On Jun 16, 2009, at 2:22 PM, James Carlson wrote: > Shawn Walker writes: >> On Jun 16, 2009, at 2:01 PM, James Carlson wrote: >>> Chris Quenelle writes: >>>> 1. list of headers without version info (generated by compiler, put >>>> into .o) >>>> >>>> 2. complete URL pointing at web-based tree of headers including >>>> hash code >>>> The hash code would be retrieved from the system at compile time. >>> >>> If the hash were based on contents (such as MD5), rather than >>> embedded >>> #pragmas, then you'd have a fairly good guarantee that nobody did >>> "sudo vi /usr/include/stdio.h" and then lied about it. That alone >>> might be pretty useful. >> >> >> pkg(5) stores a hash of each file delivered by a package and pkg >> verify can be used to ensure that files haven't been changed. I >> don't >> know what SVR4 does... > > I think you're missing the point that I was making. > > By having the compiler store hashes into the object, you could > independently verify that a given object was indeed produced from an > unaltered set of sources without actually needing or having access to > those sources. The fact that pkg(5) can verify the files on a given > system is irrelevant; the user who has that object file alone doesn't > necessarily have access to the system where it was built.
If the hash you're talking about can be placed into one of these sections: .SUNW_signature , .comment , .SUNW_ctf, .SUNW_dof, .debug, .plt, .rela.bss, .rela.plt, .line, .note ...then pkg(5) can automatically ignore it when determining whether to redeliver a file that hasn't otherwise changed and so that's probably fine. However, Bart or Danek might have a clearer picture of things. Cheers, -- Shawn Walker
