Hi, the attached script will generate md5 and sha256 checksums of a checkout and try to find the corresponding svn-revision. This can help to verify that your checkout from cvsupX.yy.freebsd.org is authentic. Not that there is reason to believe that we have compromised cvsup-servers. This is just something I've been toying with and wanted to let you know to see if people find the idea interesting. I'd also be interested in reviews of the concept (note that I know that https would be a good idea, I just cba to setup a certificate). The coverage currently is head and stable/{6,7} svn revision 179451:183186 (i.e. since the first svn commit up to "2008-09-19 16:51:41 +0200". I don't yet have a cronjob in place to generate new checksums, so this will become less useful quick. If people do find it interesting, however, I could certainly roll something. As you can see, the script is ready to checksum cvs and svn checkouts. If you obtain your checkout from some local git/hg/svk/... mirror you must modify the find excludes accordingly. Let me know what you think. -- /"\ Best regards, | mlaier_at_freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier_at_EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News #!/bin/sh BASEURL="http://laiers.net/cosum/data/md5" tempfoo=`basename $0` TMPFILE=`mktemp -t ${tempfoo}` || exit 1 MD5SUM=`find -s . -type f -not -path "*/.svn/*" -not -path "*/CVS/*" \ -exec cat {} + | md5` SHA256SUM=`find -s . -type f -not -path "*/.svn/*" -not -path "*/CVS/*" \ -exec cat {} + | sha256` MD5DIR=`echo ${MD5SUM} | cut -c 1-2` if ! fetch -o ${TMPFILE} ${BASEURL}/${MD5DIR}/${MD5SUM} ; then echo "No corresponding md5sum found, try again in a bit" >&2 exit 1 fi ORIG_MD5SUM=`cat ${TMPFILE} | grep ^md5 | cut -d":" -f 2` ORIG_SHA256SUM=`cat ${TMPFILE} | grep ^sha256 | cut -d":" -f 2` if [ "${MD5SUM}" != "${ORIG_MD5SUM}" ]; then echo "md5 mismatch - something went terribly wrong!" >&2 exit 1 fi if [ "${SHA256SUM}" != "${ORIG_SHA256SUM}" ]; then echo "sha256 mismatch, but same md5 - please report this!" >&2 cat ${TMPFILE} exit 1 fi echo "Your checkout seems to be:" cat ${TMPFILE}Received on Mon Sep 22 2008 - 18:33:28 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:35 UTC