Binhost integrity questions
 

Hi all

I want to set up a secure binhost server for my customers and the Gentoo
community.What is the best way to achieve this? Or more specifically I
am looking for ways to ensure that binaries arrive untampered. I noticed
there isn't any md5sum verification for binaries in portage. Which other
ways are there to ensure the binhost's integrity?


Regards,

Aniruddha

--
gentoo-user@gentoo.org mailing list

Binhost integrity questions
 

On Mon, 26 Nov 2007 17:53:47 +0100
Aniruddha <zentooist@gmail.com> wrote:

> Hi all
>
> I want to set up a secure binhost server for my customers and the
> Gentoo community.What is the best way to achieve this? Or more
> specifically I am looking for ways to ensure that binaries arrive
> untampered. I noticed there isn't any md5sum verification for
> binaries in portage. Which other ways are there to ensure the
> binhost's integrity?
>
> Regards,
>
> Aniruddha
>

md5sum - compute and check MD5 message digest

dan@pascal ~ $ dd if=/dev/urandom of=/tmp/md5src count=512
512+0 records in
512+0 records out
262144 bytes (262 kB) copied, 0.041335 s, 6.3 MB/s
dan@pascal ~ $ md5sum /tmp/md5src
966019983a079e2bf03566d1f0eca061 /tmp/md5src

if you want to verify your own download, you could download the file
here:
http://spore.ath.cx/~dan/md5src
and check to see if you get the same checksum.
--
gentoo-user@gentoo.org mailing list

Binhost integrity questions
 

Hi all

I want to set up a secure binhost server for my customers and the Gentoo
community.What is the best way to achieve this? Or more specifically I
am looking for ways to ensure that binaries arrive untampered. I noticed
there isn't any md5sum verification for binaries in portage. Which other
ways are there to ensure the binhost's integrity?

Regards,

Aniruddha



--
gentoo-user@gentoo.org mailing list

Binhost integrity questions
 

Dan Farrell wrote:
> md5sum - compute and check MD5 message digest
> dan@pascal ~ $ dd if=/dev/urandom of=/tmp/md5src count=512
> 512+0 records in
> 512+0 records out
> 262144 bytes (262 kB) copied, 0.041335 s, 6.3 MB/s
> dan@pascal ~ $ md5sum /tmp/md5src
> 966019983a079e2bf03566d1f0eca061 /tmp/md5src
>
> if you want to verify your own download, you could download the file
> here:
> http://spore.ath.cx/~dan/md5src
> and check to see if you get the same checksum.
>

Thank you for your answer. I am afraid you go a little to fast for me.
What does "$ dd if=/dev/urandom of=/tmp/md5src count=512" exactly do?

Regards,

Aniruddha

--
gentoo-user@gentoo.org mailing list

Binhost integrity questions
 

2007/11/27, Aniruddha <zentooist@gmail.com>:
> Dan Farrell wrote:
> > md5sum - compute and check MD5 message digest
> > dan@pascal ~ $ dd if=/dev/urandom of=/tmp/md5src count=512
> > 512+0 records in
> > 512+0 records out
> > 262144 bytes (262 kB) copied, 0.041335 s, 6.3 MB/s
> > dan@pascal ~ $ md5sum /tmp/md5src
> > 966019983a079e2bf03566d1f0eca061 /tmp/md5src
> >
> > if you want to verify your own download, you could download the file
> > here:
> > http://spore.ath.cx/~dan/md5src
> > and check to see if you get the same checksum.
> >
>
> Thank you for your answer. I am afraid you go a little to fast for me.
> What does "$ dd if=/dev/urandom of=/tmp/md5src count=512" exactly do?

It generates a file out of random bits returned from /dev/urandom, I
think /dev/random is also possible. See here [1] and [2] for more
information. I thinks it was just meant as a sample file to compare
the md5 checksums.

[1] http://en.wikipedia.org/wiki/Urandom
[2] http://www.linuxmanpages.com/man1/dd.1.php
--
gentoo-user@gentoo.org mailing list

Binhost integrity questions
 

Hi,

On Tue, 27 Nov 2007 10:46:02 +0100 Aniruddha <zentooist@gmail.com>
wrote:

> Thank you for your answer. I am afraid you go a little to fast for me.
> What does "$ dd if=/dev/urandom of=/tmp/md5src count=512" exactly do?

Put 512 blocks of pseudo-random stuff in /tmp/md5src. I think Dan just
did just misinterpret your question for something much more basic.

In fact, you're specifically asking for portage's binhost
configuration, i.e. binary package generation and distribution. I don't
think that portage is currently very good at that, especially regarding
the configurability of the binary package fetching.

If I were you, I'd rather use sshfs or similar in order to give access
to the main binary repository and then use "emerge -K" instead of
"emerge -g". That way you're somewhat on the safe side. Another option
would be to setup the binhost for HTTPS and make the clients aware of
the correct cert's public representation.

-hwh
--
gentoo-user@gentoo.org mailing list

Binhost integrity questions
 

On Tue, 27 Nov 2007 10:46:02 +0100
Aniruddha <zentooist@gmail.com> wrote:

> Dan Farrell wrote:
> > md5sum - compute and check MD5 message digest
> > dan@pascal ~ $ dd if=/dev/urandom of=/tmp/md5src count=512
> > 512+0 records in
> > 512+0 records out
> > 262144 bytes (262 kB) copied, 0.041335 s, 6.3 MB/s
> > dan@pascal ~ $ md5sum /tmp/md5src
> > 966019983a079e2bf03566d1f0eca061 /tmp/md5src
> >
> > if you want to verify your own download, you could download the file
> > here:
> > http://spore.ath.cx/~dan/md5src
> > and check to see if you get the same checksum.
> >
>
> Thank you for your answer. I am afraid you go a little to fast for me.
> What does "$ dd if=/dev/urandom of=/tmp/md5src count=512" exactly do?
>
> Regards,
>
> Aniruddha
>
I assume these others cleared it up? The basic idea is that the
'md5sum' program will compute the sum, and so you can use that to
verify the authenticity of the binary downloads. The rest of email
was, as they said, an example of doing so on a small randomly-generated
file.
> What does "$ dd if=/dev/urandom of=/tmp/md5src count=512" exactly do?
It reads 512 blocks from the input file (if=/dev/urandom) and writes it
to the output file (of=/tmp/md5src).
--
gentoo-user@gentoo.org mailing list