # r123456 > > > > ... > > and all this signed, would it be enough? Sorry, but no, it wouldn't be enough. There are other SCM systems where the sha256 hash is *part* of the history, like Mercurial, Git and Darcs. If you really want to be _certain_ that a particular revision is truly what it is supposed to be, using something that makes cryptographically secure hashes an integral part of the history is probably the only way to achieve that goal :/ > Even if the repository isn't signed, one can compute the digests > locally and check them with the *signed* list of digests. It may not > catch everything because of possible collisions, but wouldn't that be > already better than nothing? Yes, that might be "good enough", but it might have a slightly hard to define set of constraints. For example: * Do you publish checksums for all the files in each revision (a 'manifest' as some systems call the collection of files)? * Do you allow checksums to be recorded as a full manifest every time, or do you publish only the checksums for the files that changed since the last revision? * How do you handle separate branches? * Do svn:keywords play a role in the calculation of the checksum? If not, why? These are not as easy problems to solve as it may initially appear :( ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OT: SVN checkout checksumming
On Fri, Feb 06, 2009 at 07:14:14PM +0200, Giorgos Keramidas wrote: > On Fri, 6 Feb 2009 17:58:00 +0100, cpghost wrote: > >> Let's assume for a moment that you install a post-commit hook that > >> generates a SHA-256 checksum of all the files in the latest repo > >> revision on the svn server. > >> > >> For the sake of simplicity, let's assume that this file is a simple, > >> plain text file that is named db/revs/NUMBER.sha256 where 'NUMBER' is > >> the revision number you are check-summing. > >> > >> How are you going to *safely* transmit those SHA-256 checksums to the > >> client on 'svn checkout'? > > > > Well, sorry to bring this back up, but again: how about signing > > NUMBER.sha256 with a GnuPG private key belonging to the FreeBSD > > Project? If there's a way to *safely* get the corresponding > > public key, checking the signature of the NUMBER.sha256 files > > would be trivial. > > If the signed data is not part of the actual repository, you have a > signature for a numeric value, not a signature for the *contents* of the > repository itself. Hmmm... yes, you're right. Only the digest would be signed in this case, and that's not enough. But if the (digest, revision) pair is signed, that would at least be useful (somewhat). So, let's say that NUMBER.sha256 starts with something like a comment: # r123456 ... and all this signed, would it be enough? Even if the repository isn't signed, one can compute the digests locally and check them with the *signed* list of digests. It may not catch everything because of possible collisions, but wouldn't that be already better than nothing? -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OT: SVN checkout checksumming
On Fri, 6 Feb 2009 17:58:00 +0100, cpghost wrote: >> Let's assume for a moment that you install a post-commit hook that >> generates a SHA-256 checksum of all the files in the latest repo >> revision on the svn server. >> >> For the sake of simplicity, let's assume that this file is a simple, >> plain text file that is named db/revs/NUMBER.sha256 where 'NUMBER' is >> the revision number you are check-summing. >> >> How are you going to *safely* transmit those SHA-256 checksums to the >> client on 'svn checkout'? > > Well, sorry to bring this back up, but again: how about signing > NUMBER.sha256 with a GnuPG private key belonging to the FreeBSD > Project? If there's a way to *safely* get the corresponding > public key, checking the signature of the NUMBER.sha256 files > would be trivial. If the signed data is not part of the actual repository, you have a signature for a numeric value, not a signature for the *contents* of the repository itself. I think I am missing something here... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OT: SVN checkout checksumming
On Thu, Feb 05, 2009 at 01:37:26AM +0200, Giorgos Keramidas wrote: > On Wed, 04 Feb 2009 10:20:25 -0500, FreeBSD wrote: > > Hi everyone, > > > > I have asked this question on the svnforum.org and didn't got a good > > answer, so I try it here. > > > > I want to use SVN to automate the update process of a custom > > application. So, I'm planning to indicate to every PC to update > > periodically to a specific branch of the repository. The problem is > > that I need to be sure the files where not corrupted during the > > transfer. So, I'm planning to generate the hash (SHA or MD5, doesn't > > really matters) of every file downloaded by SVN on the client. For > > this to work, I need to compare the hashes with their server-side > > equivalent. I looked at the post-commit hooks and it looks pretty > > interesting but is anyone doing something similar? How are you > > creating the file containing the hash of the committed file? > > Let's assume for a moment that you install a post-commit hook that > generates a SHA-256 checksum of all the files in the latest repo > revision on the svn server. > > For the sake of simplicity, let's assume that this file is a simple, > plain text file that is named db/revs/NUMBER.sha256 where 'NUMBER' is > the revision number you are check-summing. > > How are you going to *safely* transmit those SHA-256 checksums to the > client on 'svn checkout'? Well, sorry to bring this back up, but again: how about signing NUMBER.sha256 with a GnuPG private key belonging to the FreeBSD Project? If there's a way to *safely* get the corresponding public key, checking the signature of the NUMBER.sha256 files would be trivial. This doesn't solve the problem entirely, but it would alleviate it somewhat (it's easier to get the GnuPG Public Key *once* over a secure channel when you have access to it, e.g. when traveling abroad etc... than having to rely everytime on a secure channel for the SVN updates (which may not always be available due to intrusive MITM)). -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OT: SVN checkout checksumming
> I want to use SVN to automate the update process of a custom > application. So, I'm planning to indicate to every PC to update > periodically to a specific branch of the repository. The problem > is that I need to be sure the files where not corrupted during > the transfer. So, I'm planning to generate the hash (SHA or MD5, > doesn't really matters) of every file downloaded by SVN on the > client. For this to work, I need to compare the hashes with their > server-side equivalent ... Do you need to mirror the entire branch, or only distribute the latest version? If the latter, ports/net/rsync may be what you're looking for. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OT: SVN checkout checksumming
On Wed, 04 Feb 2009 10:20:25 -0500, FreeBSD wrote: > Hi everyone, > > I have asked this question on the svnforum.org and didn't got a good > answer, so I try it here. > > I want to use SVN to automate the update process of a custom > application. So, I'm planning to indicate to every PC to update > periodically to a specific branch of the repository. The problem is > that I need to be sure the files where not corrupted during the > transfer. So, I'm planning to generate the hash (SHA or MD5, doesn't > really matters) of every file downloaded by SVN on the client. For > this to work, I need to compare the hashes with their server-side > equivalent. I looked at the post-commit hooks and it looks pretty > interesting but is anyone doing something similar? How are you > creating the file containing the hash of the committed file? Let's assume for a moment that you install a post-commit hook that generates a SHA-256 checksum of all the files in the latest repo revision on the svn server. For the sake of simplicity, let's assume that this file is a simple, plain text file that is named db/revs/NUMBER.sha256 where 'NUMBER' is the revision number you are check-summing. How are you going to *safely* transmit those SHA-256 checksums to the client on 'svn checkout'? If you have a communication channel between the SVN server and its clients that it "secure enough", why would you want to go through the extra hoops to communicate the checksums of the files and not tunnel the checkout itself through the secure channel? > I got 2 answers on the forum from people thinking that SVN takes care > of the checksumming by itself, but I would like a little more > information than that. What is the algorithm used would be a nice > start. They were probably referring to the internal checksums of the FSFS storage format of the SVN repository itself. There is a description of the internal FSFS storage format at: http://svn.collab.net/repos/svn/trunk/subversion/libsvn_fs_fs/structure This may be useful as you try to understand what is stored in an FSFS-based Subversion repository. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"